upvote

points

by Faaak5 hours ago |
comments
upvoteby yallpendantools3 hours ago|
next
[-]
Double tinfoil hat mode: an attacker learned of my plan to finally update my personal computer out of 20.04 today and is DDoSing canonical so I can't do that and I remain vulnerable to the backdoors they've found.

The plot thickens...

reply
upvoteby pixel_popping1 hours ago|
parent|
[-]
you are the center of all this, I knew it.
reply
upvoteby bjackman3 hours ago|
prev|
next
[-]
If you can access AF_ALG on a server you don't need to do shenanigans like that. It's much easier to just find another bug and exploit that one instead.

The copy.fail website is very silly, it is not a special bug. If anyone gets compromised by that vuln their node architecture was broken anyway, patching copy.fail doesn't help.

reply
upvoteby loufe2 hours ago|
parent|
next
[-]
In what way is it "not a special bug"? It's a publicly known root access from RCE exploit. Those cannot be a dime a dozen. I'm sure it's especially interesting for any shared hosting services which might be affected, and could be delayed. I could find any places running containered services and exfiltrate secrets parallel services, no?

What constitutes "special" for you, out of curiosity? Something chaining with a hypervisor exploit?

reply
upvoteby bjackman22 minutes ago|
parent|
next
[-]
It's not RCE it's an LPE in an obscure corner of the kernel attack surface that no sensible application depends on. They are absolutely a dime a dozen.

Even just in AF_ALG there have been several such vulns fixed in 2026 already. Kernel wide probably hundreds. It's true that most of them will be harder to exploit than this one but that just means you need to prompt your AI a bit harder to get an exploit. (To be fair, in a lot of cases it's gonna be hard to escalate privs without crashing the machine).

Ubuntu has userns restrictions now which takes away the main sources of LPEs (random qdiscs, nftables, all that garbage) but there are still huge numbers of these vulns. This is why platforms that do native untrusted code executions have extreme sandboxing. Note Android and ChromeOS aren't affected coz they already knew this code was broken and hide it from unpriv workloads.

You can't run untrusted code on Linux without either a very very carefully designed sandboxing layer (like Android/ChromeOS) or virtualization. copy.fail is just one among tens of thousands of reasons for this, and it's a pretty uninteresting one at that.

reply
upvoteby 1 hours ago|
parent|
prev|
[-]
deleted
reply
upvoteby mustardo3 hours ago|
parent|
prev|
[-]
I thought copy.fail is a privelage escalation exploit, become root from a regular user? Am I missing something?

How would "node architecture" make people vulnerable to this?

You have to have shell access to a victim first right? Or am I missing something?

reply
upvoteby bjackman22 minutes ago|
parent|
[-]
Yeah you need native code execution, and if you have AF_ALG access there is clearly no sandboxing in place. At that point it's game over on Linux, there are too many bugs.
reply
upvoteby bouncycastle4 hours ago|
prev|
next
[-]
Seems reasonable to assume it's something to do with the recently publicized exploits. More likely, this could be an extortion attempt by criminals rather than a competitor.
reply
upvoteby kubb4 hours ago|
prev|
next
[-]
s/competitor/intelligence services/
reply
upvoteby ramon1561 hours ago|
parent|
[-]
+1, it hasnt even been 24 hours and I already see these stupid CyberSec companies trying to squeeze themselves between this.
reply
upvoteby touwer3 hours ago|
prev|
[-]
why a competitor? Criminals, secret services, country adversaries...
reply