Does anyone know how to mitigate this one? Is it sufficient to disable the esp4/esp6/rxrpc modules?
Mindless2112 2 days ago [-]
How much pain must there be until people realize we actually do need memory safety?
delamon 2 days ago [-]
How would've memory safety helped here?
Mindless2112 2 days ago [-]
In CHERI, for example, pointers have permissions. The pointer to the COW memory would not have the "write" permission.
I could be misunderstanding the bug, of course.
delamon 2 days ago [-]
If you "forget" to mark COW memory pointer as no-write, the net effect would be same, would it not? If I'm reading the diff correctly, the problem was that code missed to mark some pages as shared (aka no-write).
Mindless2112 2 days ago [-]
A fair point...
I thought the bug was a missing check for the COW flag, but looking at it again it seems it was missing both setting and checking the flag.
delamon 2 days ago [-]
Apparently it is both...
nonamesleft 2 days ago [-]
sysctl kernel.unprivileged_userns_clone=1 keeps on giving.
> on 2026-05-05 Steffen Klassert pushed f4c50a4034 to netdev/net.git with Cc: stable@vger.kernel.org.
Once the fix is out it's usual for researchers to race to make the first exploit out of it.
[1] https://afflicted.sh/blog/posts/copy-fail-2.html
It seems to use the same vector.
[0] https://github.com/V4bel/dirtyfrag
I could be misunderstanding the bug, of course.
I thought the bug was a missing check for the COW flag, but looking at it again it seems it was missing both setting and checking the flag.