Copy Fail 2: Electric Boogaloo

Mindless21121mo ago· 3 in thread

How much pain must there be until people realize we actually do need memory safety?

How would've memory safety helped here?

In CHERI, for example, pointers have permissions. The pointer to the COW memory would not have the "write" permission.

I could be misunderstanding the bug, of course.

Because “Page-cache write into any readable file” is a memory safety bug? All of these recent Linux LPEs are memory safety issues.

cassianoleal1mo ago· 1 in thread

How is this different from Dirty Frag [0]?

It seems to use the same vector.

From what I can gather it is the exact same vulnerability.

nonamesleft1mo ago· 1 in thread

sysctl kernel.unprivileged_userns_clone=1 keeps on giving.

Yes. Giving me a massive... Well.. Dopamine rush.

alecco1mo ago

People are blaming the wrong guy for breaking the embargo but via this blog post [1]:

> on 2026-05-05 Steffen Klassert pushed f4c50a4034 to netdev/net.git with Cc: stable@vger.kernel.org.

Once the fix is out it's usual for researchers to race to make the first exploit out of it.

cpach1mo ago

Does anyone know how to mitigate this one? Is it sufficient to disable the esp4/esp6/rxrpc modules?

Copy Fail 2: Electric Boogaloo (opens in new tab)