New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
A decent explanation. Well done!
Update @all who compile the kernel themselves / very simple how-to:
Side note: one major and causal reason we got that vulnerability was the desire to support IPsec ESP's 64-bit Extended Sequence Numbers (RFC 4303). That boils down to "get a very serious vulnerability in exchange for some sakkurity BS in IPsec!". Congrats and thanks GKH asshole!
For me the most interesting question is "has this been planted?".
uuiui debian 12 - 6.1.0-44-amd64
unfixed! -> Linux Debian12 6.1.0-44-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.164-1 (2026-03-09) x86_64 GNU/Linux
Bit of Ansible for everyone https://gist.github.com/m3nu/c19269ef4fd6fa53b03eb388f77464da
I just watched the most amusing conversation play out on irc where a gentleman was explaining to the audience how he was safe from this exploit because he's been chmod 700 /usr/bin/su for the last 10 years.
The thing that bugs me, why is the mainline fixed in time and why didn't Ubuntu or Debian fix shit in time.
Just a wild guess but maybe it broke some of their patches and they had to get those in order first?
You can see how many weeks before it got published right?
Somebody there didn't gave single fuck.
That's harsh man, but someone definitely dropped the ball. Would like to know the what/why of it.
Well, i guess technically i could but then i didn't actually try
If it has been known for so long its certainly very weird, agreed.
3 letter something something agency yk
Maybe the chinese found it, so they had to patch it.
Lol I didnt have sudo rights on one of my own boxes, worked super that phyton script.
better patch ASAP!!!
wow. this one looks actually exploitable - pretty easily I'd guess. luckily the patch is simple.
Feels like rate of exploit discoveries has been increasing the past few weeks
I don't understand the hype around an LPE exploit. It's not rare at all. LPEs pop up all the time. SELinux blocks almost all of them.
Who on earth even uses IPsec? It's wireguard everywhere.
Ubuntu has now a kmod/libkmod2 update for 2204 and 2404 to fix this.
Which means that Debian probably had one in the morning already.
just do a rm -rf * and call it a day, all solved...
Update about Copyfail/more news about it.
CopyFail wasn't even disclosed to Distros impacted
Always hating distro owners concept of slow kernel updates. While i can sit with arch and get latest patches within a week of time or faster.
It looks like Debian 13 just got a kernel update:
Please show your mathing.
9 years ago, very few ran wireguard. Why do anything if you have a time machine?
IPsec is used in enterprises (read: customers that actually pay money for support). BlackBerry's never supported openvpn and IPsec was used a lot.
You (arch users) need less help to recover when bleeding edge update causes spilt blood.
"Meh. I'm safe, no local users, I only ever run as root!"
https://www.reddit.com/r/AlmaLinux/comments/1szjrkd/comment/oj32iv3/?utm_source=share&utm_medium=mweb3x&utm_name=mweb3xcss&utm_term=1&utm_content=share_button
Seems there could be a legit reason why the patching are taking time to come out.
You'd be surprised how many systems/people/companies don't have selinux enabled...
Though I do agree about the hype around LPEs, I'm more "scared" of RCEs.
Yes, those are more fun than the local ones
I wrote that comment at late night iirc pardon me, Its actually 9 years it seems.
(I am writing the comment now at 3 AM, I should go to sleep),Good night to y'all
Why bother to do when I just need to cancel it?
According to the website this exploit is also a container escape primitive, you can do setup that affects other containers on the same machine since they also use the same kernel.
"The page cache is shared across the host. A pod with the right primitives compromises the node and crosses tenant boundaries"