another day another LPE exploit - Fragnesia

AnthonySmith · May 13

https://lwn.net/Articles/1072647/
https://lwn.net/ml/all/[email protected]/

This is a separate bug in the ESP/XFRM from dirtyfrag which has received its own patch. However, it is in the same surface and the mitigation is the same as for dirtyfrag.

It abuses a logic bug in the Linux XFRM ESP-in-TCP subsystem to achieve arbitrary byte writes into the kernel page cache of read-only files, without requiring any race condition.

rpqu · May 13

Not again!

rpqu · May 13

@oloke @onidel @forest @MannDude @Neoon @host_c @PulsedMedia @tentor @NDTN @FAT32 @AlteredParadox @DediRock @Murv @orangevps @Francisco @xHosts @wadhah @Fubukibox @ralf

WSS · May 13

Jesus. Things really have come to a head with AI. How many decades old is this one? 9 years or so, too?

Falzo · May 13

SOAP CVEs anyone?

https://www.tenable.com/cve/CVE-2026-6722

host_c · May 13

@rpqu said:
@oloke @onidel @forest @MannDude @Neoon @host_c @PulsedMedia @tentor @NDTN @FAT32 @AlteredParadox @DediRock @Murv @orangevps @Francisco @xHosts @wadhah @Fubukibox @ralf

https://lwn.net/Articles/1072647/
https://lwn.net/ml/all/[email protected]/

imok · May 13

What

Neoon · May 13

bro, do I really have to whitelist fkn modules, kurwa.

skorous · May 13

From my initial read, if you passed the kernel parameter blocking algif-whatever to remediate CopyFail you should be good for Fragnesia. Haven't checked that yet though.

WSS · May 13

@skorous said:
From my initial read, if you passed the kernel parameter blocking algif-whatever to remediate CopyFail you should be good for Fragnesia. Haven't checked that yet though.

It's 2026. Time to return to a monolithic kernel in ring 0. TempleOS for the masses!

somik · May 14

@WSS said:

@skorous said:
From my initial read, if you passed the kernel parameter blocking algif-whatever to remediate CopyFail you should be good for Fragnesia. Haven't checked that yet though.

It's 2026. Time to return to a monolithic kernel in ring 0. TempleOS for the masses!

It's time to ditch the kernel and go with Intel 8086 with assembly language...

treesmokah · May 14

fuck my life

Can't get a week without a reboot now, I may seriously consider something like KernelCare with livepatching.

MannDude · May 14

@treesmokah said:
fuck my life

Can't get a week without a reboot now, I may seriously consider something like KernelCare with livepatching.

Was thinking the same...

I do unattended security updates for most things but I've not yet enabled automatic reboots on everything yet. But even the unattended updates don't do shit if the updates come 72 hours or more after a working patch is released that needs to be implemented or something. Been a busy week.

skorous · May 14

@treesmokah said:
fuck my life

Can't get a week without a reboot now, I may seriously consider something like KernelCare with livepatching.

If you're not running IPSec stuff you can just blacklist those modules. Doesn't require a reboot. ( I was wrong about the algif_aead kernel thing )

treesmokah · May 16

@skorous said:

@treesmokah said:
fuck my life

Can't get a week without a reboot now, I may seriously consider something like KernelCare with livepatching.

If you're not running IPSec stuff you can just blacklist those modules. Doesn't require a reboot. ( I was wrong about the algif_aead kernel thing )

To be honest, I expect much more of such exploits in the near future. Blacklisting modules doesn't seem like a proper way to handle it.

People can shit on LLM/AI all they want, but it sadly is great for finding vulnerabilities.

another day another LPE exploit - Fragnesia

Comments