Tootfinder

We've also posted about our #CopyFail, #DirtyFrag, #Fragnesia handling on the #Gentoo website:
https://www.gentoo.org/news/2026/05/19/copy-fail-fragnesia-vulnerabilities.html
…and yes, another secfix round coming.
CC @…

The #copyfail exploit is not fun...

If this continues, I'll uninstall sudo.
#copyfail #dirtyfrag

Just polled my software team: without googling or asking, have you heard of #copyfail ? if so, do you know what it is sufficiently to explain it to a colleague?
Not a single hand. We make embedded #linux devices. ( yes, ours are affected.)
Call me old fashioned, but when I was a

"It places page cache pages in a writable scatterlist, separated from the legitimate write region by nothing more than an offset boundary. The design assumes every AEAD algorithm will confine its writes to the intended destination, but nothing in the API enforces this, and nothing documents it as a requirement.
Unfortunately, one AEAD algorithm breaks this silent invariant."
"No other standard AEAD algorithm in the kernel [uses memory that doesn't belong to it as a scratch pad]. GCM, CCM, and regular authenc all confine their writes to the legitimate output area. authencesn alone writes past the boundary."
I'm actually amazed that there's only one bug here. Somehow almost everyone just managed to do the right thing, despite no mechanism enforcing it and no documentation describing it. That's just amazing. It's a testament to the skill of those developers, despite an incredibly bad design.
#copyfail

Copy.fail is faster than sudo su -, so I'm switching to that method now...
Just so easy and convenient... #copyfail

Holy. Fucking. Fuckballs.
This exploit is... insane.
> An unprivileged local user can write 4 controlled bytes into the page cache of any readable file on a Linux system, and use that to gain root
https://copy.fail/

So you read about #CopyFail, and are like… owww, shit. But then you see that it was responsibly disclosed after being fixed in main, we had releases since, they went stable in #Gentoo (over other #security fixes), so we should be good, right?
Except that it turns out that after it has been fixed in mainline, nobody bothered actually backporting the fix to all the LTS branches. And it doesn't apply cleanly (#Gentoo #Linux

Greg Kroah-Hartman: "If you look there are thousands of unfixed CVEs in the older LTS kernels right now, and if distros or users that rely on those older branches wish to see those resolved, they need to provide working backports to us to apply, as our first attempt did not work (which is why they are unfixed in those branches.)"
Really asking for a "Pray tell us", given that nobody actually bothered disclosing the problem to downstreams and that the commit message was hiding it.
Either way, apparently the great LLM-backed patch backporting process that #NVidia is so proud of doesn't really work. Upstream doesn't really care about #LTS branches, and they should be considered insecure by default.
#Gentoo #Linux #CopyFail #security