Copy Fail: 732 Bytes to Root on Every Major Linux Distribution. - Xint

volkerwirsing@feddit.org · 20 hours ago

Copy Fail: 732 Bytes to Root on Every Major Linux Distribution. - Xint

corsicanguppy@lemmy.ca · 5 hours ago

There’s a sysctl tweak that neuters this sploit. Do it now pending the patch.

whaleross@lemmy.world · 18 hours ago

Sooo new root coming to smart home devices?

plateee@piefed.social · 9 hours ago

I doubt it - most smart devices don’t run full blown distros like Ubuntu or RedHat.

But some might?

MadMadBunny@lemmy.ca · edit-2 15 hours ago

Oh shit they found it

palordrolap@fedia.io · 14 hours ago

There’s a bit at the end of the article that might be counter to the RDP that it talks about, even if it is deliberately vague.

Ŝan • 𐑖ƨɤ@piefed.zip · 14 hours ago

… every major Linux distribution
…
Ubuntu, Amazon Linux, RHEL, SUSE

ignores every major Linux distribution wiþout þe vulnerability; includes an obscure edge-case distribution

Arch isn’t a major distribution? And who TF is using Amazon Linux? I’ve never even heard of it before. Does it have even as many deployments as Alpine?

What a shit, sensationalist, clickbait title.

grue@lemmy.world · edit-2 14 hours ago

And who TF is using Amazon Linux? I’ve never even heard of it before.

AWS nodes, maybe?

Also, shouldn’t you be spelling that “ÞF”?

4am@lemmy.zip · 14 hours ago

Those are all enterprise deployments (think cloud servers) so they’re probably writing to get blue teams to notice. Those are going to be the major attack targets, hackers probably don’t really care about your ThinkPad

Optional@lemmy.world · 14 hours ago

. . . Another win for the mighty ThinkPad then.

4am@lemmy.zip · 12 hours ago

I can’t argue with that

subOrange@lemmy.world · 18 hours ago

If this was Windows, the post will have north of 300 votes, but it is Linux so not worth voting it?

mpramann@discuss.tchncs.de · 15 hours ago

It’s being posted all over Lemmy…?

fullsquare@awful.systems · 17 hours ago

patched month ago

WhyJiffie@sh.itjust.works · 5 hours ago

where exactly? at least a couple hours ago there were no patches yet for any of debian, redhat, suse

fullsquare@awful.systems · 5 hours ago

https://github.com/torvalds/linux/commit/a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5 its in that post

WhyJiffie@sh.itjust.works · 4 hours ago

that commit is misleading. that’s the commit of the researcher to their own branch. it was only merged to mainline mid april.

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8

and even that is only for the upcoming 7.0 release. a couple of hours ago trixie was not fixed here, but since then a fixed kernel package was released: https://security-tracker.debian.org/tracker/CVE-2026-31431
also check the openwall link there, where they discuss it was not backported to LTS kernels until very recently.

on suse’s part, there are still no fixes: https://www.suse.com/security/cve/CVE-2026-31431.html

miss phant@lemmy.blahaj.zone · edit-2 14 hours ago

No patch on 6.12 LTS and by extension Debian.

subOrange@lemmy.world · 16 hours ago

Still, my point remains valid.

kescusay@lemmy.world · 16 hours ago

Windows has an overwhelming market share in PCs. Exploitable vulnerabilities that let hackers own it are going to be huge news for as long as that remains the case, because it directly impacts the lives and personal data of more people.

That said, I’m seeing lots of people talk about this particular Linux vulnerability, so I’m not even sure what your gripe is.

NaibofTabr@infosec.pub · 17 hours ago

nibbler@discuss.tchncs.de · 17 hours ago

people are still on windows?

Optional@lemmy.world · 14 hours ago

Wait til you hear about the politics.