機械

ssh-keysign-pwn is the fourth local-root Linux kernel disclosure in roughly two weeks. (But who's counting?) AlmaLinux 9 and 10 are both vulnerable. AlmaLinux 8 is not exploitable with the current public PoCs, but is getting the patch as well. Patched kernel versions are available for testing now: https://t.co/O98TDOZ4JN

A new variant of the recent Dirty Frag vulnerability, named Fragnesia (CVE-2026-46300), has been discovered in the Linux XFRM ESP-in-TCP subsystem. Similar to Dirty Frag, Fragnesia exploits a vulnerability in the XFRM ESP-in-TCP subsystem to achieve a memory write primitive in the kernel. The primitive is then used to corrupt the page cache memory of the [/]usr[/]bin[/]su binary, which in turn leads to launching a shell with root privilege. Note that exploitation is not constrained to use the [/]usr[/]bin[/]su binary; it can modify any file readable by the user, including [/]etc[/]passwd. A patch is available, and while no in-the-wild exploitation has been observed at this time, we urge users and organizations to apply the patch as soon as possible by running update tools. If patching is not possible at this point, consider applying the same mitigations for Dirty Frag, such as: - Assess whether esp4, esp6, and related xfrm/IPsec functionality can be temporarily disabled safely - Restrict unnecessary local shell access - Harden containerized workloads - Increase monitoring for abnormal privilege escalation activity Microsoft Defender detects and blocks known Fragnesia proof-of-concept (PoC) exploit codes using existing detections for Dirty Frag, such as Trojan:Linux/DirtyFrag.DA!MTB or Trojan:Linux/DirtyFrag.Z!MTB. Microsoft continues to investigate the issue, and we'll share updates as more information becomes available.

This bug is a variant path that became active after one of the "Dirty Frag" patches, "f4c50a4034e6". The actual window of vuln is only about "9 days", and creation of an unpriv userns is a prerequisite. To distros and Linux users: the patch proposed in the referenced write-up still does not cover at least one variant, __pskb_copy_fclone, so applying that patch alone does not prevent LPE. I have submitted a follow-up patch addressing this additional variant: https://t.co/RznhP54CD7 I'm also accelerating further analysis and testing on my end. I'll post updates as more results come in.

💥 Introducing "Dirty Frag" A universal Linux LPE chaining two vulns in xfrm-ESP and RxRPC. A successor class to Dirty Pipe & Copy Fail. No race, no panic on failure, fully deterministic. ~9 years latent. Ubuntu / RHEL / Fedora / openSUSE / CentOS / AlmaLinux, and more. Even if you've applied the "Copy Fail" mitigation, your Linux is still vulnerable to "Dirty Frag". Apply the Dirty Frag mitigation. Details: https://t.co/9nqku4svkY

Hey everyone. We’ve seen the discussions around Copy Fail (CVE-2026-31431) and the disclosure process. We appreciate the passion from distro maintainers, defenders, and the broader Linux community. This is a serious issue, and we want to share some context on our side in good faith. 🧵

Ollama is now updated to run the fastest on Apple silicon, powered by MLX, Apple's machine learning framework. This change unlocks much faster performance to accelerate demanding work on macOS: - Personal assistants like OpenClaw - Coding agents like Claude Code, OpenCode, or Codex