CIRCLE WITH A DOT

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

As I was saying, we're not done with page cache LPEs.

2 Posts 2 Posters 0 Views

J This user is from outside of this forum
J This user is from outside of this forum
jschauma@mstdn.social

wrote last edited by

#1

As I was saying, we're not done with page cache LPEs.
Looks like a third variant just dropped (CVE-2026-46300):
https://github.com/v12-security/pocs/tree/main/fragnesia
https://github.com/v12-security/pocs/blob/d4043edc2acbd75d093e3f5795751b678c66b259/fragnesia/fragnesia.c
https://www.openwall.com/lists/oss-security/2026/05/13/3
Initial reading is defense against #DirtyFrag mitigates this, too, so perhaps not a full round of updates needed here.
H 1 Reply Last reply
1
0
J jschauma@mstdn.social

As I was saying, we're not done with page cache LPEs.
Looks like a third variant just dropped (CVE-2026-46300):
https://github.com/v12-security/pocs/tree/main/fragnesia
https://github.com/v12-security/pocs/blob/d4043edc2acbd75d093e3f5795751b678c66b259/fragnesia/fragnesia.c
https://www.openwall.com/lists/oss-security/2026/05/13/3
Initial reading is defense against #DirtyFrag mitigates this, too, so perhaps not a full round of updates needed here.
H This user is from outside of this forum
H This user is from outside of this forum
hillu@infosec.exchange

wrote last edited by

#2

@jschauma Cool, another group of people who are going to be Very Interested in any kind of coordinated disclosure.
1 Reply Last reply

0
R relay@relay.infosec.exchange shared this topic

Log in to reply