<![CDATA[[related]chez AlmaLinux]]>[related]
chez AlmaLinux

"Dirty Frag (CVE-2026-43284) vulnerability fix is ready for testing"
👇
https://almalinux.org/blog/2026-05-07-dirty-frag/

]]>https://board.circlewithadot.net/topic/fa016fe1-5d56-41ea-887d-1bf6c95ad5bc/related-chez-almalinuxRSS for NodeFri, 05 Jun 2026 20:39:36 GMTFri, 08 May 2026 10:02:01 GMT60<![CDATA[Reply to [related]chez AlmaLinux on Wed, 13 May 2026 17:05:55 GMT]]>et voilà il a reçu son nom de code CVE-2026-46300

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/decio/statuses/116568355993020261https://board.circlewithadot.net/post/https://infosec.exchange/users/decio/statuses/116568355993020261Wed, 13 May 2026 17:05:55 GMT<![CDATA[Reply to [related]chez AlmaLinux on Wed, 13 May 2026 16:45:33 GMT]]>@bortzmeyer Effectivement sur Ubuntu 24.04 kernel 6.8 non patché + AppArmor désactivé =

192/192 bytes ✅ whoami → root 🎉

Exploit confirmé.

AppArmor tient la barrière, ne le désactivez pas 😉

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/decio/statuses/116568275879313685https://board.circlewithadot.net/post/https://infosec.exchange/users/decio/statuses/116568275879313685Wed, 13 May 2026 16:45:33 GMT<![CDATA[Reply to [related]chez AlmaLinux on Wed, 13 May 2026 14:53:57 GMT]]>@decio https://www.bortzmeyer.org/fragnesia.html

]]>https://board.circlewithadot.net/post/https://mastodon.gougere.fr/users/bortzmeyer/statuses/116567837110398879https://board.circlewithadot.net/post/https://mastodon.gougere.fr/users/bortzmeyer/statuses/116567837110398879Wed, 13 May 2026 14:53:57 GMT<![CDATA[Reply to [related]chez AlmaLinux on Wed, 13 May 2026 14:45:44 GMT]]>@bortzmeyer sur ma kali same same !

└─$ grep ESPINTCP /boot/config-$(uname -r)

CONFIG_INET_ESPINTCP is not set

CONFIG_INET6_ESPINTCP is not set

(6.8.11-amd64 #1 SMP PREEMPT_DYNAMIC Kali 6.8.11-1kali2 (2024-05-30))

c'est explicitement désactivé dans le kernel Kali (et vraisemblablement tout le kernel Debian).

GG Debian 🤘 👍

Cela semble donc Ubuntu-centrique...

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/decio/statuses/116567804742726991https://board.circlewithadot.net/post/https://infosec.exchange/users/decio/statuses/116567804742726991Wed, 13 May 2026 14:45:44 GMT<![CDATA[Reply to [related]chez AlmaLinux on Wed, 13 May 2026 14:16:52 GMT]]>@decio Reste à savoir si le POC peut être modifié pour fonctionner sur Debian, ou bien si c'est une limite plus fondamentale de Fragnesia (qui ne serait pas si universel que ça).

]]>https://board.circlewithadot.net/post/https://mastodon.gougere.fr/users/bortzmeyer/statuses/116567691263108829https://board.circlewithadot.net/post/https://mastodon.gougere.fr/users/bortzmeyer/statuses/116567691263108829Wed, 13 May 2026 14:16:52 GMT<![CDATA[Reply to [related]chez AlmaLinux on Wed, 13 May 2026 14:15:43 GMT]]>@bortzmeyer yep !
XFRM_MSG_NEWSA ack errno=22

Donc Debian rejette la configuration XFRM spécifique

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/decio/statuses/116567686747259187https://board.circlewithadot.net/post/https://infosec.exchange/users/decio/statuses/116567686747259187Wed, 13 May 2026 14:15:43 GMT<![CDATA[Reply to [related]chez AlmaLinux on Wed, 13 May 2026 14:12:12 GMT]]>@decio C'est pas que chez moi (même message d'erreur) https://x.com/idratherwork/status/2054500111917470017

]]>https://board.circlewithadot.net/post/https://mastodon.gougere.fr/users/bortzmeyer/statuses/116567672907869096https://board.circlewithadot.net/post/https://mastodon.gougere.fr/users/bortzmeyer/statuses/116567672907869096Wed, 13 May 2026 14:12:12 GMT<![CDATA[Reply to [related]chez AlmaLinux on Wed, 13 May 2026 13:58:41 GMT]]>@decio J'ai essayé avec et sans l'autorisation de création des namespaces, pareil.

]]>https://board.circlewithadot.net/post/https://mastodon.gougere.fr/users/bortzmeyer/statuses/116567619777880852https://board.circlewithadot.net/post/https://mastodon.gougere.fr/users/bortzmeyer/statuses/116567619777880852Wed, 13 May 2026 13:58:41 GMT<![CDATA[Reply to [related]chez AlmaLinux on Wed, 13 May 2026 13:58:17 GMT]]>@decio Debian 13 (stable) à jour.

]]>https://board.circlewithadot.net/post/https://mastodon.gougere.fr/users/bortzmeyer/statuses/116567618192192121https://board.circlewithadot.net/post/https://mastodon.gougere.fr/users/bortzmeyer/statuses/116567618192192121Wed, 13 May 2026 13:58:17 GMT<![CDATA[Reply to [related]chez AlmaLinux on Wed, 13 May 2026 13:55:38 GMT]]>@bortzmeyer Intéressant, tu peux me dire sur quelle distro/version ?
Je n'ai pas encore eu le temps de le tester sur mes conteneurs & Debian/Kali, mais d'après le README pour Ubuntu: AppArmor restricts unprivileged user namespaces by default.

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/decio/statuses/116567607768164649https://board.circlewithadot.net/post/https://infosec.exchange/users/decio/statuses/116567607768164649Wed, 13 May 2026 13:55:38 GMT<![CDATA[Reply to [related]chez AlmaLinux on Wed, 13 May 2026 13:44:09 GMT]]>[related]

"Fragnesia: Linux Kernel Local Privilege Escalation via ESP-in-TCP"
👇
https://www.wiz.io/blog/fragnesia-linux-kernel-local-privilege-escalation-via-esp-in-tcp

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/decio/statuses/116567562620879463https://board.circlewithadot.net/post/https://infosec.exchange/users/decio/statuses/116567562620879463Wed, 13 May 2026 13:44:09 GMT<![CDATA[Reply to [related]chez AlmaLinux on Wed, 13 May 2026 13:42:33 GMT]]>@decio I was not successful with the POC, even with modules allowed.

]]>https://board.circlewithadot.net/post/https://mastodon.gougere.fr/users/bortzmeyer/statuses/116567556302249672https://board.circlewithadot.net/post/https://mastodon.gougere.fr/users/bortzmeyer/statuses/116567556302249672Wed, 13 May 2026 13:42:33 GMT<![CDATA[Reply to [related]chez AlmaLinux on Wed, 13 May 2026 13:16:47 GMT]]>
"All versions affected by dirtyfrag are affected."
"Any versions without this patch: https://lists.openwall.net/netdev/2026/05/13/79 , so any Linux kernel before May 13 2026."

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/decio/statuses/116567455019508738https://board.circlewithadot.net/post/https://infosec.exchange/users/decio/statuses/116567455019508738Wed, 13 May 2026 13:16:47 GMT<![CDATA[Reply to [related]chez AlmaLinux on Wed, 13 May 2026 13:12:37 GMT]]>🤪 🔥
et c'est reparti pour un tour : le petit frère de DirtyFrag (même famille ESP/XFRM, même mitigation rmmod esp4 esp6 rxrpc, même page cache qui se fait défoncer, just trust me bro).

Bonne nouvelle : si t'avais blocklisté les modules « au cas où », t'es OK.

Mauvaise nouvelle : si t'as "juste" patché DirtyFrag , il te faut le patch Fragnesia aussi.

"Fragnesia is a universal Linux local privilege escalation exploit, discovered by William Bowling with the V12 team. Fragnesia is a member of the Dirty Frag vulnerability class. "
👇
https://github.com/v12-security/pocs/tree/main/fragnesia


🐧🔥

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/decio/statuses/116567438633136119https://board.circlewithadot.net/post/https://infosec.exchange/users/decio/statuses/116567438633136119Wed, 13 May 2026 13:12:37 GMT<![CDATA[Reply to [related]chez AlmaLinux on Tue, 12 May 2026 13:15:37 GMT]]>...pourquoi pas?

à grand risque, grande responsabilité
⬇
"Linux kernel maintainers pitch emergency killswitch after CopyFail and Dirty Frag chaos"
👇
https://www.theregister.com/oses/2026/05/11/linux-kernel-maintainers-pitch-emergency-killswitch-after-copyfail-and-dirty-frag-chaos/5237801

🔍
👇
https://lore.kernel.org/all/20260507070547.2268452-1-sashal@kernel.org/

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/decio/statuses/116561788079643472https://board.circlewithadot.net/post/https://infosec.exchange/users/decio/statuses/116561788079643472Tue, 12 May 2026 13:15:37 GMT<![CDATA[Reply to [related]chez AlmaLinux on Sat, 09 May 2026 10:27:14 GMT]]>Tour d'horizon du jour :

Bien évidemment Microsoft a sauté sur l'occasion avec un article sur une vuln Linux ...because M love Linux

👇
https://www.microsoft.com/en-us/security/blog/2026/05/08/active-attack-dirty-frag-linux-vulnerability-expands-post-compromise-risk/

L'incontournable FAQ Tenable pour ceux comme moi qui aiment lire les CVE comme un mode d'emploi IKEA
👇
https://www.tenable.com/blog/dirty-frag-cve-2026-43284-cve-2026-43500-frequently-asked-questions-linux-kernel-lpe

Red Hat a mis à jour sa page RHSB-2026-003 avec mitigations et vérifs, en attendant le patch qui arrive "bientôt™"
👇
https://access.redhat.com/security/vulnerabilities/RHSB-2026-003

Et chez moi sur ma belle et adorée Debian ? Les canaux security sont patchés pour bullseye, bookworm et trixie.
Bien joué !
👇
https://security-tracker.debian.org/tracker/CVE-2026-43284

Cela dit, effectivement avec l'IA qui accélère la découverte + embargos qui tiennent plus = fenêtre d'exposition qui va pas aller en rétrécissant. Les mainteneurs vont devoir trouver de nouveaux tricks. Live-patch, micro-patch, pipelines accélérés... à suivre.

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/decio/statuses/116544139092238924https://board.circlewithadot.net/post/https://infosec.exchange/users/decio/statuses/116544139092238924Sat, 09 May 2026 10:27:14 GMT<![CDATA[Reply to [related]chez AlmaLinux on Fri, 08 May 2026 10:16:03 GMT]]>Nouveaux kernels stables : 7.0.5 / 6.18.28 / 6.12.87 / 6.6.138

Ils embarquent un fix partiel pour (CVE-2026-43284) et Copy Fail 2.

Partiel, car Greg Kroah-Hartman a confirmé qu'un second patch est encore en développement et n'a pas encore été mergé.

La mitigation par blacklist des modules reste donc recommandée en attendant.
👇
https://lwn.net/Articles/1071775/

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/decio/statuses/116538432803616915https://board.circlewithadot.net/post/https://infosec.exchange/users/decio/statuses/116538432803616915Fri, 08 May 2026 10:16:03 GMT