Post B670TWpCLE7KthEkQS by wdormann@infosec.exchange
 (DIR) More posts by wdormann@infosec.exchange
 (DIR) Post #B670TWpCLE7KthEkQS by wdormann@infosec.exchange
       2026-05-08T03:31:00Z
       
       0 likes, 0 repeats
       
       The 3 recent Linux LPEs are sort of interesting in that each one took a different path from discovery to disclosure.Copy Fail: Publicity stunt where they claim to have done the right thing, yet didn't bother to tell a single distro vendor, and lied about updates being available.Dirty Frag: Attempted to do proper coordination, including notifying the linux-distros mailing list.  But the embargo was broken, so it was disclosed unexpectedly ahead of time.Copy Fail 2:  Discovered as an n-day by looking at kernel commit logs and Spender noticing that it was copyfail-classEach path had basically exactly the same outcome (No fixes at publication time).  😂
       
 (DIR) Post #B670TYXBz8u2CQpOdc by wdormann@infosec.exchange
       2026-05-08T12:51:40Z
       
       0 likes, 1 repeats
       
       And just to clarify about "Dirty Frag" vs. "Copy Fail 2":Dirty Frag is TWO vulnerabilities:The xfrm-ESP Page-Cache Write vulnerability has been assigned CVE-2026-43284 and patched in mainline at f4c50a4034e6.The RxRPC Page-Cache Write vulnerability has been reserved as CVE-2026-43500 for tracking; no patch exists in any tree yet.Copy Fail 2 is a "clean room" rediscovery/exploitation of f4c50a4034e6 (CVE-2026-43284)Since Copy Fail 2 was published to GitHub 1 hour earlier than Dirty Frag was published.  The Dirty Frag writeup specifies that the embargo was broken, and as a result TWO vulnerabilities were disclosed.Personally, I think that if you publish a patch for a vulnerability, and then you begin an embargo a week after it was published, that doesn't really count as an "embargo"?  🤷‍♂️Fun stuff...