From 239aa21811730ec78f011901bf26f48a5e4f3164 Mon Sep 17 00:00:00 2001 From: Kurt Garloff Date: Fri, 15 May 2026 17:21:31 +0200 Subject: [PATCH 1/4] Add Fragnesia and ssh-keysign-pwn. Signed-off-by: Kurt Garloff --- blog/2026-05-10-kernel-root-exploits.md | 31 ++++++++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-) diff --git a/blog/2026-05-10-kernel-root-exploits.md b/blog/2026-05-10-kernel-root-exploits.md index 19011ed327..830295c918 100644 --- a/blog/2026-05-10-kernel-root-exploits.md +++ b/blog/2026-05-10-kernel-root-exploits.md @@ -81,6 +81,26 @@ _Exploiting these vulnerabilities requires access to the system and the ability to execute code there, thus the categorization as Local Privilege Escalation (LPE), not Remote Code Execution (RCE)._ +## Update 2026-05-13: Fragnesia + +Yet another network fragment handling issue which fails to properly prevent +in-place en/decryption which can be made to hit sensitive page cache contents +that was put there with splice has been discovered with +{Fragnesia](https://www.openwall.com/lists/oss-security/2026/05/13/3). +It's a simple logic error where the sharing property is forgotten in buffer +coalescing. It has gotten CVE-2026-46300. + +## Update 2026-05-15: ssh-keysaign-pwn + +This LPE is unrelated to the others; under certain circumstances, the kernel +fails to prevent the dumping of process memory under ptraces, which can be used +to read out sensitive data. As it can be used to read e.g. ssh keys, it has been called +[ssh-keysign-pwn](https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn). It has +gotten CVE-2026-46333. + +This vulerability allows local attackers to read sensitive data (Information +Disclosure - ID) which may be useful to escalate privileges. + ## Impact Any system where normal (non-root) users can log in to execute code under their @@ -137,7 +157,7 @@ A fully effective workaround is again to prevent loading the affected modules by placing another file `dirtyfrag.conf` in `/etc/modprobe.d/`: ```shell -# Temporary workaround for Dirty Frag CVE-2026-43284, CVE-2026-43500 +# Temporary workaround for Dirty Frag CVE-2026-43284, CVE-2026-43500, CVE-2026-46300 # This breaks IPsec install esp4 /bin/false install esp6 /bin/false @@ -146,6 +166,14 @@ install rxrpc /bin/false Note that these workarounds prevent IPsec from working. +Update 2026-05-15: This mitigation helps against Fragnesia as well; while a patch +for Fragnesia was proposed, a fix has not been merged into the upstream kernel yet. + +Update 2026-05-15: The stable kernels 7.0.8, 6.18.31, 6.12.89, 6.6.139, 5.15.207, and +5.10.256 contain a fix for the ptrace vulnerability (CVE-2026-46333 aka ssh-keysign-pwn). +The latter is hard to mitigate, as there's no Security Module hook. Setting up a seccomp +that disallows ptrace would help. + If a system is suspected to already have been exploited, the system owner can dispose of the page cache by doing `echo 3 > /proc/sys/vm/drop_caches` as root and unload the affected modules to prevent re-exploitation. @@ -257,3 +285,4 @@ SCS security contact is [security@scs.community](mailto:security@scs.community), - Mention succssful patching of community infra, v0.3, 2026-05-09, 13:30 CEST. - Correct facts on the failure of the responsible disclosure. Release as v1.0, 2026-05-09, 20:00 CEST. - Update on final rxrpc fix in stable kernels. v1.1, 2026-05-12, 08:45 CEST. +- Add Fragnesia and ssh-keysign-pwn LPEs. v1.2, 2026-05-15, 17:15 CEST. From 5b9a299e3ebc91b7bfff9a695c5cefffdf891e7e Mon Sep 17 00:00:00 2001 From: Kurt Garloff Date: Fri, 15 May 2026 17:37:42 +0200 Subject: [PATCH 2/4] Add note how AI is accelerating things. Signed-off-by: Kurt Garloff --- blog/2026-05-10-kernel-root-exploits.md | 31 +++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/blog/2026-05-10-kernel-root-exploits.md b/blog/2026-05-10-kernel-root-exploits.md index 830295c918..8eee18a02c 100644 --- a/blog/2026-05-10-kernel-root-exploits.md +++ b/blog/2026-05-10-kernel-root-exploits.md @@ -265,10 +265,40 @@ in the meantime, as advised above. The SCS community infrastructure was secured on May 8 by disabling the relevant modules. +## Outlook + +The density with which severe issues are currently found is notable. While the +research in the referenced issues originated from human beings being suspicious +that certain things were not handled correctly everywhere, they were assisted +by AI tools in the search. This pattern is likely to turn up a relevant number +of such issues which are reachable now using such help until we may enjoy a +more quiet time again. Until a new class of weaknesses comes into the reach of +yet more powerful AI tools. + +The other notable thing is that the quiet closing of issues within the Linux +Kernel no longer works which has broken the responsible disclosure process +that gave defenders some headway against attackers. One reason is that +once a pattern emerges, several teams compete for speed to find related issues +and decide in favor of disclosing before someone else finds it also. Another +reason is that there are people that now use AI tools to analyze merged bugfixes +to the kernel using AI tools -- the fact that they are not flagged as security +issues no longer is a good cover. So software distributors need to expect more +of these occurences where they are struggling to patch software, validate the +fixes and ship to customers before large-scale attacks happen. Operators will +need to be fast as well. + +So yes, the times are changing in software security and open source software is +hit first being the most accessible to security researchers. On the proprietary +side, we can suspect similar research is happening, but whether the research +teams also go for fame and visibility or maybe have other prevalent incentives +is an open question. + ## Thanks The authors would like to thank Taeyang Lee at Xint (who initiated the research on copy.fail) and Hyunwoo Kim (@v4bel, who discovered Dirty Frag). +Update 2026-05-15: They would also like to acknowledge William Bowling (V12) for Fragnesia +and Jann Horn and Qualys for ssh-keysign-pwn. They would also like to thank the upstream Linux kernel maintainers and Linux distributors for their reliable work no handling the issues and getting fixes out. @@ -286,3 +316,4 @@ SCS security contact is [security@scs.community](mailto:security@scs.community), - Correct facts on the failure of the responsible disclosure. Release as v1.0, 2026-05-09, 20:00 CEST. - Update on final rxrpc fix in stable kernels. v1.1, 2026-05-12, 08:45 CEST. - Add Fragnesia and ssh-keysign-pwn LPEs. v1.2, 2026-05-15, 17:15 CEST. +- Add note on AI changing the game (outlook). v1.3, 2026-05-15, 17:30 CEST. From 4880a407ca5395f371c27cd366939ebf931ae57b Mon Sep 17 00:00:00 2001 From: Kurt Garloff Date: Fri, 15 May 2026 17:41:50 +0200 Subject: [PATCH 3/4] Mention userns mitigation and Alma Linux updates. Signed-off-by: Kurt Garloff --- blog/2026-05-10-kernel-root-exploits.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/blog/2026-05-10-kernel-root-exploits.md b/blog/2026-05-10-kernel-root-exploits.md index 8eee18a02c..07a6e76a5e 100644 --- a/blog/2026-05-10-kernel-root-exploits.md +++ b/blog/2026-05-10-kernel-root-exploits.md @@ -166,8 +166,10 @@ install rxrpc /bin/false Note that these workarounds prevent IPsec from working. -Update 2026-05-15: This mitigation helps against Fragnesia as well; while a patch +Update 2026-05-15: This mitigation helps against Fragnesia as well; AppArmor preventing +unprivileged user namespaces (ubuntu) also helps. While a patch for Fragnesia was proposed, a fix has not been merged into the upstream kernel yet. +Alma Linux has gone ahead and published a fixed kernel anyhow (for testing). Update 2026-05-15: The stable kernels 7.0.8, 6.18.31, 6.12.89, 6.6.139, 5.15.207, and 5.10.256 contain a fix for the ptrace vulnerability (CVE-2026-46333 aka ssh-keysign-pwn). From 8deba6218296fab5e53be180a5bdb840810376b8 Mon Sep 17 00:00:00 2001 From: Kurt Garloff Date: Fri, 15 May 2026 19:58:54 +0200 Subject: [PATCH 4/4] markdownlint improvements. Signed-off-by: Kurt Garloff --- blog/2026-05-10-kernel-root-exploits.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/blog/2026-05-10-kernel-root-exploits.md b/blog/2026-05-10-kernel-root-exploits.md index 07a6e76a5e..688951d6eb 100644 --- a/blog/2026-05-10-kernel-root-exploits.md +++ b/blog/2026-05-10-kernel-root-exploits.md @@ -81,15 +81,15 @@ _Exploiting these vulnerabilities requires access to the system and the ability to execute code there, thus the categorization as Local Privilege Escalation (LPE), not Remote Code Execution (RCE)._ -## Update 2026-05-13: Fragnesia +## Update 2026-05-13: Fragnesia Yet another network fragment handling issue which fails to properly prevent in-place en/decryption which can be made to hit sensitive page cache contents that was put there with splice has been discovered with -{Fragnesia](https://www.openwall.com/lists/oss-security/2026/05/13/3). +[Fragnesia](https://www.openwall.com/lists/oss-security/2026/05/13/3). It's a simple logic error where the sharing property is forgotten in buffer coalescing. It has gotten CVE-2026-46300. - + ## Update 2026-05-15: ssh-keysaign-pwn This LPE is unrelated to the others; under certain circumstances, the kernel @@ -269,7 +269,7 @@ relevant modules. ## Outlook -The density with which severe issues are currently found is notable. While the +The density with which severe issues are currently found is notable. While the research in the referenced issues originated from human beings being suspicious that certain things were not handled correctly everywhere, they were assisted by AI tools in the search. This pattern is likely to turn up a relevant number @@ -283,7 +283,7 @@ that gave defenders some headway against attackers. One reason is that once a pattern emerges, several teams compete for speed to find related issues and decide in favor of disclosing before someone else finds it also. Another reason is that there are people that now use AI tools to analyze merged bugfixes -to the kernel using AI tools -- the fact that they are not flagged as security +to the kernel using AI tools - the fact that they are not flagged as security issues no longer is a good cover. So software distributors need to expect more of these occurences where they are struggling to patch software, validate the fixes and ship to customers before large-scale attacks happen. Operators will @@ -299,7 +299,7 @@ is an open question. The authors would like to thank Taeyang Lee at Xint (who initiated the research on copy.fail) and Hyunwoo Kim (@v4bel, who discovered Dirty Frag). -Update 2026-05-15: They would also like to acknowledge William Bowling (V12) for Fragnesia +Update 2026-05-15: They would also like to acknowledge William Bowling (V12) for Fragnesia and Jann Horn and Qualys for ssh-keysign-pwn. They would also like to thank the upstream Linux kernel maintainers and Linux distributors for their reliable work no handling the issues and