Hi, I'm _SiCk (afflicted.sh, 0xdeadbeefnetwork on GitHub).
The May 7 LWN piece on "Dirty Frag" raises the question of how the bug surfaced before Hyunwoo Kim's May 12 coordinated disclosure.
At least one of the public artifacts in circulation — my "Copy Fail 2: Electric Boogaloo" repo — is an n-day built from the public netdev fix commit, not a break from inside the embargo.
Timeline on my end: - Steffen Klassert's fix landed publicly on netdev/net.git as commit f4c50a4034e62ab75f1d5cdd191dd5f9c77fdff4.
Brad Spengler (@spendergrsec) publicly called the commit copyfail-class. - I read the commit, recognized the xfrm ESP-in-UDP MSG_SPLICE_PAGES no-COW path against shared pipe pages as an LPE primitive, and built a PoC.
- Published to GitHub and afflicted.sh on May 7. The repo credits Kim and Chen (discovery, upstream fix), Klassert (maintainer fix), Spengler (public call-out), and Theori/Xint (original Copy Fail, CVE-2026-31431) directly in the README.
I had no contact with anyone on the linux-distros embargo, no awareness of the May 12 disclosure date, and no access to Kim's write-up or PoC. The work is n-day weaponization from a public upstream commit, which is standard practice once a security-relevant fix lands in a public tree. Flagging this so parallel n-day work isn't characterized as a leak from inside the coordinated process.
Happy to confirm timeline details if useful. Copy_Fail2-Electric_Boogaloo Write-up: https://afflicted.sh/blog/posts/copy-fail-2.html https://github.com/0xdeadbeefnetwork/Copy_Fail2-Electric_Boogaloo https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=f4c50a4034e62ab75f1d5cdd191dd5f9c77fdff4My sincere apologies to Hyunwoo Kim It was not my intent to undermine his work.
(_SiCk) afflicted.sh
OpenPGP_0xD5BCDCDE32B7C59F.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
