SiCk <[email protected]> writes: > Hi, I'm _SiCk
Hi, > > (afflicted.sh, 0xdeadbeefnetwork on GitHub). > > The May 7 LWN piece on "Dirty Frag" raises the question of how the bug > surfaced before Hyunwoo Kim's May 12 coordinated > disclosure. > > At least one of the public artifacts in circulation — my "Copy Fail 2: > Electric Boogaloo" repo — is an n-day built from > the public netdev fix commit, not a break from inside the embargo. > > Timeline on my end: - Steffen Klassert's fix landed publicly on > netdev/net.git as commit > f4c50a4034e62ab75f1d5cdd191dd5f9c77fdff4. > > Brad Spengler (@spendergrsec) publicly called the commit copyfail-class. - I > read the commit, recognized the xfrm > ESP-in-UDP MSG_SPLICE_PAGES no-COW path against shared pipe pages as an LPE > primitive, and built a PoC. > > - Published to GitHub and afflicted.sh on May 7. The repo credits Kim and > Chen (discovery, upstream fix), Klassert > (maintainer fix), Spengler (public call-out), and Theori/Xint (original Copy > Fail, CVE-2026-31431) directly in the > README. > > I had no contact with anyone on the linux-distros embargo, no awareness of > the May 12 disclosure date, and no access to > Kim's write-up or PoC. The work is n-day weaponization from a public upstream > commit, which is standard practice once a > security-relevant fix lands in a public tree. Flagging this so parallel n-day > work isn't characterized as a leak from > inside the coordinated process. Thank you for stating this clearly. I've seen a few people confused by this and it's important to correct the record. It's also important because it tells us a lot about how folks are quickly going from fixes -> exploits. > [...] sam
signature.asc
Description: PGP signature
