Yeah I tested CopyFail. It's real. Yikes.
https://discourse.ifin.network/t/copy-fail-732-bytes-to-root-on-every-major-linux-distributions/342
Discussion
Replies:
12
@mttaggart I'm confused by the mitigation step. "disable the algif_aead module" but does this actually prevent the vulnerability? What about systems that don't have that module loaded or compiled in?
@weyoun6 Then you're solid.
This post has the best details about mitigations I've seen:
@mttaggart The exploit does not work on my Slackware 15.0 systems with a 5.15.93 kernel.
@mttaggart typical bros wanting to get noticed - it's irresponsible to disclose like this.
@mttaggart I love the beauty and simplicity of this exploit
![Robert [KJ5ELX] :donor:](https://media.infosec.exchange/infosec.exchange/accounts/avatars/115/833/042/784/456/710/original/6c4929fda05c7451.gif "Robert [KJ5ELX] :donor:")
@mttaggart It also works on WSL.
@mttaggart Debian 13 still vulnerable with 6.12.74
@mttaggart Can't privesc me if I always run as root!
