Skip to content

Fix/lpe typos #370

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
garloff merged 2 commits into from
May 12, 2026
+6 −3
Merged

Fix/lpe typos #370

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
dc716a1
Fix two typos.
garloff May 10, 2026
cd36565
Update information on stable kernels.
garloff May 12, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 5 additions & 2 deletions blog/2026-05-10-kernel-root-exploits.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -124,12 +124,14 @@ The fixes for Dirty Frag are still in development as of May 8. The first fixes
have been merged upstream and released in 7.0.5, 6.18.28, 6.12.87, 6.6.138,
6.1.172, 5.15.206 and 5.10.255 but there is
[more to come for rxrpc](https://lwn.net/ml/all/2026050859-ahead-anchovy-05e2@gregkh/).
Update 2026-05-11: 7.0.6 and 6.18.29 contain this last patch, older kernels don't need it.
The responsible disclosure process for Dirty Frag unfortunately failed due to the
[patches being spotted](https://www.openwall.com/lists/oss-security/2026/05/07/12),
so the upstream maintainers and the distributors this time did not have time
to carefully prepare and test fixes ahead of the publication of the issue.
So we have to expect that it will take a few days until all Linux distributor
manage to ship tested fixed kernels.
manage to ship tested fixed kernels. Alma Linux has done so already, others are
expected to follow soon.

A fully effective workaround is again to prevent loading the affected modules
by placing another file `dirtyfrag.conf` in `/etc/modprobe.d/`:
Expand Down Expand Up @@ -211,7 +213,7 @@ key or to use a tool like kubectl-node-shell with the appropriate
privileges.

```bash
for node in $(kubectl get nodes | grep -v '^NAME' | awk '{print $1;}') do;
for node in $(kubectl get nodes | grep -v '^NAME' | awk '{print $1;}'); do
kubectl node_shell "$node" -- bash -c 'echo -e "# Temporarily disable algif_aead (copy.fail)\ninstall algif_aead /bin/false" > /etc/modprobe.d/disable-aead-copyfail.conf'
kubectl node_shell "$node" -- bash -c 'echo -e "# Temporarily disable esp4, esp6, rxrpc (Dirty Frag)\ninstall esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false" > /etc/modprobe.d/disable-esp46-rxrpc-dirtyfrag.conf'
done
Expand Down Expand Up @@ -254,3 +256,4 @@ SCS security contact is [security@scs.community](mailto:security@scs.community),
- kubectl node-shell instructions, v0.2, 2026-05-09, 12:45 CEST.
- Mention succssful patching of community infra, v0.3, 2026-05-09, 13:30 CEST.
- Correct facts on the failure of the responsible disclosure. Release as v1.0, 2026-05-09, 20:00 CEST.
- Update on final rxrpc fix in stable kernels. v1.1, 2026-05-12, 08:45 CEST.
2 changes: 1 addition & 1 deletion community/tools/zuul.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ Note: This needs to be updated!
- the merge-mode which should be used to auto-merge
- the jobs to run in each pipeline (gh_check, gh_gate, gh_post, gh_tag)
- these [pipelines](https://github.com/SovereignCloudStack/zuul-config/blob/main/zuul.d/) are triggered by events
- ihere are [some default jobs](https://opendev.org/zuul/zuul-jobs/src/branch/master/playbooks)
- here are [some default jobs](https://opendev.org/zuul/zuul-jobs/src/branch/master/playbooks)
- If you have _self-defined_ jobs, you need to create a folder _.playbooks_
- this folder containers ansible playbooks which will be triggered

Expand Down
Loading