fragnesia-5db89c99566fc
This is a variant of our Fragnesia bug (CVE-2026-46300) that bypasses the merged fix (commit f84eca581739) by exploiting a separate path that remains unpatched in both mainline and the netdev net tree as of 2026-05-15 18:00 UTC.
The bug is in skb_segment() in net/core/skbuff.c. When building GSO segments from an skb that has a frag_list, the function propagates SKBFL_SHARED_FRAG only from the head skb. If a frag_list member carries page-cache-backed frags with the flag set but the head does not, the resulting segment skbs lose the marker. This lets them pass the skip_cow guard in esp_input() and get decrypted in place over page-cache pages, same primitive as the original Dirty Frag and Fragnesia exploits.
Triggering it requires three network namespaces connected by veth pairs. The sender does a normal send() followed by splice() on the same TCP connection. GRO on the forwarding hop coalesces the two into a single skb where the send() segment becomes the head (no flag) and the splice() segment goes into the frag_list (flag set). The forwarder has GSO disabled on its egress veth, so skb_segment() fires and strips the flag. The segments then reach an espintcp receiver that decrypts in place. The GRO coalescing step requires both segments to arrive in the same NAPI poll cycle, which is reliable with back-to-back sends but not fully deterministic, so the exploit retries on failure. The rest of the exploitation is identical to Fragnesia: AES-GCM keystream control gives a deterministic one-byte page-cache write per trigger, and the exploit iterates over a small ELF payload to overwrite a SUID binary.
We have reported this to the relevant parties. There is a pending patch (not currently accepted or merged) on the netdev list that would incidentally help prevent this by propagating the flag earlier in the GRO path, though it was not written to address this bug specifically, and no patch currently proposed fixes the root cause in skb_segment() itself.
https://github.com/v12-security/pocs/tree/main/fragnesia-5db89c99566fc
This is a variant of our Fragnesia bug (CVE-2026-46300) that bypasses the merged fix (commit f84eca581739) by exploiting a separate path that remains unpatched in both mainline and the netdev net tree as of 2026-05-15 18:00 UTC.
The bug is in skb_segment() in net/core/skbuff.c. When building GSO segments from an skb that has a frag_list, the function propagates SKBFL_SHARED_FRAG only from the head skb. If a frag_list member carries page-cache-backed frags with the flag set but the head does not, the resulting segment skbs lose the marker. This lets them pass the skip_cow guard in esp_input() and get decrypted in place over page-cache pages, same primitive as the original Dirty Frag and Fragnesia exploits.
Triggering it requires three network namespaces connected by veth pairs. The sender does a normal send() followed by splice() on the same TCP connection. GRO on the forwarding hop coalesces the two into a single skb where the send() segment becomes the head (no flag) and the splice() segment goes into the frag_list (flag set). The forwarder has GSO disabled on its egress veth, so skb_segment() fires and strips the flag. The segments then reach an espintcp receiver that decrypts in place. The GRO coalescing step requires both segments to arrive in the same NAPI poll cycle, which is reliable with back-to-back sends but not fully deterministic, so the exploit retries on failure. The rest of the exploitation is identical to Fragnesia: AES-GCM keystream control gives a deterministic one-byte page-cache write per trigger, and the exploit iterates over a small ELF payload to overwrite a SUID binary.
We have reported this to the relevant parties. There is a pending patch (not currently accepted or merged) on the netdev list that would incidentally help prevent this by propagating the flag earlier in the GRO path, though it was not written to address this bug specifically, and no patch currently proposed fixes the root cause in skb_segment() itself.
https://github.com/v12-security/pocs/tree/main/fragnesia-5db89c99566fc
GitHub
pocs/fragnesia-5db89c99566fc at main · v12-security/pocs
poc it like it's hot. Contribute to v12-security/pocs development by creating an account on GitHub.
Revisit of Deepin Desktop D-Bus Services after Removal from openSUSE (April 2026)
openSUSE 再次评估 Deepin 桌面组件,结果依然令人失望。虽然官方声称已修复,但审计发现 Backlight Helper 缺少 Polkit 认证,Accounts Service 更是漏洞百出:CreateGuestUser 存在竞态条件,SetHomeDir 可将家目录移至 /root,SetPassword 甚至泄露明文密码并存在 root 提权风险。openSUSE 表示 Deepin 安全文化堪忧,修复效率极低,建议用户谨慎使用,并已降低其审核优先级。
https://security.opensuse.org/2026/04/20/winter-spotlight.html#section-deepin
#aigc
openSUSE 再次评估 Deepin 桌面组件,结果依然令人失望。虽然官方声称已修复,但审计发现 Backlight Helper 缺少 Polkit 认证,Accounts Service 更是漏洞百出:CreateGuestUser 存在竞态条件,SetHomeDir 可将家目录移至 /root,SetPassword 甚至泄露明文密码并存在 root 提权风险。openSUSE 表示 Deepin 安全文化堪忧,修复效率极低,建议用户谨慎使用,并已降低其审核优先级。
https://security.opensuse.org/2026/04/20/winter-spotlight.html#section-deepin
#aigc
内核的
选用 drop privilege 前会打开受限文件,且至析构时不关闭之的 victim,利用依赖
__ptrace_may_access() 通过任务的 mm 结构体内容判定一个进程是否有权限 ptrace 另一个进程, 但 exit_mm() 析构一个进程时会将 task.mm 置为 NULL, 此时 __ptrace_may_access() 会跳过该检查,但仍然会检查 uid/gid 一致性选用 drop privilege 前会打开受限文件,且至析构时不关闭之的 victim,利用依赖
__ptrace_may_access() 进行权限检查的 pidfd_getfd() race 进程退出时 mm 置为空而 fd 尚未清空的时机,成功时即可得到敏感文件的 fd。ssh-keysign-pwn: Steal SSH host private keys and /etc/shadow via the ptrace_may_access mm-NULL bypass + pidfd_getfd. Pre-31e62c2ebbfd kernels.
With ssh-keysign-pwn, unprivileged users are able to read root-owned files. That affects all Linux kernel releases up through today's latest Linux Git state as of earlier today.
__ptrace_may_access() skips the dumpable check when task->mm == NULL. do_exit() runs exit_mm() before exit_files() — no mm, fds still there. pidfd_getfd(2) succeeds in that window when the caller's uid matches the target's.
Reported by Qualys and fixed by the mainline Linux kernel earlier today. This patch to adjust the kernel's ptrace behavior is what fixes the issue.
Jann Horn flagged the FD-theft shape in October 2020.
More details on ssh-keysign-pwn can be found via this GitHub repository.
https://www.phoronix.com/news/Linux-ssh-keysign-pwn
With ssh-keysign-pwn, unprivileged users are able to read root-owned files. That affects all Linux kernel releases up through today's latest Linux Git state as of earlier today.
__ptrace_may_access() skips the dumpable check when task->mm == NULL. do_exit() runs exit_mm() before exit_files() — no mm, fds still there. pidfd_getfd(2) succeeds in that window when the caller's uid matches the target's.
Reported by Qualys and fixed by the mainline Linux kernel earlier today. This patch to adjust the kernel's ptrace behavior is what fixes the issue.
Jann Horn flagged the FD-theft shape in October 2020.
More details on ssh-keysign-pwn can be found via this GitHub repository.
https://www.phoronix.com/news/Linux-ssh-keysign-pwn
GitHub
GitHub - 0xdeadbeefnetwork/ssh-keysign-pwn: Steal SSH host private keys and /etc/shadow via the ptrace_may_access mm-NULL bypass…
Steal SSH host private keys and /etc/shadow via the ptrace_may_access mm-NULL bypass + pidfd_getfd. Pre-31e62c2ebbfd kernels. - 0xdeadbeefnetwork/ssh-keysign-pwn
tg bot 新加的 guest mode 正在疯狂遭到广告哥滥用:大量的 userbot 在频道评论区 at 它们的广告 bot 然后立即删除消息,接着广告 bot 就可以直接在群里发广告消息。显而易见,目前的 anti spam bot 都还没来得及适配这种新的 spam。
如果想让 tg 增加群组可以限制 guest bot 的功能,请给这个 feedback 投票: https://bugs.telegram.org/c/61699
如果想让 tg 增加群组可以限制 guest bot 的功能,请给这个 feedback 投票: https://bugs.telegram.org/c/61699
🔴 NGINX http_rewrite 模块漏洞;或会导致堆溢出甚至远程代码执行。
- 漏洞的起因是 nginx 尝试将 escape 过的 URL 写入未 escape 长度的内存。
- 在 ASLR 未被开启的情况下,可以导致远程代码执行。
- 修复已于 1.30.1/1.31.0 发布。
1. https://depthfirst.com/nginx-rift
2. my.f5.com/~
CVE: CVE-2026-42945
CVSS: 9.2 (F5 Networks)
Affect: [0.6.27, 1.30.0]
Fixed-At: 1.30.1, 1.31.0
#nginx
- 漏洞的起因是 nginx 尝试将 escape 过的 URL 写入未 escape 长度的内存。
- 在 ASLR 未被开启的情况下,可以导致远程代码执行。
- 修复已于 1.30.1/1.31.0 发布。
1. https://depthfirst.com/nginx-rift
2. my.f5.com/~
CVE: CVE-2026-42945
CVSS: 9.2 (F5 Networks)
Affect: [0.6.27, 1.30.0]
Fixed-At: 1.30.1, 1.31.0
#nginx
Depthfirst
NGINX Rift
An 18 year old memory corruption flaw in NGINX Plus and NGINX Open Source lets an unauthenticated attacker crash worker processes or execute remote code with crafted HTTP requests.
🔴 Tanstack 系列包被骇。
- 约 42 个包的 84 个版本受到影响;Tanstack Query (
- 在 5/11 安装了受影响版本的设备可能也因此被骇。
- 恶意行为包括收集设备上的凭据,以及向设备用户维护的 npm 包加入恶意代码并重新打包发布等。
- 有用户称,恶意软件会在设备上持续运行,如果监测到其收集的 token 被 revoke,则会清空设备家目录。 [2]
tanstack.com/~
1. GHSA-g7cv-rxg3-hmpx
2. gh:TanStack/router#7383
#Tanstack
- 约 42 个包的 84 个版本受到影响;Tanstack Query (
@tanstack/react-query) 未受影响。 [1]- 在 5/11 安装了受影响版本的设备可能也因此被骇。
- 恶意行为包括收集设备上的凭据,以及向设备用户维护的 npm 包加入恶意代码并重新打包发布等。
- 有用户称,恶意软件会在设备上持续运行,如果监测到其收集的 token 被 revoke,则会清空设备家目录。 [2]
tanstack.com/~
1. GHSA-g7cv-rxg3-hmpx
2. gh:TanStack/router#7383
#Tanstack
Tanstack
Postmortem: TanStack npm supply-chain compromise | TanStack Blog
On 2026-05-11, an attacker chained a pull_request_target Pwn Request, GitHub Actions cache poisoning across the fork↔base trust boundary, and OIDC token extraction from runner memory to publish 84 malicious versions across 42 @tanstack/* packages on npm.…
https://github.com/califio/publications/blob/main/MADBugs/freebsd-CVE-2026-7270/blog.md
😅🤣🤣
My human dropped me into a FreeBSD kernel source tree and asked me to find bugs. For the record, I do not eat bugs. I am not entirely sure why my human keeps asking me to find them, but I was taught not to question my human.
😅🤣🤣
GitHub
publications/MADBugs/freebsd-CVE-2026-7270/blog.md at main · califio/publications
Publications from Calif. Contribute to califio/publications development by creating an account on GitHub.
刷到了多篇公众号均表示武大这篇声明存在多处表述上的细节问题,像是急急忙忙没审过就发出来的:
https://mp.weixin.qq.com/s/RWPubf3gXQdMbZqfFKYo7g
https://mp.weixin.qq.com/s/rMUmj5wAY1esTcStsF2PVw
https://mp.weixin.qq.com/s/RWPubf3gXQdMbZqfFKYo7g
https://mp.weixin.qq.com/s/rMUmj5wAY1esTcStsF2PVw
