It seems not every distribution ships with the vulnerable module, built-in or loadable, either. That could be another factor, too.
On my Ubuntu 26.04 host, all patched up to yesterday, lsmod as root shows only algif_hash and algif_skcipher, not algif_aead.
Immutable distributions, in Linux parlance, run on a read-only root filesystem that is swapped for the next boot if there are any updates. Usually, you can use one or more snapshots to roll back to the (or a) previous version if an update fails.
What this attack is doing is not helped by immutability under that definition: it's entirely in memory and works only as long as the target executable is in memory. It first reads the target executable into the disk cache and asks a specific kernel module to encrypt it with a splice() system call to avoid copying the disk cache page elsewhere. Except that specific kernel module overwrites 4 bytes past the end of its buffer, so if you ask for a 32-byte buffer starting at
Now, while the attack only works as long as the targetted executable is in the disk cache, that's not much of a problem in practice, because the disk cache often survives the few microseconds needed to set up the required system calls. And once you finally execute the binary as setuid root, Linux consults the disk cache, finds it has a version already and runs it. But you now have a root shell, all without a single disk write, and can now begin to remount filesystems read-write to establish persistence.
Answering a sibling comment, write-xor-execute (W^X) memory doesn't give any protection here either, because a kernel module is performing the write. Write protection on executable pages is provided by the CPU operating in user mode.
This is where the BBC News style of article titles shines.
Take this article for example: NSA contractor Reality Winner admits leak. Its title not having capitals all over the place makes it immediately apparent that Reality Winner is someone's name without requiring any punctuation.
Precious few Slashdot articles don't have title case, but for this one it would have been great.
Full translation:
"15:46 (Eastern time): The alleged hostage situation at Ubisoft, which launched a major police operation in Montreal, turns out to have been a hoax, our sources say.
The investigation team is currently working on finding the one(s) responsible for the call. Many employees locked down in the building, for the most part hidden in conference rooms, did not know it was a false alarm."
People who had SARS in 2002-2003 still have T cells that are cross-reactive to SARS-CoV-2 to this day (17 years later). SARS-CoV-2 antibodies are cross-reactive back to SARS as well, and it is expected that they may last as long. John Campbell explains, via Nature: SARS-CoV-2-specific T cell immunity in cases of COVID-19 and SARS, and uninfected controls.
The mutation rate of SARS-CoV-2 is very low compared to that of rhinoviruses, which cause the common cold, and influenza viruses. One major mutation has been observed: at position 614, RNA that used to encode aspartate now encodes glycine. It's not on the part of the spike that binds to the ACE2 receptor. Video for that one, with references in the description.
There was an article last year that pointed to possible viral origins of neurodegenerative diseases in general: Can the Flu and Other Viruses Cause Neurodegeneration?
A neurobiologist saw a duck acting strangely in a video, as if it had Parkinson's disease. In an experiment he then ran, he infected ducks with H5N1 and found that the virus had induced degeneration in the ducks' brains: inflammation and cell death.
It's hypothesised that influenza viruses can cause the same thing in humans. A literature review revealed a secondary outbreak of Parkinson's disease happening in 1940-1950, following the 1918-1919 H1N1 influenza pandemic.
As for the current pandemic, SARS-CoV-2, the virus that causes COVID-19, can infect the central nervous system, breach the blood-brain barrier and enter the brain. It can cause symptoms like failure to breathe spontaneously, as well as the anosmia (lack of sense of taste or smell) that has been seen in the absence of blocked sinuses.
So, COVID-19 could cause similar neurodegeneration in some time.
WhatsApp, owned by Facebook, is looking at a lending feature in India
Relatedly, China had been sanitizing cash to try to control the outbreak, even though a lot of payments in China are done over WeChat.
I can imagine someone sending SMS in bulk to get people to open Web pages containing WebKit exploits. At least make it a "Would you like to authenticate to example.com?" rather than adding to all those text-rendering-based crafted message attacks.
That is puzzling. I could not find any mention of this sort of 'surgery' in Google, even when typing the words "surgery appointment" in quotes or adding "uk".
I did, however, see that a surgery is simply a doctor's office in the UK. Ah, the English language...
Thanks!
The Member of Parliament discussed in this article also happens to be a doctor. If someone wanted to write to him as a constituent, I presume getting surgery appointments would not be the best of ideas. But, if someone was a patient of his...
On the 22nd of January, The Guardian published a series of letters from its readers in its Letters section. In it, Bridget Craig had this to say:
I read more and more pleas to "email your MP about this..." I can't email my MP, the Conservative Dr Julian Lewis, as he does not have an email address for his constituents to use. I believe he is the only MP who doesn't let his constituents contact him in this way. I find this deplorable. It should be a requisite of his well-paid job.
Julian Lewis is a Member of Parliament, and also a doctor. He has a no-email policy. Instead, he requires his constituents (those he serves as a Member of Parliament) to communicate with him by [snail] mail or by phone, and his patients (those he serves as a doctor) by getting appointments with him.
He saw this criticism levelled at him by Bridget Craig and replied that no, his no-email policy was perfectly fine, and that email is often used for, essentially, spam. This article was also published in The Guardian's Letters section, on the 24th of January, and it was then submitted to Slashdot.
Your example assumes you called a certain known endpoint (a person, or an automated telephone answering system) and interacted directly with it.
BitTorrent downloads from, and uploads to, unknown endpoints that happen to have or want the file, respectively.
On the one hand, you authorise your BitTorrent client to communicate with these hosts on your behalf, and your goal is the same (to get and give the file); this may constitute a form of interaction.
On the other hand, you have no control over which hosts your BitTorrent client contacts. These people may be people you know or strangers; people in the same or another jurisdiction. The link may be difficult to establish.
Clearly all the Slashdot commenters are busy patching their bosses' JBoss servers against this vulnerability.
From TFA:
>> According to the slides, the Ceylon Project aims to create a programming language and SDK for business computing, designed with an eye to the successes and failures of the Java. It is built to run on the JVM
>>> the Ceylon Project is built to run on the JVM
Whoops!
"What I've done, of course, is total garbage." -- R. Willard, Pure Math 430a
