From: Greg Kroah-Hartman <gregkh@kernel.org>
To: Massimiliano Pellizzer <mpellizzer.dev@gmail.com>
Cc: cve@kernel.org, linux-kernel@vger.kernel.org
Subject: Re: CVE-2026-43284: xfrm: esp: avoid in-place decrypt on shared skb frags
Date: Fri, 8 May 2026 12:52:49 +0200 [thread overview]
Message-ID: <2026050827-smudge-sleet-17c0@gregkh> (raw)
In-Reply-To: <2026050832-size-scribing-666b@gregkh>
On Fri, May 08, 2026 at 12:09:58PM +0200, Greg Kroah-Hartman wrote:
> On Fri, May 08, 2026 at 10:57:05AM +0200, Massimiliano Pellizzer wrote:
> > On Fri, May 8, 2026 at 9:24 AM Greg Kroah-Hartman
> > I tested the publicly available exploit against the stable kernel 5.15.204.
> > That stable branch is affected too.
> >
> > ```
> > $ ./run.sh
> > === Stage 1 — overwrite 'systemd-timesync' line (89 bytes) with
> > 'sick::0:0:<pad>:/:/bin/bash'
> > === Stage 2 — verify
> > sick::0:0:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:/:/bin/bash
> > === Stage 3 — su - sick (empty password via PAM nullok)
> > [i] state saved to /var/tmp/.cf2.state — run './run.sh --clean' to revert
> > # whoami
> > root
> > # uname -r
> > 5.15.204
> > ```
> >
>
> Yes, patches for that are being worked on right now, give me a chance to
> get some lunch :)
Updates are now out for the other supported stable versions, and the CVE
entry is updated on cve.org.
thanks,
greg k-h
next prev parent reply other threads:[~2026-05-08 10:52 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <2026050856-CVE-2026-43284-6598@gregkh>
2026-05-08 8:57 ` CVE-2026-43284: xfrm: esp: avoid in-place decrypt on shared skb frags Massimiliano Pellizzer
2026-05-08 10:09 ` Greg Kroah-Hartman
2026-05-08 10:52 ` Greg Kroah-Hartman [this message]
2026-05-09 10:40 ` Tomasz Figa
2026-05-10 15:31 ` Massimiliano Pellizzer
2026-05-11 15:39 ` Tomasz Figa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2026050827-smudge-sleet-17c0@gregkh \
--to=gregkh@kernel.org \
--cc=cve@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mpellizzer.dev@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox