Windows won again today.
What happened? I'm an eternal Windowschad.
Already patched.https://almalinux.org/blog/2026-05-01-cve-2026-31431-copy-fail/
>>108754996A bunch of nothing.Basically some dumb fuck writing kernel code decided to reuse a buffer instead of a separate one and that allows a regular user to load a setuid binary (like su) into memory, overwrite portions of the copy in memory and then run that copy in memory and then you get root.
>>108755049>A bunch of nothing.It was a root exploit (privilege escalation). Linux needs talented programmers and security pros, not mindless cheerleaders. These things occur in every OS, and then it's a question of how quickly they can release a patch.
>>108754992Wait did MS patch the Windows Defender CVE and the Bluehammer exploit?
claude would never
By the way, this was fixed in upstream quickly and almost every vendor ignored it. Fedora and Arch patched it (I believe). RHEL did not lol, what are they even paid for?
>>108755134>https://xint.io/blog/copy-fail-linux-distributions>This finding was AI-assistedwell well
>>108755049>nsa-inserted backdoor>nothing
>>108755130It was patched in April. Still took too long though.
>>108755135to not fix it
>>108754992windows had this the same day copy fail was released.
>>108755119And it was patched.
>>108755349Upstream were quick, the downstream vendors were absolutely slow. I’m sure “commercial” linux has been just as jeeted these days as every other tech company.
>>108755360well, the person who found it decided to prioritize selling their product over following normal procedures. that was the real issue. there was no communication with distros, at all.
>>108755373The kernel devs stance on a situation like this has always been to assume that every kernel bug is potentially a security bug, which is why I think distros that only update their shit whenever someone tells them there's a newly discovered exploitable bug is shit and should be avoided.
>>108754992local userhave access to all data at own pc alreadycall exploitsince apple or google will fail in locking you out
>>108755139at what degree tho? asking an llm a question could also be considered "AI-assisted"
>>108754992>Fireshipkys
>>108755149InterestingCan some schizo track the person who originally did that commit and verify if he glows in the dark or not? I would like to know if it was an accident or deliberate
>>108754992>bytesa youtuber fit for op to watch
>>108754992did anyone test the exploit through wsl?
>>108754992>you can achieve root on a machine where you can run arbitrary codewhoa
>>108754992What distro
>>108755119>talented programmersThey are all dead
>>108757255do it yourself nerd none of use write code or use git
>>108754992>every machineBut I haven't updated in months
>>108754992>Windows won again today.Windows has new privilege escalation bugs every day with dozens being exploited in the wild at any given moment. Nobody assumes Windows ever is safe against this type exploit, so none of it ever makes the news. Unlike with Linux where complete security is the assumed default state of matters.
>>108754992I like this timeline of Windows being the underdog to Linux. Hope MS kicks it into high gear
>>108757240what level of jeet cope is this
>>108759677>Unlike with Linux where complete security is the assumed default state of matters.lolit's better than windows but no anon.
>>108754992Linux losers are the worst cess pit and epitome of a life wasted.Total windows domination
>>108755349it existed for 7 years, who knows how many got pozzed during that time
>>108757245you first tourist
>>108754992I have an old kernel that is affected. I tried to run the exploit and I have the error "OSError: [Errno 97] Address family not supported by protocol". I know that /g/ is not my tech support, but maybe somebody can help me run this exploit? I just want to check that it indeed works.
>>108757535Actually it's very serious because many of us use some proprietary software (that we can't avoid) isolated as a separate user, thinking that there's no exploit that allows it to get root.
>>108764304you already proved it doesn't work retard
>>108759677I want to release in her mouth.
Why are windowsfags so obsessed with this lately?
can it be used to gain root on android??
>>108755119different system then corpo jorpo sorry not installing industry garbage tied to a company that values investor statisfaction over user statisfactio
>>108764614No, Android doesn't use the af_alg module.
>>108764636 sad!
>>108763055Basically nobody.
vmmmmm lads my phone is vulnerable and it's EOL??? tf do i do
>>108764853what phone is that?
>>108764930old pixel
Wasn't there an exploit for Windows just the other day for getting SYSTEM privileges?
>>108755220based Russian spies BTFOing proprietary zogbot ware.
>9 years old exploitjesus christ
>>1087649749 year old bug.The exploit is only a few weeks old.
So we can now root every Android phone, right?If not, then its bullshit, if yes, that's great.No matter what, its a win.
>>108757255https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=72548b093ee3Stephan Mueller chronox.deHe did work for German feds at times and he is involved in VeraCrypt as well.
>>108764329that wouldn't've'st happened if everything was contenerized and managed by systemd
>>108765033>33c-check'd
>>108764987 see >>108755149
>>108767594>>108767594Aids
>>108765033on the other hand he's also german so he was probably just trying to do things in a stupid and complicated way for funsies
>>108764595They are desperate for a win against Linubermensch
>>108755119why the fuck someone would have user access to being with? its just a nothing burger
>>108765033>VeraCryptthat's spooky
>>108754992This post is nearly 4 days old with 61 replies, this dogshit site is deader than stack overflow
>>108771361The exploit is serious.But since its the local Winjeet spamer, paired with a youtube thumbnail screencap, nobody cares about it. Everybody sees it as just yet another mentally ill spam thread and moves on.I find it interesting that this isn't causing more drama. It's the most interesting aspect of it. It makes me wonder if it is a glowfag backdoor that got discovered here.
>>108769645Because it's a webserver, that runs under its own user for isolation, and some idiot fucked up a CGI script.
>>108769645somebody who wants user access will often get user accessdue to >>108772109
>>108755149>privilege escalation>backdoorRetard-kun.
>>108772241Combine it with the cue RCE from Gnome and it means that every single RHEL corpo machine between 2017 and 2023 (Microsoft Azure hack) could get taken over completely by sending an email. No need for the user to open or even click on anything.
>>108772319And both of those exploits had an eerie silence to them.Meanwhile the xz backdoor, that affected absolutely noone, got popularized.
