Are all the LTS kernels, 6.18/6.12/6.6 also patched?
This was posted 7 posts above. I do not use the LTS kernel.
I wonder all these flurry of fixes is because of Anthropic’s mythos?
If I haven’t misunderstood this, the Copy Fail vulnerability was apparently discovered by an LLM.
I’m not sure what LLM’s underpin their technology.
We, as in SW devs, are slowly getting replaced by these AI agents. We are doomed.
This video is highly exaggerated from my point of view. Not “all Linux PCs or all linux servers on plant earth” are at risk by the exploit. A manipulated website is not enough to exploit this vulnerability. There is not remote exploit.
The exploit needs a local user account. And the exploit needs to be executed by this user. Which means the user has to be logged in. Either via the terminal or via ssh. This account + login requirement will make the majority of linux PCs / servers invulnerable to the exploit.
Yeah, but you know, never let facts get in the way of a good headline…
Next you’ll tell me Samtime is exaggerated too, and then I’ll have nowhere to get my news from 
Suggesting that every Linux system is at “risk” though is not unreasonable. You’re correct that the attacker would need to have user level access to the system already, but that’s not unimaginable.
Back-doors in applications are real, even when not intended. We’ve seen it in the open-source world, and who knows what’s floating around in closed source. What this vulnerability allowed from that stepping point, was trivial privilege escalation to full system control, potentially to a remote attacker exploiting other vulnerabilities.
A remote attack is rarely exploiting a single flaw.
If this “copy fail” vulnerabiltiy needs a backdoor in another application to become a real thread, my complaint about the wording in these videos is even more justified from my point of view.
I mean, it’s The Code Report. I’m not sure how familiar you are with the channel, but it’s heavy handed on the humour and exaggeration, hence my nod to Samtime, which is of a similar vain. One should not take that all very literally, failing to sift the fact from the fun.
On most episodes, he’s demonstrating various coding tools so he can finally finish his failed side project, “Horse Tinder”. It’s ridiculous, but intentionally so
Whether or not you consider Copy Fail serious or not, well you’re free to say of course. It is formally classified as “High Severity”, so make of that what you will 
ok. I had no clue. May be I am exaggeration here 
Not all but you never know, something else alongside something like this could be very problematic and better to stop that from being ever able to occur than leaving a vunerabity like this. An example I often use is a door, without a lock it can easily be opened so you add a lock, then you find out the lock and easily be manitpulated, do you take the risk of looking secure while you really aren’t or do you get a better lock so that it will actually be effective if someone tries to break it?
What if it is a valid user who is executing unwittingly an innocuous command(s) but those commands or libraries are infected.
Or it is a valid systemd timer that is being executed which the user is unaware has a payload or a library that is infected?
With Social engineering attacks, prompt injection attacks and other vectors on the rise both the scenarios are possible.
Thinking on it today, really any time you see a vulnerability that permits arbitrary code execution, that’s a vector for Copy Fail.
Vulnerabilities have been discovered in all sorts of applications that pull data from the Internet, like playing a playlist file from a music website for example. If the software pulling it is vulnerable to arbitrary code execution, a remote attacker could in theory gain root level access to that system via Copy Fail, and establish a backdoor using something like NAT traversing reverse-SSH, or just send themselves all the private keys stored in that user’s ~/.ssh folder without the user even realising it.
Yeah but it’s patched now, so all this speculation is really moot. I guess there could be some kernels that haven’t been patched, but they’re going to be older ones imo.
So rule of the thumb should be to restrict internet access using AppArmor/firejail/SELinux or something equivalent?
But what if browsers like Firefox or email client Thunderbird/Kmail/etc or the new AI Agent clients like OpenClaw or apps like mpv are vulnerable? It is difficult if not impossible in such cases.
It was suggested that because it required local access, it wasn’t so serious. From an ongoing security perspective, I mention these possibilities so it’s hopefully clearer how a local vulnerability, perhaps one not yet discovered, could be exploited by a remote attacker.
Yeah something like Firejail would provide a limiting sandbox. It’s worth considering I think.
I suppose, in general it’s never as simple as there’s a vulnerabilty but it requires local access so I’m alright. That doesn’t just apply to kernel vulnerabilitys as some clever bastard could figure out how to use them in concert.
Looks like another LPE vulnerability has been discovered. It’s called Fragnesia.