Solved The third major Linux kernel flaw in two weeks has been found - thanks to AI


Borg 386

Borg 386

Well-known member
Power User
VIP
Local time
6:08 PM
Posts
2,351
Location
In a crazy house with a cat trying to kill me
OS
Win 11 Pro, Win 10 pro, Win 13.7 Pro Chinese Ver
And yet again.....:rolleyes:

  • Another bad Linux kernel bug has appeared.
  • Fragnesia can give unauthorized users root powers.
  • More open-source security bugs are likely coming.
According to Linus's law, "Given enough eyeballs, all bugs are shallow," is fundamental to open source.

Unfortunately, thanks to AI bug-finding tools, such as Claude Mythos and OpenAI Daybreak, behind most of those eyeballs are AI engines, and they're proving to be much faster at finding security problems than human ones.
Click to expand...

www.zdnet.com

The third major Linux kernel flaw in two weeks has been found - thanks to AI

AI is exposing Linux security holes faster than developers can patch them. Fragnesia is the latest. Here's what we know about it.
www.zdnet.com www.zdnet.com
 

My Computer

System One

  • OS
    Win 11 Pro, Win 10 pro, Win 13.7 Pro Chinese Ver
    Computer type
    PC/Desktop
    Manufacturer/Model
    It's a Dell Dude
    CPU
    12th Gen Intel(R) Core(TM) i9-12900 2.40 GHz
    Motherboard
    Father is bored too...
    Memory
    64.0 GB of transcendental dimensional RAM
    Graphics Card(s)
    NVIDIA GeForce RTX 3070 Ti
    Sound Card
    N/A
    Monitor(s) Displays
    27" Samsung Monitor/Alternative Dimensional Viewing Portal
    Screen Resolution
    Fuzzy after a couple drinks
    Hard Drives
    2 or 3, depending on if it's a night they're arguing about having a "split personality crisis" because I partitioned the drive.
    PSU
    Shockingly active
    Case
    Don't get on my case....man
    Cooling
    Scotch on the rocks on the weekends.
    Keyboard
    Steel Series Lighted Glow in the dark something or another
    Mouse
    Currently being stalked by the cat...
    Internet Speed
    DSL
    Browser
    Defeated by Mario...wait...OH...BRowser...
    Antivirus
    Yep
Yes, despite what some people say, AI is here to stay, and this will keep happening.

It's Internet 2.0.


Ai will bring lots of good, and lots of bad.

Finding these flaws are good imho, as long as they are patched later. The bad news is cyber warfare will rise highly.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom Built
    CPU
    Ryzen 7 5700 X3D
    Motherboard
    MSI MPG B550 GAMING PLUS
    Memory
    64 GB DDR4 3600mhz Gskill Ripjaws V
    Graphics Card(s)
    RTX 4070 Super , 12GB VRAM Asus EVO Overclock
    Monitor(s) Displays
    Gigabyte M27Q (rev. 2.0) 2560 x 1440 @ 170hz HDR
    Hard Drives
    2TB Samsung nvme ssd
    4TB Western Digital nvme ssd
    PSU
    CORSAIR RMx SHIFT Series™ RM750x 80 PLUS Gold Fully Modular ATX Power Supply
    Case
    CORSAIR 3500X ARGB Mid-Tower ATX PC Case – Black
    Cooling
    ID-COOLING FROSTFLOW X 240 CPU Water Cooler
    Keyboard
    Logitech G213
    Mouse
    Logitech G203
    Internet Speed
    1.2gbps Fiber 😎
  • Operating System
    Chrome OS
    Computer type
    Laptop
    Manufacturer/Model
    HP Chromebook
    CPU
    Intel Pentium Quad Core
    Memory
    4GB LPDDR4
    Monitor(s) Displays
    14 Inch HD SVA anti glare micro edge display
    Hard Drives
    64 GB emmc
andrew129260 said:
Yes, despite what some people say, AI is here to stay, and this will keep happening.

It's Internet 2.0.


Ai will bring lots of good, and lots of bad.

Finding these flaws are good imho, as long as they are patched later. The bad news is cyber warfare will rise highly.
Click to expand...
Good point, finding them is a good thing, but the downside is people using them maliciously.

And this is only the tip of the iceberg when it comes to AI. I see some possibly interesting times ahead for humanity as AI gains more of a foothold.

Here's an idea, they should let AI analyze Windows & see how many flaws it finds....:LOL:
 

My Computer

System One

  • OS
    Win 11 Pro, Win 10 pro, Win 13.7 Pro Chinese Ver
    Computer type
    PC/Desktop
    Manufacturer/Model
    It's a Dell Dude
    CPU
    12th Gen Intel(R) Core(TM) i9-12900 2.40 GHz
    Motherboard
    Father is bored too...
    Memory
    64.0 GB of transcendental dimensional RAM
    Graphics Card(s)
    NVIDIA GeForce RTX 3070 Ti
    Sound Card
    N/A
    Monitor(s) Displays
    27" Samsung Monitor/Alternative Dimensional Viewing Portal
    Screen Resolution
    Fuzzy after a couple drinks
    Hard Drives
    2 or 3, depending on if it's a night they're arguing about having a "split personality crisis" because I partitioned the drive.
    PSU
    Shockingly active
    Case
    Don't get on my case....man
    Cooling
    Scotch on the rocks on the weekends.
    Keyboard
    Steel Series Lighted Glow in the dark something or another
    Mouse
    Currently being stalked by the cat...
    Internet Speed
    DSL
    Browser
    Defeated by Mario...wait...OH...BRowser...
    Antivirus
    Yep
Borg 386 said:
Here's an idea, they should let AI analyze Windows & see how many flaws it finds....:LOL:
Click to expand...
They actually are, google, microsoft, meta etc and a bunch of other companies were given mythos for free to scrape their code for errors, due to the concern of how effective it has already been in firefox and other things. A lot of people thought it was just marketing at first, but due to the number of vulnerabilities, anthropic was generally concerned and gave them access to the model without cost.

Microsoft statement on mythos:


Anthropic: Project Glasswing


Also, Google project zero has already been doing this for quite some time, but with human vulnerability testers, not AI.

projectzero.google

Google Project Zero

Make zeroday hard
projectzero.google projectzero.google
 

My Computers

System One System Two

  • OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom Built
    CPU
    Ryzen 7 5700 X3D
    Motherboard
    MSI MPG B550 GAMING PLUS
    Memory
    64 GB DDR4 3600mhz Gskill Ripjaws V
    Graphics Card(s)
    RTX 4070 Super , 12GB VRAM Asus EVO Overclock
    Monitor(s) Displays
    Gigabyte M27Q (rev. 2.0) 2560 x 1440 @ 170hz HDR
    Hard Drives
    2TB Samsung nvme ssd
    4TB Western Digital nvme ssd
    PSU
    CORSAIR RMx SHIFT Series™ RM750x 80 PLUS Gold Fully Modular ATX Power Supply
    Case
    CORSAIR 3500X ARGB Mid-Tower ATX PC Case – Black
    Cooling
    ID-COOLING FROSTFLOW X 240 CPU Water Cooler
    Keyboard
    Logitech G213
    Mouse
    Logitech G203
    Internet Speed
    1.2gbps Fiber 😎
  • Operating System
    Chrome OS
    Computer type
    Laptop
    Manufacturer/Model
    HP Chromebook
    CPU
    Intel Pentium Quad Core
    Memory
    4GB LPDDR4
    Monitor(s) Displays
    14 Inch HD SVA anti glare micro edge display
    Hard Drives
    64 GB emmc
andrew129260 said:
They actually are, google, microsoft, meta etc and a bunch of other companies were given mythos for free to scrape their code for errors, due to the concern of how effective it has already been in firefox and other things. A lot of people thought it was just marketing at first, but due to the number of vulnerabilities, anthropic was generally concerned and gave them access to the model without cost.

Microsoft statement on mythos:


Anthropic: Project Glasswing


Also, Google project zero has already been doing this for quite some time, but with human vulnerability testers, not AI.

projectzero.google

Google Project Zero

Make zeroday hard
projectzero.google projectzero.google
Click to expand...

Well I wish they would hurry up & use it a bit more. I'm tired of having to drape a Rosery across my PC & saying a prayer every time I apply patches. :LOL:
 

My Computer

System One

  • OS
    Win 11 Pro, Win 10 pro, Win 13.7 Pro Chinese Ver
    Computer type
    PC/Desktop
    Manufacturer/Model
    It's a Dell Dude
    CPU
    12th Gen Intel(R) Core(TM) i9-12900 2.40 GHz
    Motherboard
    Father is bored too...
    Memory
    64.0 GB of transcendental dimensional RAM
    Graphics Card(s)
    NVIDIA GeForce RTX 3070 Ti
    Sound Card
    N/A
    Monitor(s) Displays
    27" Samsung Monitor/Alternative Dimensional Viewing Portal
    Screen Resolution
    Fuzzy after a couple drinks
    Hard Drives
    2 or 3, depending on if it's a night they're arguing about having a "split personality crisis" because I partitioned the drive.
    PSU
    Shockingly active
    Case
    Don't get on my case....man
    Cooling
    Scotch on the rocks on the weekends.
    Keyboard
    Steel Series Lighted Glow in the dark something or another
    Mouse
    Currently being stalked by the cat...
    Internet Speed
    DSL
    Browser
    Defeated by Mario...wait...OH...BRowser...
    Antivirus
    Yep
The real challenge of having AI is the average time to exploit after a patch is released. Defenders used to have 2-4 weeks or more to patch before threat actors had working exploits. AI can now develop a working PoC exploit in around 20 hours. Mythos isn't the only model that can do this. Many are publicly available. It's puts stronger emphasis on doing the fundamentals of cyber security well and have good layered defends so that patching doesn't become a companies Achilles heel
 

My Computer

System One

  • OS
    Linux Mint
    Computer type
    Laptop
    Manufacturer/Model
    System76 Lemur Pro
Now all that's left is for Microsoft to use AI to test everything, find the bugs, and then release a Windows 11 V2 AI review edition without bugs and with tripled performance.
Then, who knows, maybe in 2040 that will happen?
 

My Computer

System One

  • OS
    Windows 11 Iot Enterprise 21h2 22000.3260
    Computer type
    PC/Desktop
    Manufacturer/Model
    Asus
    CPU
    xeon E5-2697v2
    Motherboard
    rampage iv extreme
    Memory
    32gb 8x4gb ddr3 1333 mhz
    Graphics Card(s)
    gtx 570 poit of view
    Sound Card
    realtek HD (ALC898)
    Monitor(s) Displays
    samsung b2030
    Screen Resolution
    1600x900
    Hard Drives
    2tb hd 5400 rpm
    3tb hd 5400 rpm
    1tb nvme pcie 3.0
    PSU
    hx850w
    Keyboard
    mtek
    Internet Speed
    500/250 gpon
    Browser
    r3dfox 146.0
    Antivirus
    none
neemobeer said:
The real challenge of having AI is the average time to exploit after a patch is released. Defenders used to have 2-4 weeks or more to patch before threat actors had working exploits. AI can now develop a working PoC exploit in around 20 hours. Mythos isn't the only model that can do this. Many are publicly available. It's puts stronger emphasis on doing the fundamentals of cyber security well and have good layered defends so that patching doesn't become a companies Achilles heel
Click to expand...
Extremely well said, thank you
 

My Computers

System One System Two

  • OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom Built
    CPU
    Ryzen 7 5700 X3D
    Motherboard
    MSI MPG B550 GAMING PLUS
    Memory
    64 GB DDR4 3600mhz Gskill Ripjaws V
    Graphics Card(s)
    RTX 4070 Super , 12GB VRAM Asus EVO Overclock
    Monitor(s) Displays
    Gigabyte M27Q (rev. 2.0) 2560 x 1440 @ 170hz HDR
    Hard Drives
    2TB Samsung nvme ssd
    4TB Western Digital nvme ssd
    PSU
    CORSAIR RMx SHIFT Series™ RM750x 80 PLUS Gold Fully Modular ATX Power Supply
    Case
    CORSAIR 3500X ARGB Mid-Tower ATX PC Case – Black
    Cooling
    ID-COOLING FROSTFLOW X 240 CPU Water Cooler
    Keyboard
    Logitech G213
    Mouse
    Logitech G203
    Internet Speed
    1.2gbps Fiber 😎
  • Operating System
    Chrome OS
    Computer type
    Laptop
    Manufacturer/Model
    HP Chromebook
    CPU
    Intel Pentium Quad Core
    Memory
    4GB LPDDR4
    Monitor(s) Displays
    14 Inch HD SVA anti glare micro edge display
    Hard Drives
    64 GB emmc
all 3 security flaws in the Linux kernel use the same/similar exploit but also need access to that system.

copy fail fix
ubuntu.com

Fixes available for CVE-2026-31431 (Copy Fail) Linux Kernel Local Privilege Escalation Vulnerability | Ubuntu

A local privilege escalation (LPE) vulnerability affecting the Linux kernel has been publicly disclosed on April 29, 2026. The vulnerability has been assigned CVE ID CVE-2026-31431 and is referred to as Copy Fail. The affected component is a kernel module that provides hardware-accelerated...
ubuntu.com ubuntu.com

dirty frag fix
ubuntu.com

Dirty Frag Linux kernel local privilege escalation vulnerability mitigations | Ubuntu

Two local privilege escalation (LPE) vulnerabilities affecting the Linux kernel have been publicly disclosed on May 7, 2026. The vulnerabilities have been assigned the IDs CVE-2026-43284 and CVE-2026-43500 and are referred to as “Dirty Frag.” The affected components are Linux kernel modules. The...
ubuntu.com ubuntu.com

fragnesia fix
ubuntu.com

Fragnesia Linux kernel local privilege escalation vulnerability mitigations | Ubuntu

A local privilege escalation (LPE) vulnerability affecting the Linux kernel has been publicly disclosed on May 13, 2026. The vulnerability does not have a CVE ID published, but is referred to as “Fragnesia.” The vulnerability affects multiple Linux distributions, including all Ubuntu releases...
ubuntu.com ubuntu.com

the 7.0 kernel has already been patched for copyfail and dirtyfrag
fragnesia will patched shortly. but fixes for all three are available.

these flaws in the kernel has been known for some time
its only now they have been made public that they are just starting to provide kernel patches
best of luck Steve ..
 

My Computers

System One System Two

  • OS
    Debian 13 KDE .. Windows 11 Home
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP 24" AiO
    CPU
    Ryzen 7 5825u
    Motherboard
    HP
    Memory
    64GB DDR4 3200
    Graphics Card(s)
    Ryzen 7 5825u
    Sound Card
    RealTek
    Monitor(s) Displays
    24" HP AiO
    Screen Resolution
    1920 x 1080 @60 Hz
    Hard Drives
    1TB WD Blue SN580 M2 SSD Partitioned.
    2x 1TB USB HDD External Backup/Storage.
    PSU
    90W external power brick
    Case
    24" All in One
    Cooling
    Default Air Cooling
    Keyboard
    HP WiFi UK extended
    Mouse
    HP WiFi 3 Button
    Internet Speed
    1GB full fibre
    Browser
    Edge & Firefox
    Antivirus
    AVG Internet Security/Windows Defender
    Other Info
    Mainly Open Source Software
  • Operating System
    Ubuntu 22.04.5 LTS
    Computer type
    Laptop
    Manufacturer/Model
    Dell 13" Latitude 2017
    CPU
    i5 7200u
    Motherboard
    Dell
    Memory
    16GB DDR4
    Graphics card(s)
    Intel
    Sound Card
    Intel
    Monitor(s) Displays
    13" Dell Laptop
    Hard Drives
    250GB Crucial 2.5" SSD
    Mouse
    Generic WiFi 3 button
    Internet Speed
    WiFi only
    Browser
    Firefox
    Antivirus
    ClamAV TK
    Other Info
    Mainly Open Source Software
With such things available, properly using Responsible Disclosure becomes more critical than ever
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
XxXxX said:
all 3 security flaws in the Linux kernel use the same/similar exploit but also need access to that system.

copy fail fix
ubuntu.com

Fixes available for CVE-2026-31431 (Copy Fail) Linux Kernel Local Privilege Escalation Vulnerability | Ubuntu

A local privilege escalation (LPE) vulnerability affecting the Linux kernel has been publicly disclosed on April 29, 2026. The vulnerability has been assigned CVE ID CVE-2026-31431 and is referred to as Copy Fail. The affected component is a kernel module that provides hardware-accelerated...
ubuntu.com ubuntu.com

dirty frag fix
ubuntu.com

Dirty Frag Linux kernel local privilege escalation vulnerability mitigations | Ubuntu

Two local privilege escalation (LPE) vulnerabilities affecting the Linux kernel have been publicly disclosed on May 7, 2026. The vulnerabilities have been assigned the IDs CVE-2026-43284 and CVE-2026-43500 and are referred to as “Dirty Frag.” The affected components are Linux kernel modules. The...
ubuntu.com ubuntu.com

fragnesia fix
ubuntu.com

Fragnesia Linux kernel local privilege escalation vulnerability mitigations | Ubuntu

A local privilege escalation (LPE) vulnerability affecting the Linux kernel has been publicly disclosed on May 13, 2026. The vulnerability does not have a CVE ID published, but is referred to as “Fragnesia.” The vulnerability affects multiple Linux distributions, including all Ubuntu releases...
ubuntu.com ubuntu.com

the 7.0 kernel has already been patched for copyfail and dirtyfrag
fragnesia will patched shortly. but fixes for all three are available.

these flaws in the kernel has been known for some time
its only now they have been made public that they are just starting to provide kernel patches
best of luck Steve ..
Click to expand...
7.1 Kernel already patched / fixed etc. As there are far more commercial cloud servers etc using Linux than Windows Server these things are usually fixed when they occur pretty quickly -- Windows commercial servers are often created as "Virtual servers" from Linux cloud systems.


Cheers
jimbo
 

My Computer

System One

  • OS
    Windows XP,11 Linux Fedora Rawhide pre-release 45
    Computer type
    PC/Desktop
    CPU
    2 X Intel i7
    Screen Resolution
    4KUHD X 2
You must log in or register to reply here.

Latest Support Threads

Latest Tutorials

Back
Top Bottom