LUP 665: Patch Me If You Can

• Air Date: 2026-05-03
• Duration: 80 mins 41 secs

About this episode

We dig into the Copy Fail vulnerability and test a proof-of-concept against our own box. Plus, Jon Seager, VP of Engineering at Canonical joins us, and we kick off the BSD Challenge!

Your hosts

• Chris Fisher
• Wes Payne
• Brent Gervais
• Jon Seager

Sponsored by

• Jupiter Party Annual Membership: Put your support on automatic with our annual plan, and get one month of membership for free!
• Managed Nebula: Meet Managed Nebula from Defined Networking. A decentralized VPN built on the open-source Nebula platform that we love.

Episode links

• 💥 Gets Sats Quick and Easy with Strike
• 📻 LINUX Unplugged on Fountain.FM
• Copy Fail — CVE-2026-31431 — "An unprivileged local user can write four controlled bytes into the page cache of any readable file on a Linux system, and use that to gain root." — Theori
• Copy Fail: 732 Bytes to Root - Xint — "A single 732-byte Python script can edit a setuid binary and obtain root on essentially all Linux distributions shipped since 2017." — Xint
• Linux Kernel Bug Explained - Jorijn — "CopyFail is more portable. One script, every distro, no offsets. Dirty Pipe needed kernel ≥ 5.8; Copy Fail covers 2017–2026." — Jorijn"Kubernetes Pod Security Standards (Restricted) and default seccomp do NOT block the syscall used." — Jorijn
• Ars: Most Severe Linux Threat in Years — "The most severe Linux threat to surface in years catches the world flat-footed." — Ars Technica
• Sysdig: CVE-2026-31431 Analysis — "The flaw was introduced in 2017 via commit 72548b093ee3, which switched AEAD operations to in-place processing." — Sysdig
• CERT-EU Advisory
• Ubuntu Security Tracker
• The Register: Crypto Flaw
• Kernel Patch (reverts 2017 optimization) — "This mostly reverts commit 72548b093ee3 except for the copying of the associated data." — Kernel Commit
• Buggy Commit: 72548b093ee3 (2017)
• DeepWiki: AF_ALG Internals
• oss-security Disclosure
• PSA + GRUB Mitigation - Jan Wildeboer
• Ubuntu 26.04 LTS (Resolute Raccoon) Released — "Ubuntu 26.04 LTS sets the example for providing best-in-class resilience while simultaneously embracing innovation and the advancement of open source." — Jon Seager, VP Ubuntu Engineering
• The Future of AI in Ubuntu - Jon Seager — "Throughout 2026 we'll be working on enabling access to frontier AI for Ubuntu users in a way that is deliberate, secure, and aligned with our open source values." — Jon Seager
• Ubuntu 26.04 Release Notes
• Ubuntu AI Features Throughout 2026 - Phoronix — "Canonical's approach to AI is refreshingly thoughtful — Microsoft should take note." — ZDNet
• Canonical DDoS Attack Update — "Canonical's web infrastructure is under a sustained, cross-border attack and we are working to address it." — arcticp, Canonical
• Ubuntu Weekly Newsletter #942
• Canonical AI Approach - ZDNet
• 9to5Linux: Opt-In LLM Tools
• uutils/coreutils: Cross-platform Rust rewrite of the GNU coreutils
• LINUX Unplugged 636: Engineering the Future
• LiveCD fails to start X session on QEMU · Issue #354 · ghostbsd/issues
• Monty's “rescue” drive NixOS config
• Magnolia Mayhem's BSD Challenge Report
• Pick: NASty — NASty is a NAS operating system built on NixOS and bcachefs. It turns commodity hardware into a storage appliance serving NFS, SMB, iSCSI, and NVMe-oF — managed from a single web UI, updated atomically, and rolled back when things go sideways.
• Pick: Defuse — Defuse is a GTK4 application for removing image backgrounds locally.
• Defuse on Flathub

Tags

ai developer, ai in ubuntu, amd rocm, background removal, backup system, bcachefs, bcachefs nas, bsd challenge, bsd jails, canonical, canonical vp engineering, container escape, copy fail, cuda, cve-2026-31431, declarative configuration, defuse, freebsd, freebsd setup, frontier ai for ubuntu, ghostbsd, gnu coreutils, jon seager, jupiter broadcasting, kernel security, linux exploit, linux kernel vulnerability, linux podcast, linux unplugged, local llm, nas os, nasty, nixos, nixos nas, odroid, open source, page cache attack, patch sunday, python, rescue nix config, resolute raccoon, rust, rust coreutils, security, snaps, tpm-backed full disk encryption, ubuntu, ubuntu 26.04 lts, ubuntu engineering, ubuntu lts, uutils coreutils, ventoy, wayland, zfs, 🦝