Reproduced both https://github.com/V4bel/dirtyfrag and https://github.com/0xdeadbeefnetwork/Copy_Fail2-Electric_Boogalooon (with build-essential & git installed, the latter also needed libssl- dev). Reproduced it with both of those repos with ubuntu-26.04-desktop- amd64.iso running in an (isolated) x86-64 VM. I was also able to reproduce it with the latter repo on an aarch64 device (the aarch64 device was not stock Ubuntu and wasn't a stock Ubuntu kernel, though).
Rough steps: * sudo useradd --create-home demo * sudo passwd demo * sudo apt update && sudo apt install git build-essential (and possibly libssl-dev for the latter) * sudo su demo (or ssh demo@device) * Clone either repo for x86-64, or just the latter for aarch64 * (disconnect network from PVE if testing in a PVE VM, optionally) * Run the exploit -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2151831 Title: Dirty frag security vulnerability To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/kmod/+bug/2151831/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
