ubuntu

59 Articles

This Week In Security: Another Linux Exploit, Ubuntu Knocked Offline, Finals Interrupted, And Backdoored Tools

May 8, 2026 by 14 Comments

After the CopyFail vulnerability gave root access from any user on almost all distributions last week, this week we’ve got DirtyFrag. This chains the vulnerability in CopyFail (xfrm-ESP) and a new vulnerability in a RPC function which allows similar overwriting of the page cache.

Both vulnerabilities manipulate the Linux page cache where data from disk is stored for rapid access. The kernel will always prefer the cached version of a file, which means that anything that is able to manipulate the contents of the cache can effectively replace the contents of the file. Both of the vulnerabilities leverage a similar mechanism – picking a binary which is flagged to run as root, such as su, and replacing the contents that would prompt for the users password with a launcher to immediately run a shell.

Like CopyFail, DirtyFrag requires the ability to execute code on the target in the first place, but turning almost any code or command execution vulnerability in any network service into root raises the impact significantly, allowing an attacker to break out of containers and privilege environments, or establish a persistent presence in the system when the original vulnerabilities are discovered and closed.

The previous mitigations to block specific kernel modules related to CopyFail are not sufficient to block the new vulnerabilities. At the time of writing this, there are no available patches from the distributions, however the vulnerable kernel modules can be temporarily disabled.

CopyFail added to KEV

CISA (the United States cyber security agency) has added CopyFail to the KEV, or Known Exploited Vulnerabilities list. Attacks on the KEV have been observed under active exploitation, which in the case of CopyFail is hardly a surprise.

The KEV is designed as a tool to allow security teams in government and commercial industry to prioritize the highest risk vulnerabilities – or at least give another source of data to point at when you say “we really need to patch this now”.

Prolonged Ubuntu DDOS

On the heels of the CopyFail vulnerability impacting almost all distributions, Ubuntu has had to face a prolonged distributed denial-of-service (DDoS) attack against the main infrastructure. Ars Technica reported at the beginning of the attack, and after several days, services appear to be restored. In the meantime, core services such as package updates, core repositories, and even the Ubuntu and Canonical websites were largely unreachable.

An Iraqi group claims responsibility for the attack, but it is unclear if they were the actual perpetrators – or why. The timing with the CopyFail vulnerability seems like an opportune moment to cause chaos by taking the update mechanisms of a major distribution offline, but in the era of modern Internet behavior, it could also just have been a Tuesday.

Continue reading “This Week In Security: Another Linux Exploit, Ubuntu Knocked Offline, Finals Interrupted, And Backdoored Tools”

This Week In Security: Linux Flaws, Python Ownage, And A Botnet Shutdown

March 20, 2026 by 14 Comments

The ides of security March are upon us — Qualys reports the discovery by their threat research unit of vulnerabilities in the Linux AppArmor system used by SUSE, Debian, Ubuntu, and Kubernetes as an additional security mechanism and application firewall.

AppArmor was added to Linux in 2010, and the vulnerabilities Qualys discovered have been present since 2017, and allow unprivileged (non-root) local users to elevate privileges by executing arbitrary code in the kernel, gaining root access, or perform a denial-of-service attack across the entire system by replacing all AppArmor behavior with “deny all” rules.

All Linux kernels since Linux 4.11 are vulnerable. If your Linux distribution enables AppArmor, and quite a few do, you’ll want to be updating as soon as fixes are available from your distribution maintainers. On systems with untrusted users, such as shared environments, VPS server environments, and the like, this is even more critical and urgent. Even on single-user systems, vulnerabilities like these allow other exploits, like the Python attack below, mechanisms to elevate their access and persistence.

At the time of writing, the full details of the AppArmor vulnerability are limited until the Linux Kernel team releases a stable version with the fixes for distribution maintainers. Qualys has published the technical write-up with the currently public information.

Python Projects Compromised

StepSecurity reports on a new campaign to infect Python projects on GitHub with a complex malware that, once deployed, appears to be yet another crypto and login stealer.

The attacker first gains access to the GitHub credentials via another info stealing worm – the Glassworm stealer infects VSCode extensions with over 35,000 downloads of infected extensions in October of 2025. Glassworm harvests NPM, GitHub, and OpenVSX credentials and sends them to a remote command and control (C2) server. It also harvests a wide range of crypto currency wallet extensions to steal crypto directly. Continue reading “This Week In Security: Linux Flaws, Python Ownage, And A Botnet Shutdown”

Hackaday Links Column Banner

Hackaday Links: March 1, 2026

March 1, 2026 by 4 Comments

We’ll start this week off with a bit of controversy from Linux Land. Anyone who’s ever used the sudo command knows that you don’t see any kind of visual feedback while entering your password. This was intended as a security feature, as it was believed that an on-screen indicator of how many characters had been entered would allow somebody snooping over your shoulder to figure out the length of your password. But in Ubuntu 26.04, that’s no longer the case. The traditional sudo binary has been replaced with a one written in Rust, which Canonical has recently patched to follow the modern convention of showing asterisks on the password prompt.

As you might expect, this prompted an immediate reaction from Linux greybeards. A bug report was filed just a few days ago demanding that the change be reverted, arguing that breaking a decades-old expectation with no warning could be confusing for users. The official response from a Canonical dev was that they see it the other way around, and that the change was made to improve the user experience. It was also pointed out that those who want to revert to the old style of prompt can do so with a config change. The issue was immediately marked as “Won’t Fix”, but the discussion is ongoing.

Speaking of unexpected changes, multiple reports are coming in that the February security update for Samsung Galaxy devices, which is currently rolling out, removes several functions from the Android recovery menu. After the update is applied to phones such as the S25 and Fold 7, long-standing features, such as the ability to wipe the device’s cache partition or install updates via Android Debug Bridge (ADB), disappear.

Continue reading “Hackaday Links: March 1, 2026”

Swissbit 2GB PC2-5300U-555

Surviving The RAM Price Squeeze With Linux In-Kernel Memory Compression

January 31, 2026 by 42 Comments

You’ve probably heard — we’re currently experiencing very high RAM prices due mostly to increased demand from AI data centers.

RAM prices gone up four times

If you’ve been priced out of new RAM you are going to want to get as much value out of the RAM you already have as possible, and that’s where today’s hack comes in: if you’re on a Debian system read about ZRam for how to install and configure zram-tools to enable and manage the Linux kernel facilities that enable compressed RAM by integrating with the swap-enabled virtual memory system. We’ve seen it done with the Raspberry Pi, and the concept is the same.

Ubuntu users should check out systemd-zram-generator instead, and be aware that zram might already be installed and configured by default on your Ubuntu Desktop system.

If you’re interested in the history of in-kernel memory compression LWN.net has an old article covering the technology as it was gestating back in 2013: In-kernel Memory Compression. For those trying to get a grip on what has happened with RAM prices in recent history, a good place to track memory prices is memory.net and if you swing by you can see that a lot of RAM has gone up as much as four times in the last three or four months.

If you have any tips or hacks for memory compression on other platforms we would love to hear from you in the comments section!

This Week In Security: Zenbleed, Web Integrity, And More!

July 28, 2023 by 9 Comments

Up first is Zenbleed, a particularly worrying speculative execution bug, that unfortunately happens to be really simple to exploit. It leaks data from function like strlen, memcpy, and strcmp. It’s vulnerable from within virtual machines, and potentially from within the browser. The scope is fairly limited, though, as Zenbleed only affects Zen 2 CPUs: that’s the AMD Epyc 7002 series, the Ryzen 3000 series, and some of the Ryzen 4000, 5000, and 7020 series of CPUs, specifically those with the built-in Radeon graphics.

And at the heart of problem is a pointer use-after-free — that happens inside the CPU itself. We normally think of CPU registers as fixed locations on the silicon. But in the case of XMM and YMM registers, there’s actually a shared store of register space, and the individual registers are mapped into that space using a method very reminiscent of pointers.

Continue reading “This Week In Security: Zenbleed, Web Integrity, And More!”

Bye Bye Ubuntu, Hello Manjaro. How Did We Get Here?

June 8, 2023 by 119 Comments

Last week I penned a cheesy fake relationship breakup letter to Ubuntu, my Linux distribution of choice for the last 15 years or so. It had well and truly delivered on its promise of a painless Linux desktop for most of that time, but the most recent upgrades had rendered it slow and bloated, with applications taking minutes to load and USB peripherals such as my film scanner mysteriously stopping working. I don’t have to look far to identify the point at which they adopted Snap packages as the moment when it all went wrong. I’d reached the point at which I knew our ways must part, and it was time to look for another distro.

Continue reading “Bye Bye Ubuntu, Hello Manjaro. How Did We Get Here?”

Dear Ubuntu…

May 22, 2023 by 279 Comments

Dear Ubuntu,

I hope this letter finds you well. I want to start by saying that our time together has been one of creativity and entertainment, a time in which you gave me the tools to develop a new career, to run a small electronics business, make fun things, and to write several thousand articles for Hackaday and other publications, but for all that it’s sadly time for our ways to part. The magic that once brought us together has faded, and what remains is in danger of becoming a frustration.

In our early days as an item you gave me for the first time a Linux distro that was complete, fast, and easy to use without spending too much time at the CLI or editing config files to make things happen; you gave me a desktop that was smooth and uncluttered, and you freed me from all those little utilities that were required to make Windows usable. You replaced the other distros I’d been using, you dual-booted with my Windows machines, and pretty soon you supplanted the Microsoft operating system entirely.

Ubuntu and me and a trusty Dell laptop, Oxford Hackspace, 2017.
Me and Ubuntu in 2017, good times.

We’ve been together for close to two decades now, and in that time we’ve looked each other in the eye across a variety of desktop and laptop computers. My trusty Dell Inspiron 640 ran you for over a decade through several RAM, HDD, and SSD upgrades, and provided Hackaday readers with the first few years of my writing. Even the Unity desktop couldn’t break our relationship, those Linux Mint people weren’t going to tear us asunder! You captured my text, edited my videos and images, created my PCBs and CAD projects, and did countless more computing tasks. Together we made a lot of people happy, and for that I will always be grateful. Continue reading “Dear Ubuntu…”