It's time for your monthly climate change indicator update: π«£
+ Global temperature: π
+ Carbon dioxide (COβ): π
+ Methane (CHβ): π
+ Nitrous oxide (NβO): π
Download at https://zacklabe.com/climate-change-indicators/
Unprecedented Human-Caused Antarctic HeatWaves Driven by Polar Vortex and Atmospheric River Weirding
https://youtu.be/LAHJhcZMWR0?si=poIL9Ly_uNQkuOQk
#climate #weather #Antarctica #Antarctic #science #news #ocean #marine
Ok Ive been working through the mitigations for the string of kernel vulnerabilities. I think this is all of them. I had Claude spit out a summary.
Hope this helps others.
NOTE: I have edited this post to better outline the fixes and improve terminology. Plus we've got a CVE designation for dirty frag now.
## Linux Kernel LPE Roundup β May 8, 2026
Four local privilege escalation vulnerabilities in the same bug class (page-cache writes) are actively circulating. Here's what you need to know:
### 1. Copy Fail (CVE-2026-31431)
Original page-cache write via algif_aead in the crypto subsystem. Patched upstream, distro patches available.
Mitigation: Apply your distro's kernel update, or prevent the module from loading:
echo 'install algif_aead /bin/false' > /etc/modprobe.d/copyfail.conf
### 2. Dirty Frag (CVE-2026-43284)
Chains xfrm-ESP + RxRPC page-cache writes for a universal unprivileged LPE across all major distros. Published after a third party broke the embargo β no patches exist yet.
Mitigation: Prevent the modules from loading:
printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n' > /etc/modprobe.d/dirtyfrag.conf
Then unload them if currently loaded:
rmmod esp4 esp6 rxrpc 2>/dev/null
https://github.com/V4bel/dirtyfrag/
### 3. Copy Fail 2: Electric Boogaloo (no CVE yet)
xfrm ESP-in-UDP variant using MSG_SPLICE_PAGES. Same class as Copy Fail, different subsystem. Autoloads esp4/xfrm modules via userns netlink. Upstream fix committed but not yet in stable branches.
Mitigation: Same esp4 modprobe override as Dirty Frag covers this.
https://github.com/0xdeadbeefnetwork/Copy_Fail2-Electric_Boogaloo
### 4. io_uring ZCRX Freelist LPE (no CVE yet)
Out-of-bounds write in io_uring's zero-copy receive freelist. Narrower scope β requires kernel 6.15+, CONFIG_IO_URING_ZCRX=y, a supported NIC (mlx5/ice/nfp), and CAP_NET_ADMIN. Fix committed but not in stable yet.
Mitigation: Check if you're affected:
grep CONFIG_IO_URING_ZCRX /lib/modules/$(uname -r)/config
No output or "is not set" means you're not vulnerable.
https://ze3tar.github.io/post-zcrx.html
### Note
If any of these modules are built into your kernel (=y rather than =m), the modprobe approach won't work β you'll need initcall_blacklist= on the kernel command line instead. Check with:
grep -E 'CONFIG_INET_ESP=|CONFIG_INET6_ESP=|CONFIG_AF_RXRPC=|CONFIG_CRYPTO_USER_API_AEAD=' /lib/modules/$(uname -r)/config
#linux #kernel #cve #vulnerability #copyfail #copyfail2 #dirtyfrag #security #infosec #sysadmin
Google Chrome silently installs a 4 GB AI model on your device https://www.thatprivacyguy.com/blog/chrome-silent-nano-install/
> No consent dialog. No opt-out UI. Re-installs itself if the user removes it manually.
That is the true definition of malware.
Google Chrome is downloading a 4 GB Gemini Nano model onto users' machines without consent, with no opt-in, no opt-out short of enterprise tooling, and an automatic re-download every time the user deletes it. The pattern is identical to the Anthropic Claude Desktop case I wrote about last month, but the scale is between two and three orders of magnitude larger. This article does the legal analysis and, for the first time, the environmental analysis. The numbers are not small.
Even in a world of extremes, some events still stand out to me. This is one. All-time monthly records are being shattered.
The size of this ridge across the western U.S. is truly striking for March, and we see a very clear climate change connection.
Zack Labe
Information Is Beautiful
Paul Beckwith
[nate@social0 ~]$ 
nixCraft π§
Church of Jeff
BOCVIP
T. Ryan Gregory π¨π¦