Curious about Copy Fail Linux bug and any relation to FreeBSD

[Nathan]

Hi, I just wanted to ask about the recently talked-about Copy-Fail bug in Linux. 
I was wondering if the FreeBSD community has tried to replicate it in FBSD , or if that even makes sense. Why does it even happen in Linux, and maybe why it doesn't here?

And I'm just sorta curious if there is some fundamental structural decision that might be protecting FBSD from that type of exploit. Or if it was simply a fluke bug.

I know I'm asking large questions, just thought I'd reach out to this list to prompt the topic and maybe get pointed in some direction. 
If it hasn't been tested I'd love to try to test it myself, but I'm in a bit over my head.

[Paul Procacci]

This is a logic bug in algif_aead on linux.
This bug will only ever apply to linux.

linux.ko does not emulate algif_aead.

Furthermore, this bug is a combo of arch decisions implemented in
linux that simply do not exist in FBSD.

Firstly, there's no AF_ALG on FBSD. Nothing is exposed to userland.
FBSD's cryptodev is an ioctl based approach and has much tighter
scoping.
Secondly, there's no 'splice into pipe' surface area in FBSD.
Lastly, the OCF (OpenCrypto Framework) never made the same
optimization that was in authencesn.

The above isn't to say that one day a bug like this can't make it into
FBSD by implementing looser controls but as it stands now, this
specific type of 'splice into pipe' attack simply does not exist.

Thanks,
Paul Procacci

--
__________________

:(){ :|:& };:

[Ralf Mardorf]

On Fri, 2026-05-01 at 15:15 -0300, Nathan wrote:
> I'm just sorta curious if there is some fundamental structural
> decision that might be protecting FBSD from that type of exploit. Or
> if it was simply a fluke bug.

All kernels are riddled with security vulnerabilities. The hype
surrounding Anthropic’s “Claude” may just be a marketing gimmick for
now, but sooner or later it will become a reality. Don’t get too hung up
on CVE-2026-31431, wie wäre es mit
https://wid.cert-bund.de/portal/wid/kurzinformationen. Besides, eight
years have passed since Meltdown and Spectre without them being fully
resolved, and just think about how many more virtual fingers an AI could
stick into the system to really wreak havoc.

[Nathan]

Thank you for all the info, this mailing list thing is fun

[Ralf Mardorf]

On Fri, 2026-05-01 at 14:28 -0400, Paul Procacci wrote:
> The above isn't to say that one day a bug like this can't make it into
> FBSD by implementing looser controls but as it stands now, this
> specific type of 'splice into pipe' attack simply does not exist.

Hi,

I haven't looked into that Linux vulnerability, what you're saying might
be true, but it's still completely irrelevant. Some nutcases are
currently sending the computer infrastructure back to the Stone Age.

Computer hardware is becoming increasingly powerful, and off-the-shelf
software, whether AI-based or not, now makes it possible for just about
anyone to attack other systems. No matter the operating system or
hardware, anything connected to the internet that’s of any significant
size, not necessarily just the average home user’s desktop PC, is
successfully attacked. Despite all their weaknesses, my desktop
computers have never been successfully attacked directly, but not a day
goes by without some online service I want to use going down and often
causing problems for weeks on end, even if it’s just due to a DDoS
attack.

No matter how well-hardened a private system is, whatever you need from
the world outside your own household is constantly being slowed down by
some kind of attack.

Btw. Recently:
https://forums.freebsd.org/threads/forum-outage.102193/#post-752543

Today:
"-------- Forwarded Message --------
From: [...]
To: "Ubuntu user technical support, not for general discussions"
Subject: Re: kernel security patch
Date: 05/01/2026 10:22:29 AM

Canonical Ubuntu Infra is being ddosed by hacktivist atm:
https://status.canonical.com/#/incident/KNms6QK9ewuzz-7xUsPsNylV20jEt5kyKsd8A-3ptQEHpOd8VQ40ZQs-KD81fboQXeGZB94okNHdHBGlCv58Sw==

Den fre 1 maj 2026 kl 10:17 skrev Ralf Mardorf via ubuntu-users
<ubuntu...@lists.ubuntu.com>:

You are probably afraid of the high vulnerability "Copy Fail"
(CVE-2026-31431).

I can connect to https://tracker.debian.org/pkg/linux, but my browser
won't open links on ubuntu.com. When it comes to Ubuntu Linux package
updates that include security measures, that seems to be the crux of the
matter."

https://lists.ubuntu.com/archives/ubuntu-users/2026-May/date.html , most
likely unavailable right now because it's under attack.

The CVE-2026-31431 vulnerability has long since been mitigated by the
major Linux distributions. However, they continue to grapple with
entirely different issues, just like FreeBSD, Windows, or anyone else.

Regards,
Ralf

[Paul Procacci]

Quite frankly,

I don't know what you're going on about.
None of what you wrote addresses the question by the OP.
We're talking about copy-fail and the surrounding splice into pipe
attack vectors of which nothing you wrote supports this topic.

~Paul

--
__________________

:(){ :|:& };:

[Ralf Mardorf]

On Fri, 2026-05-01 at 19:48 -0400, Paul Procacci wrote:
> None of what you wrote addresses the question by the OP.

It was once claimed that FreeBSD was not affected by Meltdown and
Spectre due to its architecture. This turned out to be a reckless
misjudgment within a very short time. Even though this case is not
comparable to that situation, my point is that it is irrelevant whether
a kernel is inherently less vulnerable, or even completely immune, to
certain exploits. It may be of technical interest to some, perhaps even
to the OP, to see what the situation looks like in this specific case,
but from a security perspective, it is completely irrelevant how secure
a system is compared to one or more others. The race is over, as the
attackers have long since taken control. It doesn’t matter how a kernel
is structured. So it depends on exactly what the OP wanted to know.
Whether the OP is referring explicitly to this case and its technical
background, or whether the question is to be understood more generally.
In any case, it’s not clear to me what exactly is in the OP’s interest.

[Dag-Erling Smørgrav]

Ralf Mardorf <ralf-m...@riseup.net> writes:
> It was once claimed that FreeBSD was not affected by Meltdown and
> Spectre due to its architecture.

No, nobody ever made any such claim. Spectre and Meltdown are CPU-level
bugs which affect _all_ software running on specific CPUs. Until
microcode patches became available, the only mitigation was to disable
the CPU cache, which massively slows down the CPU.

Here's my own Meltdown demonstrator for FreeBSD. You'll note that the
first commit is dated only days after the CVE was published:

https://github.com/dag-erling/meltdown

DES
--
Dag-Erling Smørgrav - d...@FreeBSD.org

[Ralf Mardorf]

On Sat, 2026-05-02 at 17:23 +0200, Dag-Erling Smørgrav wrote:
> Ralf Mardorf <ralf-m...@riseup.net> writes:
> > It was once claimed that FreeBSD was not affected by Meltdown and
> > Spectre due to its architecture.
>
> No, nobody ever made any such claim.  Spectre and Meltdown are CPU-

> level bugs [snip]

You don't need to explain this to me, since I know this.

I'm currently suffering from cervical spine syndrome and can't spend
much time sifting through all the nonsensical claims, but I've already
come across the following in a quick search. At first, there were all
sorts of unbelievable explanations as to why it supposedly only affects
Intel CPUs and why it supposedly doesn't affect FreeBSD, all of them
unqualified claims. Users usually assume the best, while I’ve always
assumed the worst, and so far, I’ve always been right.

-------- Forwarded Message --------
From: Baho Utot <baho...@columbus.rr.com>
To: Aryeh Friedman <aryeh.f...@gmail.com>
Cc: FreeBSD Mailing List <freebsd-...@freebsd.org>
Subject: Re: Meltdown – Spectre
Date: 01/08/2018 01:53:44 PM
Mailer: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101
Thunderbird/52.5.2



On 1/8/2018 7:37 AM, Aryeh Friedman wrote:


On Mon, Jan 8, 2018 at 7:28 AM, Baho Utot <baho...@columbus.rr.com
<mailto:baho...@columbus.rr.com>> wrote:



On 1/8/2018 4:15 AM, Aryeh Friedman wrote:

On Mon, Jan 8, 2018 at 3:57 AM, Matthias Apitz
<gu...@unixarea.de
<mailto:gu...@unixarea.de>> wrote:



This is not operating system specific, read the papers on theses
two. it attacks the cpu, usally through a JIT


Please learn a little OS design theory before making insane claims.
Specifically it *ONLY* effects OS's that rely on the specific CPU
architecture (vs. a generic one). Namely if you strictly partition
the page table between userland and kernel space (which xxxBSD has
always done and Linux has not) and don't use any CPU specific
instructions to do so (except for protected vs. unprotected mode in
the original 386 design FreeBSD does not do this while yet again
microslut and linux do).

For more info go read the more technical thread then here in -hackers@
and -current@.

[snip]

[Dag-Erling Smørgrav]

Ralf Mardorf <ralf-m...@riseup.net> writes:
> I'm currently suffering from cervical spine syndrome and can't spend
> much time sifting through all the nonsensical claims, but I've already
> come across the following in a quick search.

The person you are quoting is not a FreeBSD committer and does not in
any way represent the FreeBSD project. He is in fact infamous for
frequently spouting the most absurd nonsense on our mailing lists.

> At first, there were all sorts of unbelievable explanations as to why
> it supposedly only affects Intel CPUs and why it supposedly doesn't
> affect FreeBSD, all of them unqualified claims.

It was pretty well understood from the beginning that Spectre affected
AMD and ARM processors (iirc, AMD initially denied this, but nobody in
infosec took their denial seriously). There was doubt as to whether
Meltdown did as well. Nobody worth listening to ever claimed that
FreeBSD was not affected.

See for instance my email to freebsd-security on the day the news broke:

https://mail-archive.freebsd.org/cgi/getmsg.cgi?fetch=63739+0+archive/2018/freebsd-security/20180107.freebsd-security