I don't believe in luck. If it wasn't advanced, they waited to inform the main kernel devs until they were close enough to the Ubuntu 26 release yet far enough out that they could just slip in the patch and it would be included in 26 It's just way to "coincidental" and "lucky" that it happened that way since Ubuntu is the largest distro.
The second this patch was slipped into the kernel the approving developer would have immediately recognized the significance and known there would be a complete shit show once it was announced. I assume that was Linus himself and you better believe he would have informed a few people at Canonical and RedHat and a few other places via his little secret back channels. Canonical had a month to release a kernel patch for 24.04 and 22.04 but they obviously waited so as to not tip off anyone. Why they haven't immediately released kernel updates for those distros is because they are not above using Zero days to push people into upgrading. I'm also betting an update will quietly appear for Pro before it appears for the community stuff. These "security researchers" absolutely monetize these things. The particular one who found this will get his invite to the next White Hat conference and will go and make is presentation then someone, like Oracle or RedHat or someone like that will slap down a $500k yearly employment contract in front of him, if that already hasn't happened. If he had waited a few weeks then it would have been too late for Ubuntu to ship and it would have been egg on Canonical's face and they would have been pissed - and he would certainly not have gotten any employment contract from them. You don't deliberately make enemies of the largest Linux distro unless you are really stupid. The business of breaking into computers is a dirty business. You and I both do this but I like to think that we are the whitest of the white knights since we are merely taking control of our own stuff away from networking companies who have no business with their fingers in our routers. And we don't do this to stuff we don't own nor is anything we publish usable for malcontents to do this to other people. But we can still smell the stink of it even a removed as we are. There's going to be a lot of people hurt by this one. And claiming that they deserved it because they weren’t updating is victim-blaming no better than blaming the woman who got raped for wearing a short skirt. Spin it how you like but this entire thing stinks. And incidentally the Canonical servers right now are melting down as I'm observing by running apt-update...very very slow right now. Ted -----Original Message----- From: PLUG <[email protected]> On Behalf Of Russell Senior Sent: Thursday, April 30, 2026 7:13 AM To: [email protected] Subject: Re: [PLUG] exploit in the wild On 4/30/26 06:42, Ted Mittelstaedt wrote: > Note that Ubuntu 26.04 was released on the 23rd of April, and its NOT > vulnerable. I suspect that there is a connection here and that the 26.04 > release date was Advanced. I don't think the Ubuntu 26.04 release schedule was advanced. The release date is consistent with past releases, see here: https://documentation.ubuntu.com/project/release-team/list-of-releases/ The reason it isn't vulnerable is that the fix got into v7.0 and (I'm not sure of the Ubuntu policy, but guessing) because v7.0 was released before Ubuntu 26.04 was released, they went with it. The thing that kind of surprises me is that the major distributions didn't have the fix in by the disclosure day. ArchLinux was also not vulnerable, if you update reasonably regularly because they stay pretty close to upstream stable kernels and so had the fix as a matter of course. Debian and Ubuntu (and Fedora?) seem to have been caught a bit flat footed. The thing I haven't seen reported yet is: "are non-x86/ architectures also affected?" You would guess so, since this was apparently a logical error, but the published python script exploit doesn't work on them to test, and I haven't seen anyone say. An exploit tuned for ARM, might. -- Russell Senior [email protected]
