When a critical Linux kernel privilege escalation was publicly disclosed, Cloudflare's security and engineering teams detected, investigated, and mitigated the threat across our global fleet, confirming zero customer impact.

CVE-2025-38087: Linux Kernel Traffic Control TAPRIO Use-After-Free This is a 64byte UAF write vuln I discovered for Pwn2Own. However, I couldn’t reliably exploit it due to the extremely narrow race window, so I had no choice but to patch it 😥

#Fragnesia# 🚨: a new #Linux# kernel LPE in the Dirty Frag family lets unprivileged attackers gain root via ESP-in-TCP page-cache corruption. No host-level privileges required. Patch ASAP, disable esp4/esp6/rxrpc if unused, and restrict user namespaces.

🚨 Meet "Dirty Frag": a new Linux kernel privilege escalation, fresh off the heels of Copy Fail. Wiz Research is tracking CVE-2026-43284 and CVE-2026-43500 (also known as Copy Fail 2), discovered by Hyunwoo Kim (@v4bel). No official patches are out yet, and a public PoC already exists. 🔑 The technical bit: A vulnerability chain in the ESP (IPsec) and RxRPC kernel subsystems, with two deterministic page-cache write primitives in the same spirit as Dirty Pipe. Ubuntu, RHEL 8/9/10, AlmaLinux, Fedora, openSUSE, and more are all affected. 🛡️ Slightly less risky for containers: Exploitation usually requires CAP_NET_ADMIN, so hardened Kubernetes setups with default seccomp profiles are at lower risk. VMs and less restricted environments should still take this seriously. 🔧 What to do now: Until patches drop, you can temporarily disable the vulnerable kernel modules (esp4, esp6, rxrpc). Full mitigation and detection guidance in the blog. Wiz customers: pre-built queries and a live advisory are already in the Threat Intel Center. We'll keep updating both as more info comes to light. Full research from Merav Bar and @ramimacisabird:

🚀 Introducing FlashQLA: high-performance linear attention kernels built on TileLang. ⚡ 2–3× forward speedup. 2× backward speedup. 💻 Purpose-built for agentic AI on your personal devices. 💡Key insights: 1. Gate-driven automatic intra-card CP. 2. Hardware-friendly algebraic reformulation. 3. TileLang fused warp-specialized kernels. FlashQLA boosts SM utilization via automatic intra-device CP. The gains are especially pronounced for TP setups, small models, and long-context workloads. Instead of fusing the entire GDN flow into a single kernel, we split it into two kernels optimized for CP and backward efficiency. At large batch sizes this incurs extra memory I/O overhead vs. a fully fused approach, but it delivers better real-world performance on edge devices and long-context workloads. The backward pass was the hardest part: we built a 16-stage warp-specialized pipeline under extremely tight on-chip memory constraints, ultimately achieving 2×+ kernel-level speedups. We hope this is useful to the community!🫶🫶 Learn more: 📖 Blog: 💻 Code:

Great to see inference engines starting to leverage kernels on the Hub, in this case sglang. It's probably the easiest and fastest way to install flash attention and other specialized kernels right now.

We're open-sourcing FlashKDA — our high-performance CUTLASS-based implementation of Kimi Delta Attention kernels. Achieves 1.72×–2.22× prefill speedup over the flash-linear-attention baseline on H20, and works as a drop-in backend for flash-linear-attention. Explore on github:

Floating point math is not associative! And many of the highest performance kernels split the workload among SMs and accumulate partial results in a nondeterministic order. Many AI labs just accept this, or pay a huge performance penalty for determinism. DeepSeek decided to do neither. (1/4) 🧵

📢 Linux alert: “Copy Fail” (CVE-2026-31431) lets any local user escalate to root on most Linux kernels since 2017. Some distros remain unpatched. Prioritize updates, block AF_ALG, review suspicious activity.