According to Ars Technica, AMD is working on adding HDMI 2.1 support for Linux systems. This technical development carries significant implications for Valve’s upcoming Steam Machine gaming console.

Why HDMI 2.1 Matters

The HDMI 2.1 standard supports substantially higher bandwidth, enabling 4K resolution at 120Hz refresh rates and 8K at 60Hz. For a gaming console, this means smoother visual experiences and a higher ceiling for graphical fidelity.

Steam Machine Outlook

Valve’s Steam Machine is positioned as a console-class PC gaming device running SteamOS, which is Linux-based. Continuous improvements to AMD graphics drivers on Linux will directly enhance the device’s competitiveness in the living room gaming market.

According to Ars Technica and TechCrunch reporting on May 1, 2026, Ubuntu — one of the world’s most popular Linux distributions — has had its official website and multiple services offline for over 24 hours due to a sustained cyber attack. Canonical, Ubuntu’s parent company, described the assault as a “sustained, cross-border attack” on its network infrastructure.

Attack Details

According to The Register, the DDoS attack is believed to have been launched by a pro-Iranian hacking group. The group not only conducted a large-scale distributed denial-of-service attack but also attempted to use the incident for extortion. Ubuntu.com and its related services have been largely unavailable since the attack began.

Canonical confirmed in a statement that its infrastructure is under attack and said it is taking all necessary measures to mitigate the impact and restore services. However, as of the time of reporting, several key services remain offline.

Scope of Impact

Ubuntu is a Linux distribution widely used by developers and enterprises globally. The outage of its official website and services has affected:

• Package downloads: Users cannot download Ubuntu system updates and new releases through official channels
• Documentation and forums: The developer community cannot access official technical documentation and support forums
• Cloud services: Some Ubuntu-related cloud services have been impacted

Security Analysis

Cybersecurity experts note that DDoS attacks targeting critical open-source infrastructure are becoming increasingly frequent, reflecting a troubling trend — open-source projects are becoming targets in geopolitical conflicts.

The scale and duration of this attack suggest that the attackers possess substantial resources and coordination capabilities. Analysts recommend that open-source projects strengthen their cybersecurity infrastructure, including adopting more robust DDoS protection services and distributed architectures.

Recovery Progress

Canonical stated it is working with cybersecurity experts to actively restore services. The company advised users to use mirror sites to obtain necessary packages and updates until full service restoration is achieved.

Source: Ars Technica, TechCrunch, The Register

Critical Linux Kernel Vulnerability CopyFail Rocks the Security Community

On April 30, 2026, security research firm Theori publicly disclosed a Linux kernel vulnerability codenamed CopyFail (CVE-2026-31431), along with working exploit code. Security experts are calling it “the most severe Linux security threat to surface in years.”

The vulnerability was privately reported to the Linux kernel security team five weeks ago. While the kernel team has already issued patches across multiple versions — including 7.0, 6.19.12, 6.18.12, 6.12.85, 6.6.137, 6.1.170, 5.15.204, and 5.10.254 — the vast majority of Linux distributions have not yet incorporated these fixes into their update packages, leaving hundreds of millions of servers and devices worldwide still exposed.

How the Vulnerability Works

CopyFail stems from an in-place optimization flaw in the Linux kernel’s cryptographic API (AF_ALG) introduced in 2017. The defect allows page cache pages to end up in writable destination scatterlists, enabling privilege escalation.

Critically, the attack requires only an unprivileged local user account — no network access, no kernel debugging features, no pre-installed primitives. Since AF_ALG ships enabled in essentially every mainstream distribution’s default configuration, the entire range from the 2017 patch window to current versions is vulnerable out of the box.

Who Is at Risk?

The scope of CopyFail is extraordinarily broad, affecting virtually every Linux deployment scenario:

• Multi-tenant Linux hosts: Shared dev boxes, shell-as-a-service, jump hosts, build servers
• Kubernetes/container clusters: The page cache is shared across the host; a container with the right primitives can compromise the node and cross tenant boundaries
• CI/CD pipelines: GitHub Actions self-hosted runners, GitLab runners, Jenkins agents — anything executing untrusted PR code as a regular user on a shared kernel
• AI and cloud computing: Notebook hosts, agent sandboxes, serverless functions, any tenant-supplied container or script environment

Automated Exploitation Already Demonstrated

Adding to the urgency, Theori demonstrated the vulnerability’s automated exploitation capability. Their tool successfully scanned and compromised Redis, PostgreSQL, and MariaDB database systems with zero human intervention. The project was also a finalist in the DoD DARPA AI Cyber Challenge.

Remediation

Security experts strongly recommend that all Linux system administrators take immediate action:

1. Patch immediately: Update your distribution’s kernel package to one that includes mainline commit a664bf3d603d, which reverts the 2017 algif_aead in-place optimization. Most major distributions are now shipping the fix.
2. Multi-tenant environments first: Cloud providers and container cluster operators should treat this as the highest priority.
3. Single-tenant systems: While not directly exposing remote attack vectors, any local code execution on these systems will escalate to root.

This incident underscores the critical importance of open-source supply chain security. A nearly decade-old kernel optimization flaw, once its exploit code is publicly released, can pose devastating risks to global internet infrastructure.

Source: Ars Technica | CopyFail