VulnHub

Real-time Cybersecurity News

9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros

The Hacker News
LinuxCVEVulnerabilityPrivilege Escalation

Overview

Researchers have revealed a vulnerability in the Linux kernel, identified as CVE-2026-46333, which has remained unnoticed for nine years. This flaw involves improper privilege management, allowing unprivileged local users to access sensitive files and execute commands with root privileges on default installations of several major Linux distributions. The vulnerability has a CVSS score of 5.5, indicating a moderate severity level. Affected users include those running various Linux distributions, which could expose them to significant risks if exploited. It's crucial for system administrators and users to be aware of this vulnerability and take appropriate action to secure their systems.

Key Takeaways

  • Affected Systems: Linux kernel on default installations of major distributions such as Ubuntu, Fedora, Debian, and CentOS.
  • Action Required: Users should review their Linux kernel versions and apply any available security patches from their distribution maintainers.
  • Timeline: Disclosed on October 2023

Original Article Summary

Cybersecurity researchers have disclosed details of a vulnerability in the Linux kernel that remained undetected for nine years. The vulnerability, tracked as CVE-2026-46333 (CVSS score: 5.5), is a case of improper privilege management that could permit an unprivileged local user to disclose sensitive files and execute arbitrary commands as root on default installations of several major

Impact

Linux kernel on default installations of major distributions such as Ubuntu, Fedora, Debian, and CentOS.

Exploitation Status

The exploitation status is currently unknown. Monitor vendor advisories and security bulletins for updates.

Timeline

Disclosed on October 2023

Remediation

Users should review their Linux kernel versions and apply any available security patches from their distribution maintainers. Additionally, restricting access to sensitive files and monitoring system activity can help mitigate risks until a patch is applied.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Linux, CVE, Vulnerability, and 1 more.

Read Original Article

Related Coverage

Showboat Linux Malware Hits Middle East Telecom with SOCKS5 Proxy Backdoor

The Hacker News

Researchers have identified a new piece of Linux malware called Showboat, which has been targeting a telecommunications provider in the Middle East since at least mid-2022. This malware acts as a modular framework that allows attackers to gain remote access to systems, transfer files, and create a SOCKS5 proxy for further exploitation. The use of such a backdoor poses significant risks to the telecommunications infrastructure, potentially compromising sensitive data and disrupting services. As the attack has been ongoing for over a year, it raises concerns about the security measures in place within the affected organization and signals a growing trend of targeted attacks on critical sectors. Companies in similar industries should be vigilant and enhance their security protocols to protect against such sophisticated threats.

May 21, 2026

Chinese APTs Share Linux Backdoor in Central Asia Telco Attacks

darkreading

Recent reports indicate that Chinese advanced persistent threat (APT) groups are using a Linux backdoor called 'Showboat' to target telecommunications providers in Central Asia. This backdoor has been linked to espionage activities aimed at intercepting communications from smaller markets. The attacks raise concerns about the security of telecom infrastructure in the region, as they highlight how vulnerable these systems can be to state-sponsored hacking. The use of such sophisticated malware suggests that these APTs are not only looking to gather intelligence but also to potentially disrupt communications. As these attacks unfold, the implications for privacy and security in the telecommunications sector are significant, particularly for users relying on these services.

May 21, 2026

Content Delivery Exploit Opens Websites to Brand Hijacking

darkreading

A newly identified attack method, known as the Underminr domain-fronting attack, allows cybercriminals to manipulate web requests and disguise their malicious activities by using trusted websites. This technique makes it challenging for security systems to detect and block harmful actions, as they appear to originate from legitimate sources. Websites that rely on content delivery networks (CDNs) are particularly vulnerable, as attackers can exploit these trusted domains to hijack brands and potentially mislead users. The implications are significant, as this could lead to a loss of customer trust and financial harm for affected companies. Organizations should be aware of this tactic and take measures to secure their web infrastructure.

May 21, 2026

CISA Enhances Known Exploited Vulnerabilities Catalog to Include New Nomination Form

CISA News

The Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities Catalog by introducing a new nomination form. This form allows organizations to report vulnerabilities they believe should be included in the catalog, which serves to inform the public about security flaws that are actively being exploited by attackers. The catalog aims to help organizations prioritize their cybersecurity efforts by focusing on vulnerabilities that pose the most immediate risk. This initiative is particularly important as it encourages collaboration between the public and private sectors in identifying and addressing security weaknesses. By expanding the catalog, CISA hopes to enhance the overall security posture of critical infrastructure and other sectors.

May 21, 2026

Apple Rejected 2 Million App Store Submissions in 2025 for Security and Fraud Prevention

SecurityWeek

In 2025, Apple took significant measures to maintain the integrity of its App Store by rejecting over 2 million app submissions. This move was part of a broader strategy to combat security threats and prevent fraud, resulting in the blocking of more than 1.1 billion accounts and the interception of $2.2 billion in potentially fraudulent transactions. The company's stringent review process aims to protect users from malicious apps and scams, ensuring a safer experience on its platform. This action highlights the ongoing challenges in app security and the need for companies to remain vigilant against fraudulent activities. Developers looking to publish apps must adhere to strict security protocols to avoid rejection, which could impact their business operations.

May 21, 2026

Microsoft Warns of Two Actively Exploited Defender Vulnerabilities

The Hacker News

Microsoft has reported that two vulnerabilities in its Defender software are currently being exploited. The first, identified as CVE-2026-41091, is a privilege escalation flaw that has a CVSS score of 7.8, meaning it poses a significant risk. If successfully exploited, attackers could gain SYSTEM privileges, which would allow them to control the affected systems. The second vulnerability is a denial-of-service flaw, though specific details about its CVE designation weren't provided. These vulnerabilities affect Microsoft Defender, and users of the software should be vigilant as attackers are actively exploiting these flaws in the wild. It's crucial for individuals and organizations to take immediate action to secure their systems.

May 21, 2026