VulnHub

A nine-year-old vulnerability in the Linux kernel, specifically related to the ptrace system call, has been identified by security researchers at Qualys. This flaw can allow attackers with local access to leak sensitive information, including SSH keys and password hashes. The issue affects various Linux distributions and could potentially be exploited by users who already have access to the system. This highlights a significant security risk as it can enable further attacks or unauthorized access if sensitive credentials are compromised. System administrators should prioritize reviewing their systems for this vulnerability and implementing necessary security measures to protect against potential exploitation.

Researchers have revealed a vulnerability in the Linux kernel, identified as CVE-2026-46333, which has remained unnoticed for nine years. This flaw involves improper privilege management, allowing unprivileged local users to access sensitive files and execute commands with root privileges on default installations of several major Linux distributions. The vulnerability has a CVSS score of 5.5, indicating a moderate severity level. Affected users include those running various Linux distributions, which could expose them to significant risks if exploited. It's crucial for system administrators and users to be aware of this vulnerability and take appropriate action to secure their systems.

Researchers recently released a proof of concept (PoC) for a vulnerability in the Linux kernel known as DirtyDecrypt, which was patched back in April. This vulnerability allows local attackers to gain elevated privileges, potentially giving them root access to affected systems. While the vulnerability was addressed in a previous update, the release of the PoC means that those who haven't applied the patch could be at risk. It is crucial for users and administrators of Linux systems to ensure they are running the latest updates to mitigate this risk. The implications of this vulnerability are significant, especially for environments where security is paramount, such as servers and critical infrastructure.

Researchers have identified a new vulnerability in the Linux kernel, named Fragnesia and tracked as CVE-2026-46300, which could allow local attackers to gain root access through page cache corruption. This flaw affects the XFRM ESP-in-TCP subsystem and has a CVSS score of 7.8, indicating a significant risk. If exploited, it could enable attackers to take complete control of the affected systems. It's crucial for users of affected Linux systems to be aware of this vulnerability and take necessary precautions. The disclosure of this flaw highlights ongoing security challenges within the Linux ecosystem.

A new vulnerability known as the Fragnesia flaw has been discovered in the Linux kernel, allowing unprivileged local users to escalate their privileges to root access. This flaw poses a significant risk as it enables attackers with local access to gain complete control over affected systems. Researchers have indicated that various Linux distributions could be impacted, making it crucial for system administrators to assess their environments. The potential for exploitation is concerning, especially in multi-user setups where unauthorized users could exploit this flaw to compromise system integrity. Users and administrators should prioritize patching their systems to mitigate the risk associated with this vulnerability.

A new vulnerability named Fragnesia has been discovered in the Linux kernel, marking the third major flaw identified within two weeks. Researchers indicate that artificial intelligence tools are accelerating the process of uncovering these security issues, often faster than developers can implement fixes. This vulnerability could potentially affect a wide range of Linux-based systems, posing risks to users and organizations relying on this operating system. The ongoing discovery of these flaws raises concerns about the security of Linux environments, especially as they are commonly used in servers and critical infrastructure. As the situation develops, it is essential for users to stay informed and apply necessary updates to protect their systems.

A new variant of a local privilege escalation vulnerability in the Linux kernel, named Fragnesia, has been identified. This vulnerability, tracked as CVE-2026-46300 with a CVSS score of 7.8, allows local attackers to gain root access through page cache corruption. This marks the third such vulnerability discovered in the Linux kernel within just two weeks, raising concerns for users and administrators. The flaw is rooted in the kernel's XFRM component, which is responsible for managing IPsec protocols. This means that systems using affected kernel versions could be at risk if not addressed promptly, as attackers could exploit this vulnerability to gain elevated privileges and potentially take control of vulnerable systems.

Sasha Levin, a co-maintainer of the Linux kernel, has introduced a proposal for a runtime killswitch designed to disable vulnerable kernel functions temporarily. This mechanism would be accessible through securityfs, allowing system administrators to quickly mitigate risks associated with known vulnerabilities. The proposal aims to provide a practical solution for managing vulnerabilities in the Linux kernel, which is critical given the widespread use of Linux in servers and devices. By enabling a quick response to potential exploits, this initiative could help enhance the security posture of systems utilizing the Linux kernel. The implementation of such a killswitch is especially relevant as cyber threats continue to evolve, targeting vulnerabilities in operating systems.

A newly disclosed Linux vulnerability, dubbed 'copy.fail', poses a serious risk across multiple distributions, including Ubuntu, RHEL, Debian, SUSE, Amazon Linux, and Fedora. Revealed by Theori on April 29, 2026, this local privilege escalation flaw allows attackers to manipulate the Linux kernel's crypto API to write unauthorized data into the page cache of files they do not own. Importantly, the exploit does not modify files on disk, making it difficult for traditional monitoring tools like AIDE and Tripwire to detect. This vulnerability is concerning because it affects a wide range of systems without requiring any specific modifications for different distributions. Organizations using these Linux variants should prioritize assessing their security posture and applying necessary mitigations to protect against potential exploitation.