#local-privilege-escalation

[ follow ]
#linux-kernel #linux-kernel-security #security-vulnerabilities #page-cache #cve-2026-46300 #apex-one
Information security
fromSecurityWeek
1 week ago

TrendAI Patches Apex One Zero-Day Exploited in the Wild

CVE-2026-34926 is a patched Apex One directory traversal flaw exploited in the wild, requiring admin access and affecting on-premises deployments.
#linux-kernel-security
fromtheregister
1 week ago
Information security

Linux kernel flaw opens root-only files to unprivileged users

A local kernel flaw lets unprivileged users read root-only files, but a fix landed and ModuleJail aims to reduce similar bug impact.
fromZDNET
2 weeks ago
Information security

Dirty Frag is a new Linux bug putting your system at risk - and there's no easy fix yet

Dirty Frag enables local privilege escalation from an unprivileged account to root by corrupting kernel page cache via networking and authentication logic bugs.
Information security
fromtheregister
1 week ago

Linux kernel flaw opens root-only files to unprivileged users

A local kernel flaw lets unprivileged users read root-only files, but a fix landed and ModuleJail aims to reduce similar bug impact.
Information security
fromZDNET
2 weeks ago

Dirty Frag is a new Linux bug putting your system at risk - and there's no easy fix yet

Dirty Frag enables local privilege escalation from an unprivileged account to root by corrupting kernel page cache via networking and authentication logic bugs.
more#linux-kernel-security
#linux-kernel
fromZDNET
2 weeks ago
Information security

The third major Linux kernel flaw in two weeks has been found - thanks to AI

fromInfoQ
2 weeks ago
Information security

Copy Fail and Dirty Frag: Linux Page-Cache Exploits Target Every Major Distribution

Information security
fromZDNET
2 weeks ago

The third major Linux kernel flaw in two weeks has been found - thanks to AI

Fragnesia is a Linux kernel page-cache corruption flaw that lets unprivileged users gain reliable root access across major distributions.
Information security
fromtheregister
2 weeks ago

Dirty Frag gets a sequel as Fragnesia hands Linux attackers root-level access

Fragnesia (CVE-2026-46300) enables unprivileged users to gain root by corrupting Linux page-cache memory via the XFRM ESP-in-TCP/IPsec path, with public exploit code available.
Information security
fromThe Hacker News
2 weeks ago

New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption

Fragnesia (CVE-2026-46300) enables unprivileged local attackers to corrupt kernel page cache and gain root via the XFRM ESP-in-TCP subsystem.
Information security
fromInfoQ
2 weeks ago

Copy Fail and Dirty Frag: Linux Page-Cache Exploits Target Every Major Distribution

Two Linux kernel local privilege escalation flaws enable unprivileged users to obtain root by manipulating page cache via AF_ALG and related logic bugs.
Information security
fromSecurityWeek
2 weeks ago

New 'Dirty Frag' Linux Vulnerability Possibly Exploited in Attacks

Dirty Frag and Copy Fail 2 chain two Linux kernel flaws to enable reliable local privilege escalation to root, with possible in-the-wild exploitation.
Information security
fromtheregister
3 weeks ago

'Dirty Frag' Linux flaw one-ups CopyFail with no patches and public root exploit

Dirty Frag is a universal Linux local privilege escalation flaw chaining two kernel bugs, enabling unprivileged users to gain immediate root on major distributions without patches or CVE.
more#linux-kernel
fromZero Day Initiative
2 weeks ago

Zero Day Initiative - Pwn2Own Berlin 2026: The Full Schedule

Thursday, May 14 - 1030 chompie of IBM X-Force Offensive Research (XOR) targeting NV Container Toolkit in the NVIDIA category for a total of $50,000 and 5 Master of Pwn points Le Duc Anh Vu ( @vulda ) of Viettel Cyber Security (@vcslab) targeting OpenAI Codex in the Coding Agent category for a total of $40,000 and 4 Master of Pwn points Orange Tsai (@orange_8361) of DEVCORE Research Team targeting Microsoft Edge - Sandbox Escape in the Web Browser category for a total of $175,000 and 17.5 Master of Pwn points
Information security
Information security
fromArs Technica
4 weeks ago

The most severe Linux threat to surface in years catches the world flatfooted

A critical Linux vulnerability allows unprivileged users to gain root access, posing severe risks to data centers and personal devices.
Information security
fromThe Hacker News
7 months ago

Urgent: China-Linked Hackers Exploit New VMware Zero-Day Since October 2024

CVE-2025-41244 enables local privilege escalation in VMware Tools and Aria Operations and has been exploited in the wild by UNC5174; patches and mitigations released.
Information security
fromSecurityWeek
7 months ago

Organizations Warned of Exploited Sudo Vulnerability

A critical Sudo local privilege escalation (CVE-2025-32463) allows any user to gain root privileges and has been exploited, requiring urgent patching.
fromTheregister
8 months ago

Android drops 120 flaw fixes, two exploited in the wild

Patch Tuesday is next week, but Android is ahead of the game, dropping its biggest patch bundle this year while attackers actively exploit two of the now-fixed flaws. This month, the world's most popular mobile operating system pushed out 120 patches, its biggest monthly dump this year. It's a far cry from July, when Android didn't issue a single patch as everything was apparently fine, but in September, two of the flaws may be under "limited, targeted exploitation."
Information security
[ Load more ]