Linux kernel
Coverage of Linux kernel in the Nexus archive.
- 15-Year-Old GhostLock Flaw Enables Root and Container Escape on Most Linux Distros
Researchers at Nebula Security disclosed GhostLock (CVE-2026-43499), a 15-year-old Linux kernel flaw enabling any logged-in user to gain root control on unpatched systems. The vulnerability has existed in default code across most mainstream Linux distributions since 2011 and requires no special permissions or network access.
- New "Bad Epoll" Linux Kernel Flaw Lets Unprivileged Users Gain Root, Hits Android
A new Linux kernel vulnerability, Bad Epoll (CVE-2026-46242), allows unprivileged users to gain root access on Linux desktops, servers, and Android devices. A fix is available, and the flaw exists in the same kernel code area where an AI model previously found another bug.
- New Linux pedit COW Exploit Enables Root Access by Poisoning Cached Binaries
A flaw in the Linux kernel's traffic-control subsystem allows unprivileged users to gain root access via an out-of-bounds write vulnerability (CVE-2026-46331), nicknamed 'pedit COW'. A public exploit emerged quickly after the CVE was assigned on June 16, and Red Hat has rated the flaw as a security risk.
- New DirtyClone Linux Kernel Flaw Lets Local Users Gain Root via Cloned Packets
DirtyClone is a new Linux kernel privilege escalation flaw in the DirtyFrag family. JFrog Security Research published a working exploit, tracked as CVE-2026-43503 (CVSS 8.8), allowing local users to gain root access via cloned network packets. A patch has been implemented.
- One-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now Public
A one-character flaw in the Linux kernel's nf_tables code (CVE-2026-23111) allows unprivileged local users to escalate to root and escape containers. The vulnerability was patched on February 5, 2026, but working exploits were publicly released by Exodus Intelligence on June 8, 2026.
- CISA warns of active attacks exploiting Android, Linux bugs
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are exploiting vulnerabilities in the Linux kernel and Android operating system.
- Re: [PATCH] OOM_pardon, a.k.a. don't kill my xlock
The article discusses a proposed Linux kernel patch named OOM_pardon, which aims to prevent the OOM killer from terminating xlock processes. It references a Hacker News thread with 24 points and 15 comments, indicating community engagement with the technical proposal.
- New CIFSwitch Linux flaw gives root on multiple distributions
A newly discovered local privilege escalation vulnerability in the Linux kernel, named 'CIFSwitch', allows attackers to forge CIFS authentication key descriptions and abuse the kernel's key request mechanism to gain root privileges on multiple distributions.
- Linus Torvalds to ‘start being more hardnosed’ about ‘pointless pull requests’ – some of which come from AIs
Linus Torvalds, the Linux kernel maintainer, is pushing back against trivial and AI-generated pull requests during the rc5 phase of the Linux 7.1 development cycle, arguing they disrupt stability efforts. He criticizes the influx of 'pointless' fixes and AI-driven code reviews, which he claims create unnecessary churn and complicate the merge process.
- Dirty Frag, Copy Fail, Fragnesia: The start of a worrisome Linux security trend
The article discusses how AI tools are accelerating the discovery of Linux security vulnerabilities like Dirty Frag, Copy Fail, and Fragnesia, which exploit the Linux kernel's page cache. Linus Torvalds and experts warn of a potential surge in such vulnerabilities due to AI's role in exposing bugs, while others argue most recent issues are minor. The Linux community is adapting to increased transparency and public reporting of AI-discovered flaws.
- 9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros
Cybersecurity researchers have disclosed a 9-year-old Linux kernel vulnerability (CVE-2026-46333) with a CVSS score of 5.5 that enables unprivileged local users to execute arbitrary commands as root on major Linux distributions. The flaw involves improper privilege management and affects default installations across several major distros.
- Exploit available for new DirtyDecrypt Linux root escalation flaw
A proof-of-concept exploit is available for a recently patched local privilege escalation vulnerability in the Linux kernel's rxgk module, allowing attackers to gain root access on some Linux systems. The vulnerability is a DirtyDecrypt Linux root escalation flaw. This exploit poses a security risk to affected Linux systems.
- Understanding the Linux Kernel: The Linux Kernel Startup
The article discusses the Linux kernel startup process, providing an in-depth understanding of the Linux kernel. It covers the key aspects of the startup procedure, aiming to educate readers on the internal workings of the Linux operating system. The discussion is centered around the technical aspects of the Linux kernel.
- Rust stalks IBM mainframes, but only in nightly form
IBM is bringing Rust support to its mainframe platform, allowing Rust code to be used in the Linux kernel on IBM mainframe hardware. This is made possible by a patch series submitted by Jan Polensky, which enables Rust support and adds required architecture glue. However, this support currently requires a nightly Rust compiler.
- Dirty Frag: Linux kernel hit by second major security flaw in two weeks
A second major security flaw has been found in the Linux kernel, allowing anyone with a basic account to gain full administrative control. This issue is located in the same area as the previous Copy Fail bug. The vulnerability can be exploited by attackers with basic account access.
- Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions
A new Linux kernel vulnerability called Dirty Frag enables root access and is a successor to the Copy Fail flaw. The vulnerability is unpatched and has been reported to Linux kernel maintainers. It affects major Linux distributions.
- Linux 7.0 debuts as Linus Torvalds ponders AI's bug-finding powers and their impact on release process
Linux 7.0 has been released with official Rust support and code for legacy Alpha and SPARC CPUs. Linus Torvalds discusses AI's potential to revolutionize bug detection in software development processes.
- AI assistance when contributing to the Linux kernel
The article discusses the use of AI assistance in contributing to the Linux kernel, referencing documentation from the Linux kernel project and a Hacker News discussion. It highlights the integration of AI tools into the kernel's development process.
- Anthropic withholds Mythos Preview model because its hacking is too powerful
Anthropic is withholding its Mythos Preview model from public release due to concerns about its advanced hacking capabilities, which can identify and exploit thousands of vulnerabilities. The company is limiting access to selected tech and cybersecurity firms, while OpenAI is developing a similar model through its Trusted Access for Cyber program.
- Linux kernel maintainers are following through on removing Intel 486 support
Linux kernel maintainers, including Linus Torvalds, are removing support for Intel's 80486 processor in kernel version 7.1. This decision follows years of efforts to phase out outdated hardware support due to maintenance costs.
- Patch to end i486 support hits Linux kernel merge queue
The Linux kernel is set to end support for i486-class CPUs with the release of version 7.1 later this year, after a year of patch development. Maintainers have finalized the necessary changes to retire 486 architecture support.