{"id":254341,"date":"2026-05-24T16:15:00","date_gmt":"2026-05-24T20:15:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/24\/another-serious-linux-local-privesc-bug-surfaces\/"},"modified":"2026-05-24T16:30:11","modified_gmt":"2026-05-24T20:30:11","slug":"another-serious-linux-local-privesc-bug-surfaces","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/24\/another-serious-linux-local-privesc-bug-surfaces\/","title":{"rendered":"Another serious Linux local privesc bug surfaces"},"content":{"rendered":"<p><a href=\"https:\/\/www.itnews.com.au\/news\/another-serious-linux-local-privesc-bug-surfaces-626091\">Another serious Linux local privesc bug surfaces<\/a><\/p>\n<p><a href=\"https:\/\/www.itnews.com.au\/news\/another-serious-linux-local-privesc-bug-surfaces-626091\">https:\/\/www.itnews.com.au\/news\/another-serious-linux-local-privesc-bug-surfaces-626091<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-24 16:15:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.itnews.com.au\">www.itnews.com.au<\/a><\/p>\n<p>Cyber security vendor Qualys has found a logic bug in the Linux kernel which, if exploited, can be abused to escalate standard user privileges to those of the root superuser with full administrative system rights.<\/p>\n<p>Qualys said the flaw was introduced into the Linux kernel in November 2016, and has been present ever since.<\/p>\n<p>It abuses a kernel function, __ptrace_may_access() that controls if one process can inspect another one, and is a logic bug, that is exploitable with a race condition for local privilege escalation, as well as information disclosure.<\/p>\n<p>In its advisory for the vulnerability, indexed as CVE-2026-46333, Qualys included four proofs-of-concept (PoCs).<\/p>\n<p>The security vendor showed how PoCs could be used by unprivileged local attackers to read password hashes, steal secure shell (SSH) keys, and to run arbitrary commands as root.<\/p>\n<p>Qualys confirmed that the exploits work on default installations of Linux distributions Debian 13, Ubuntu 24.04 and 26.04, and Fedora 43 and 44.<\/p>\n<p>Following a report from Qualys, a patch was issued for the Linux kernel.<\/p>\n<p>While the vulnerability requires local system access, Qualys Threat Research Unit senior manager Saeed Abbasi said its impact is severe.<\/p>\n<p>&#8220;Local does not mean low priority,&#8221; Abbasi said.<\/p>\n<p>&#8220;Any unprivileged shell on a vulnerable host is enough to read \/etc\/shadow, exfiltrate SSH host private keys, or execute arbitrary commands as root through hijacked dbus connections to systemd,&#8221; he added.<\/p>\n<p>Abbasi said the vulnerable code, which has shipped in mainline Linux kernels since November 2016, created historical exposure that&#8230;<\/p>\n<p><a href=\"https:\/\/www.itnews.com.au\/news\/another-serious-linux-local-privesc-bug-surfaces-626091\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Another serious Linux local privesc bug surfaces https:\/\/www.itnews.com.au\/news\/another-serious-linux-local-privesc-bug-surfaces-626091 Publish Date: 2026-05-24 16:15:00 Source Domain: www.itnews.com.au&#8230;<\/p>\n","protected":false},"author":1,"featured_media":254344,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/i.nextmedia.com.au\/News\/CRN_690_penguins_linux.jpg","fifu_image_alt":"","footnotes":""},"categories":[48],"tags":[90,91,97,89,71,57,79,27],"class_list":["post-254341","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux","tag-cve","tag-debian","tag-fedora","tag-flaw","tag-linux","tag-security","tag-ubuntu","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/254341"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=254341"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/254341\/revisions"}],"predecessor-version":[{"id":254347,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/254341\/revisions\/254347"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/254344"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=254341"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=254341"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=254341"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}