#lpe — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #lpe, aggregated by home.social.
-
📰 New 'MiniPlasma' Windows Zero-Day Resurrects Patched Flaw for Full System Control
⚠️ Unpatched Windows zero-day 'MiniPlasma' grants full SYSTEM access! A regression of a 2020 flaw, the PoC exploit works on fully patched Win11 systems. No patch available. #Windows11 #ZeroDay #CyberSecurity #LPE
🌐 cyber[.]netsecops[.]io
-
📰 New 'MiniPlasma' Windows Zero-Day Resurrects Patched Flaw for Full System Control
⚠️ Unpatched Windows zero-day 'MiniPlasma' grants full SYSTEM access! A regression of a 2020 flaw, the PoC exploit works on fully patched Win11 systems. No patch available. #Windows11 #ZeroDay #CyberSecurity #LPE
🌐 cyber[.]netsecops[.]io
-
Anyone remember circa 2008-2010 or so there was a period of a lot of Linux LPEs, e.g. vmsplice, but also mremap and half-nelson/full-nelson?
It's feeling like that time again...
-
Anyone remember circa 2008-2010 or so there was a period of a lot of Linux LPEs, e.g. vmsplice, but also mremap and half-nelson/full-nelson?
It's feeling like that time again...
-
Anyone remember circa 2008-2010 or so there was a period of a lot of Linux LPEs, e.g. vmsplice, but also mremap and half-nelson/full-nelson?
It's feeling like that time again...
-
Anyone remember circa 2008-2010 or so there was a period of a lot of Linux LPEs, e.g. vmsplice, but also mremap and half-nelson/full-nelson?
It's feeling like that time again...
-
🚨 CVE-2026-31635 (DirtyDecrypt / DirtyCBC)
rxrpc: fix oversized RESPONSE authenticator length check
rxgk_verify_response() decodes auth_len from the packet and is supposed
to verify that it fits in the remaining bytes. The existing check is
inverted, so oversized RESPONSE authenticators are accepted and passed
to rxgk_decrypt_skb(), which can later reach skb_to_sgvec() with an
impossible length and hit BUG_ON(len).ℹ️ Additional info on ZEN SecDB https://secdb.nttzen.cloud/cve/detail/CVE-2026-31635
#nttdata #zen #secdb #infosec
#dirtydecrypt #dirtycbc #linux #kernel #lpe #cve202631635 -
🚨 CVE-2026-31635 (DirtyDecrypt / DirtyCBC)
rxrpc: fix oversized RESPONSE authenticator length check
rxgk_verify_response() decodes auth_len from the packet and is supposed
to verify that it fits in the remaining bytes. The existing check is
inverted, so oversized RESPONSE authenticators are accepted and passed
to rxgk_decrypt_skb(), which can later reach skb_to_sgvec() with an
impossible length and hit BUG_ON(len).ℹ️ Additional info on ZEN SecDB https://secdb.nttzen.cloud/cve/detail/CVE-2026-31635
#nttdata #zen #secdb #infosec
#dirtydecrypt #dirtycbc #linux #kernel #lpe # cve202631635 -
I'm starting to wonder if this steady drip-drip of #LPE vulnerability releases isn't a kind of Denial-of-Sysadmin attack, in which people get so exhausted from mitigating yesterday's LPE only to find a new one today that they basically start to run out of spoons and leave their systems vulnerable. #sysadmin
-
I'm starting to wonder if this steady drip-drip of #LPE vulnerability releases isn't a kind of Denial-of-Sysadmin attack, in which people get so exhausted from mitigating yesterday's LPE only to find a new one today that they basically start to run out of spoons and leave their systems vulnerable. #sysadmin
-
I'm starting to wonder if this steady drip-drip of #LPE vulnerability releases isn't a kind of Denial-of-Sysadmin attack, in which people get so exhausted from mitigating yesterday's LPE only to find a new one today that they basically start to run out of spoons and leave their systems vulnerable. #sysadmin
-
I'm starting to wonder if this steady drip-drip of #LPE vulnerability releases isn't a kind of Denial-of-Sysadmin attack, in which people get so exhausted from mitigating yesterday's LPE only to find a new one today that they basically start to run out of spoons and leave their systems vulnerable. #sysadmin
-
I'm starting to wonder if this steady drip-drip of #LPE vulnerability releases isn't a kind of Denial-of-Sysadmin attack, in which people get so exhausted from mitigating yesterday's LPE only to find a new one today that they basically start to run out of spoons and leave their systems vulnerable. #sysadmin
-
A fresh one
https://github.com/v12-security/pocs/tree/09e835b587bf71249775654061ae4c79e92cf430/pintheft
No major distro is currently default-exposed to this PoC as written:
- anything on a kernel below 6.13 (Debian 13, Ubuntu LTS) lacks the required primitive
- enterprise distros (RHEL/Alma/Rocky) strip RDS entirely -
A fresh one
https://github.com/v12-security/pocs/tree/09e835b587bf71249775654061ae4c79e92cf430/pintheft
No major distro is currently default-exposed to this PoC as written:
- anything on a kernel below 6.13 (Debian 13, Ubuntu LTS) lacks the required primitive
- enterprise distros (RHEL/Alma/Rocky) strip RDS entirely -
A fresh one
https://github.com/v12-security/pocs/tree/09e835b587bf71249775654061ae4c79e92cf430/pintheft
No major distro is currently default-exposed to this PoC as written:
- anything on a kernel below 6.13 (Debian 13, Ubuntu LTS) lacks the required primitive
- enterprise distros (RHEL/Alma/Rocky) strip RDS entirely -
A fresh one
https://github.com/v12-security/pocs/tree/09e835b587bf71249775654061ae4c79e92cf430/pintheft
No major distro is currently default-exposed to this PoC as written:
- anything on a kernel below 6.13 (Debian 13, Ubuntu LTS) lacks the required primitive
- enterprise distros (RHEL/Alma/Rocky) strip RDS entirely -
A fresh one
https://github.com/v12-security/pocs/tree/09e835b587bf71249775654061ae4c79e92cf430/pintheft
No major distro is currently default-exposed to this PoC as written:
- anything on a kernel below 6.13 (Debian 13, Ubuntu LTS) lacks the required primitive
- enterprise distros (RHEL/Alma/Rocky) strip RDS entirely -
New vulnerability affecting #ArchLinux: https://www.openwall.com/lists/oss-security/2026/05/19/6
Mitigation: rmmod rds_tcp rds; printf 'install rds /bin/false\ninstall rds_tcp /bin/false\n' > /etc/modprobe.d/pintheft.conf
-
New vulnerability affecting #ArchLinux: https://www.openwall.com/lists/oss-security/2026/05/19/6
Mitigation: rmmod rds_tcp rds; printf 'install rds /bin/false\ninstall rds_tcp /bin/false\n' > /etc/modprobe.d/pintheft.conf
-
New vulnerability affecting #ArchLinux: https://www.openwall.com/lists/oss-security/2026/05/19/6
Mitigation: rmmod rds_tcp rds; printf 'install rds /bin/false\ninstall rds_tcp /bin/false\n' > /etc/modprobe.d/pintheft.conf
-
New vulnerability affecting #ArchLinux: https://www.openwall.com/lists/oss-security/2026/05/19/6
Mitigation: rmmod rds_tcp rds; printf 'install rds /bin/false\ninstall rds_tcp /bin/false\n' > /etc/modprobe.d/pintheft.conf
-
New vulnerability affecting #ArchLinux: https://www.openwall.com/lists/oss-security/2026/05/19/6
Mitigation: rmmod rds_tcp rds; printf 'install rds /bin/false\ninstall rds_tcp /bin/false\n' > /etc/modprobe.d/pintheft.conf
-
📰 New 'MiniPlasma' Windows Zero-Day Resurrects Patched Flaw for Full System Control
⚠️ Unpatched Windows zero-day 'MiniPlasma' grants full SYSTEM access! A regression of a 2020 flaw, the PoC exploit works on fully patched Win11 systems. No patch available. #Windows11 #ZeroDay #CyberSecurity #LPE
🌐 cyber[.]netsecops[.]io
-
📰 New 'MiniPlasma' Windows Zero-Day Resurrects Patched Flaw for Full System Control
⚠️ Unpatched Windows zero-day 'MiniPlasma' grants full SYSTEM access! A regression of a 2020 flaw, the PoC exploit works on fully patched Win11 systems. No patch available. #Windows11 #ZeroDay #CyberSecurity #LPE
🌐 cyber[.]netsecops[.]io
-
📰 New 'MiniPlasma' Windows Zero-Day Resurrects Patched Flaw for Full System Control
⚠️ Unpatched Windows zero-day 'MiniPlasma' grants full SYSTEM access! A regression of a 2020 flaw, the PoC exploit works on fully patched Win11 systems. No patch available. #Windows11 #ZeroDay #CyberSecurity #LPE
🌐 cyber[.]netsecops[.]io
-
I am wondering if the slow but steady release of all these LPE (Local Privilege Escalation) bugs is an attempt to exhaust sysadmins teams worldwide and gain an opportunity to exploit despite looking as response disclosure.
Then again why at that point disclose at all and not just keep the zero-day to yourself.
-
I am wondering if the slow but steady release of all these LPE (Local Privilege Escalation) bugs is an attempt to exhaust sysadmins teams worldwide and gain an opportunity to exploit despite looking as response disclosure.
Then again why at that point disclose at all and not just keep the zero-day to yourself.
-
I am wondering if the slow but steady release of all these LPE (Local Privilege Escalation) bugs is an attempt to exhaust sysadmins teams worldwide and gain an opportunity to exploit despite looking as response disclosure.
Then again why at that point disclose at all and not just keep the zero-day to yourself.
-
I am wondering if the slow but steady release of all these LPE (Local Privilege Escalation) bugs is an attempt to exhaust sysadmins teams worldwide and gain an opportunity to exploit despite looking as response disclosure.
Then again why at that point disclose at all and not just keep the zero-day to yourself.
-
A new, unpatched local privilege escalation (LPE) vulnerability impacting the Linux kernel.
Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions.
https://thehackernews.com/2026/05/linux-kernel-dirty-frag-lpe-exploit.html
Well, after reading "Integrated By Design", Vivian Voss's book...
...it's clear why. IMO the book is a must if you are working with #linux
or starting with #bsd #freeBSD #openbsd #ghostbsd -
A new, unpatched local privilege escalation (LPE) vulnerability impacting the Linux kernel.
Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions.
https://thehackernews.com/2026/05/linux-kernel-dirty-frag-lpe-exploit.html
Well, after reading "Integrated By Design", Vivian Voss's book...
...it's clear why. IMO the book is a must if you are working with #linux
or starting with #bsd #freeBSD #openbsd #ghostbsd -
A new, unpatched local privilege escalation (LPE) vulnerability impacting the Linux kernel.
Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions.
https://thehackernews.com/2026/05/linux-kernel-dirty-frag-lpe-exploit.html
Well, after reading "Integrated By Design", Vivian Voss's book...
...it's clear why. IMO the book is a must if you are working with #linux
or starting with #bsd #freeBSD #openbsd #ghostbsd -
A new, unpatched local privilege escalation (LPE) vulnerability impacting the Linux kernel.
Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions.
https://thehackernews.com/2026/05/linux-kernel-dirty-frag-lpe-exploit.html
Well, after reading "Integrated By Design", Vivian Voss's book...
...it's clear why. IMO the book is a must if you are working with #linux
or starting with #bsd #freeBSD #openbsd #ghostbsd