home.social

#lpe — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #lpe, aggregated by home.social.

  1. 📰 New 'MiniPlasma' Windows Zero-Day Resurrects Patched Flaw for Full System Control

    ⚠️ Unpatched Windows zero-day 'MiniPlasma' grants full SYSTEM access! A regression of a 2020 flaw, the PoC exploit works on fully patched Win11 systems. No patch available. #Windows11 #ZeroDay #CyberSecurity #LPE

    🌐 cyber[.]netsecops[.]io

    🔗 cyber.netsecops.io/articles/mi

  2. 📰 New 'MiniPlasma' Windows Zero-Day Resurrects Patched Flaw for Full System Control

    ⚠️ Unpatched Windows zero-day 'MiniPlasma' grants full SYSTEM access! A regression of a 2020 flaw, the PoC exploit works on fully patched Win11 systems. No patch available. #Windows11 #ZeroDay #CyberSecurity #LPE

    🌐 cyber[.]netsecops[.]io

    🔗 cyber.netsecops.io/articles/mi

  3. Anyone remember circa 2008-2010 or so there was a period of a lot of Linux LPEs, e.g. vmsplice, but also mremap and half-nelson/full-nelson?

    It's feeling like that time again...

    #linux #security #lpe

  4. Anyone remember circa 2008-2010 or so there was a period of a lot of Linux LPEs, e.g. vmsplice, but also mremap and half-nelson/full-nelson?

    It's feeling like that time again...

    #linux #security #lpe

  5. Anyone remember circa 2008-2010 or so there was a period of a lot of Linux LPEs, e.g. vmsplice, but also mremap and half-nelson/full-nelson?

    It's feeling like that time again...

    #linux #security #lpe

  6. Anyone remember circa 2008-2010 or so there was a period of a lot of Linux LPEs, e.g. vmsplice, but also mremap and half-nelson/full-nelson?

    It's feeling like that time again...

  7. Anyone remember circa 2008-2010 or so there was a period of a lot of Linux LPEs, e.g. vmsplice, but also mremap and half-nelson/full-nelson?

    It's feeling like that time again...

    #linux #security #lpe

  8. 🚨 CVE-2026-31635 (DirtyDecrypt / DirtyCBC)

    rxrpc: fix oversized RESPONSE authenticator length check

    rxgk_verify_response() decodes auth_len from the packet and is supposed
    to verify that it fits in the remaining bytes. The existing check is
    inverted, so oversized RESPONSE authenticators are accepted and passed
    to rxgk_decrypt_skb(), which can later reach skb_to_sgvec() with an
    impossible length and hit BUG_ON(len).

    ℹ️ Additional info on ZEN SecDB secdb.nttzen.cloud/cve/detail/

    #nttdata #zen #secdb #infosec
    #dirtydecrypt #dirtycbc #linux #kernel #lpe #cve202631635

  9. 🚨 CVE-2026-31635 (DirtyDecrypt / DirtyCBC)

    rxrpc: fix oversized RESPONSE authenticator length check

    rxgk_verify_response() decodes auth_len from the packet and is supposed
    to verify that it fits in the remaining bytes. The existing check is
    inverted, so oversized RESPONSE authenticators are accepted and passed
    to rxgk_decrypt_skb(), which can later reach skb_to_sgvec() with an
    impossible length and hit BUG_ON(len).

    ℹ️ Additional info on ZEN SecDB secdb.nttzen.cloud/cve/detail/

    #nttdata #zen #secdb #infosec
    #dirtydecrypt #dirtycbc #linux #kernel #lpe # cve202631635

  10. I'm starting to wonder if this steady drip-drip of #LPE vulnerability releases isn't a kind of Denial-of-Sysadmin attack, in which people get so exhausted from mitigating yesterday's LPE only to find a new one today that they basically start to run out of spoons and leave their systems vulnerable. #sysadmin

  11. I'm starting to wonder if this steady drip-drip of #LPE vulnerability releases isn't a kind of Denial-of-Sysadmin attack, in which people get so exhausted from mitigating yesterday's LPE only to find a new one today that they basically start to run out of spoons and leave their systems vulnerable. #sysadmin

  12. I'm starting to wonder if this steady drip-drip of #LPE vulnerability releases isn't a kind of Denial-of-Sysadmin attack, in which people get so exhausted from mitigating yesterday's LPE only to find a new one today that they basically start to run out of spoons and leave their systems vulnerable. #sysadmin

  13. I'm starting to wonder if this steady drip-drip of #LPE vulnerability releases isn't a kind of Denial-of-Sysadmin attack, in which people get so exhausted from mitigating yesterday's LPE only to find a new one today that they basically start to run out of spoons and leave their systems vulnerable. #sysadmin

  14. I'm starting to wonder if this steady drip-drip of #LPE vulnerability releases isn't a kind of Denial-of-Sysadmin attack, in which people get so exhausted from mitigating yesterday's LPE only to find a new one today that they basically start to run out of spoons and leave their systems vulnerable. #sysadmin

  15. A fresh one

    github.com/v12-security/pocs/t

    No major distro is currently default-exposed to this PoC as written:
    - anything on a kernel below 6.13 (Debian 13, Ubuntu LTS) lacks the required primitive
    - enterprise distros (RHEL/Alma/Rocky) strip RDS entirely

  16. A fresh one

    github.com/v12-security/pocs/t

    No major distro is currently default-exposed to this PoC as written:
    - anything on a kernel below 6.13 (Debian 13, Ubuntu LTS) lacks the required primitive
    - enterprise distros (RHEL/Alma/Rocky) strip RDS entirely

    #LPE #pintheft

  17. A fresh one

    github.com/v12-security/pocs/t

    No major distro is currently default-exposed to this PoC as written:
    - anything on a kernel below 6.13 (Debian 13, Ubuntu LTS) lacks the required primitive
    - enterprise distros (RHEL/Alma/Rocky) strip RDS entirely

    #LPE #pintheft

  18. A fresh one

    github.com/v12-security/pocs/t

    No major distro is currently default-exposed to this PoC as written:
    - anything on a kernel below 6.13 (Debian 13, Ubuntu LTS) lacks the required primitive
    - enterprise distros (RHEL/Alma/Rocky) strip RDS entirely

    #LPE #pintheft

  19. A fresh one

    github.com/v12-security/pocs/t

    No major distro is currently default-exposed to this PoC as written:
    - anything on a kernel below 6.13 (Debian 13, Ubuntu LTS) lacks the required primitive
    - enterprise distros (RHEL/Alma/Rocky) strip RDS entirely

    #LPE #pintheft

  20. New vulnerability affecting #ArchLinux: openwall.com/lists/oss-securit

    Mitigation: rmmod rds_tcp rds; printf 'install rds /bin/false\ninstall rds_tcp /bin/false\n' > /etc/modprobe.d/pintheft.conf

    #Linux #security #PinTheft #LPE

  21. New vulnerability affecting #ArchLinux: openwall.com/lists/oss-securit

    Mitigation: rmmod rds_tcp rds; printf 'install rds /bin/false\ninstall rds_tcp /bin/false\n' > /etc/modprobe.d/pintheft.conf

    #Linux #security #PinTheft #LPE

  22. New vulnerability affecting #ArchLinux: openwall.com/lists/oss-securit

    Mitigation: rmmod rds_tcp rds; printf 'install rds /bin/false\ninstall rds_tcp /bin/false\n' > /etc/modprobe.d/pintheft.conf

    #Linux #security #PinTheft #LPE

  23. New vulnerability affecting #ArchLinux: openwall.com/lists/oss-securit

    Mitigation: rmmod rds_tcp rds; printf 'install rds /bin/false\ninstall rds_tcp /bin/false\n' > /etc/modprobe.d/pintheft.conf

    #Linux #security #PinTheft #LPE

  24. New vulnerability affecting #ArchLinux: openwall.com/lists/oss-securit

    Mitigation: rmmod rds_tcp rds; printf 'install rds /bin/false\ninstall rds_tcp /bin/false\n' > /etc/modprobe.d/pintheft.conf

    #Linux #security #PinTheft #LPE

  25. 📰 New 'MiniPlasma' Windows Zero-Day Resurrects Patched Flaw for Full System Control

    ⚠️ Unpatched Windows zero-day 'MiniPlasma' grants full SYSTEM access! A regression of a 2020 flaw, the PoC exploit works on fully patched Win11 systems. No patch available. #Windows11 #ZeroDay #CyberSecurity #LPE

    🌐 cyber[.]netsecops[.]io

    🔗 cyber.netsecops.io/articles/mi

  26. 📰 New 'MiniPlasma' Windows Zero-Day Resurrects Patched Flaw for Full System Control

    ⚠️ Unpatched Windows zero-day 'MiniPlasma' grants full SYSTEM access! A regression of a 2020 flaw, the PoC exploit works on fully patched Win11 systems. No patch available. #Windows11 #ZeroDay #CyberSecurity #LPE

    🌐 cyber[.]netsecops[.]io

    🔗 cyber.netsecops.io/articles/mi

  27. 📰 New 'MiniPlasma' Windows Zero-Day Resurrects Patched Flaw for Full System Control

    ⚠️ Unpatched Windows zero-day 'MiniPlasma' grants full SYSTEM access! A regression of a 2020 flaw, the PoC exploit works on fully patched Win11 systems. No patch available. #Windows11 #ZeroDay #CyberSecurity #LPE

    🌐 cyber[.]netsecops[.]io

    🔗 cyber.netsecops.io/articles/mi

  28. I am wondering if the slow but steady release of all these LPE (Local Privilege Escalation) bugs is an attempt to exhaust sysadmins teams worldwide and gain an opportunity to exploit despite looking as response disclosure.

    Then again why at that point disclose at all and not just keep the zero-day to yourself.

  29. I am wondering if the slow but steady release of all these LPE (Local Privilege Escalation) bugs is an attempt to exhaust sysadmins teams worldwide and gain an opportunity to exploit despite looking as response disclosure.

    Then again why at that point disclose at all and not just keep the zero-day to yourself.

    #lpe #linux #security

  30. I am wondering if the slow but steady release of all these LPE (Local Privilege Escalation) bugs is an attempt to exhaust sysadmins teams worldwide and gain an opportunity to exploit despite looking as response disclosure.

    Then again why at that point disclose at all and not just keep the zero-day to yourself.

    #lpe #linux #security

  31. I am wondering if the slow but steady release of all these LPE (Local Privilege Escalation) bugs is an attempt to exhaust sysadmins teams worldwide and gain an opportunity to exploit despite looking as response disclosure.

    Then again why at that point disclose at all and not just keep the zero-day to yourself.

    #lpe #linux #security

  32. And because one or two #LPEs per week is not enough, here's your daily dose of #Linux #LPE. This one goes back to at least kernel 5.10. No real mitigations to apply this time.

    github.com/0xdeadbeefnetwork/s

  33. And because one or two #LPEs per week is not enough, here's your daily dose of #Linux #LPE. This one goes back to at least kernel 5.10. No real mitigations to apply this time.

    github.com/0xdeadbeefnetwork/s

  34. And because one or two #LPEs per week is not enough, here's your daily dose of #Linux #LPE. This one goes back to at least kernel 5.10. No real mitigations to apply this time.

    github.com/0xdeadbeefnetwork/s

  35. And because one or two #LPEs per week is not enough, here's your daily dose of #Linux #LPE. This one goes back to at least kernel 5.10. No real mitigations to apply this time.

    github.com/0xdeadbeefnetwork/s

  36. And because one or two #LPEs per week is not enough, here's your daily dose of #Linux #LPE. This one goes back to at least kernel 5.10. No real mitigations to apply this time.

    github.com/0xdeadbeefnetwork/s

  37. A new, unpatched local privilege escalation (LPE) vulnerability impacting the Linux kernel.

    Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions.

    thehackernews.com/2026/05/linu

    Well, after reading "Integrated By Design", Vivian Voss's book...

    shorturl.at/8v8W0

    ...it's clear why. IMO the book is a must if you are working with #linux
    or starting with #bsd #freeBSD #openbsd #ghostbsd

    #security #vulnerability #hacking #lpe

  38. A new, unpatched local privilege escalation (LPE) vulnerability impacting the Linux kernel.

    Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions.

    thehackernews.com/2026/05/linu

    Well, after reading "Integrated By Design", Vivian Voss's book...

    shorturl.at/8v8W0

    ...it's clear why. IMO the book is a must if you are working with #linux
    or starting with #bsd #freeBSD #openbsd #ghostbsd

    #security #vulnerability #hacking #lpe

  39. A new, unpatched local privilege escalation (LPE) vulnerability impacting the Linux kernel.

    Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions.

    thehackernews.com/2026/05/linu

    Well, after reading "Integrated By Design", Vivian Voss's book...

    shorturl.at/8v8W0

    ...it's clear why. IMO the book is a must if you are working with #linux
    or starting with #bsd #freeBSD #openbsd #ghostbsd

    #security #vulnerability #hacking #lpe

  40. A new, unpatched local privilege escalation (LPE) vulnerability impacting the Linux kernel.

    Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions.

    thehackernews.com/2026/05/linu

    Well, after reading "Integrated By Design", Vivian Voss's book...

    shorturl.at/8v8W0

    ...it's clear why. IMO the book is a must if you are working with #linux
    or starting with #bsd #freeBSD #openbsd #ghostbsd

    #security #vulnerability #hacking #lpe