home.social

#privilegeescalation — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #privilegeescalation, aggregated by home.social.

  1. github.com/ghostwriter @[email protected] ·

    Patch immediately before public exploits emerge.

    drupal.org/sa-core-2026-004

    Affected:

    - 8.9.0 , < 10.4.10
    - 10.5.0 , < 10.5.10
    - 10.6.0 , < 10.6.9
    - 11.0.0 , < 11.1.10
    - 11.2.0 , < 11.2.12
    - 11.3.0 , < 11.3.10

    CVE-2026-9082 - Highly critical - SQL Injection
    CVE-2026-8495 - Missing Authorization
    CVE-2026-8493 - XSS
    CVE-2026-8492
    CVE-2026-8491

    #Drupal #PHP #CyberSecurity #Infosec #CVE #WebSecurity #PostgreSQL #SqlInjection #PrivilegeEscalation #XSS

    #drupal #php #cybersecurity #infosec #cve #websecurity
  2. github.com/ghostwriter @[email protected] ·

    Patch immediately before public exploits emerge.

    drupal.org/sa-core-2026-004

    Affected:

    - 8.9.0 , < 10.4.10
    - 10.5.0 , < 10.5.10
    - 10.6.0 , < 10.6.9
    - 11.0.0 , < 11.1.10
    - 11.2.0 , < 11.2.12
    - 11.3.0 , < 11.3.10

    CVE-2026-9082 - Highly critical - SQL Injection
    CVE-2026-8495 - Missing Authorization
    CVE-2026-8493 - XSS
    CVE-2026-8492
    CVE-2026-8491

    #Drupal #PHP #CyberSecurity #Infosec #CVE #WebSecurity #PostgreSQL #SqlInjection #PrivilegeEscalation #XSS

    #drupal #php #cybersecurity #infosec #cve #websecurity
  3. github.com/ghostwriter @[email protected] ·

    Patch immediately before public exploits emerge.

    drupal.org/sa-core-2026-004

    Affected:

    - 8.9.0 , < 10.4.10
    - 10.5.0 , < 10.5.10
    - 10.6.0 , < 10.6.9
    - 11.0.0 , < 11.1.10
    - 11.2.0 , < 11.2.12
    - 11.3.0 , < 11.3.10

    CVE-2026-9082 - Highly critical - SQL Injection
    CVE-2026-8495 - Missing Authorization
    CVE-2026-8493 - XSS
    CVE-2026-8492
    CVE-2026-8491

    #Drupal #PHP #CyberSecurity #Infosec #CVE #WebSecurity #PostgreSQL #SqlInjection #PrivilegeEscalation #XSS

    #xss #privilegeescalation #sqlinjection #postgresql #websecurity #cve
  4. github.com/ghostwriter @[email protected] ·

    Patch immediately before public exploits emerge.

    drupal.org/sa-core-2026-004

    Affected:

    - 8.9.0 , < 10.4.10
    - 10.5.0 , < 10.5.10
    - 10.6.0 , < 10.6.9
    - 11.0.0 , < 11.1.10
    - 11.2.0 , < 11.2.12
    - 11.3.0 , < 11.3.10

    CVE-2026-9082 - Highly critical - SQL Injection
    CVE-2026-8495 - Missing Authorization
    CVE-2026-8493 - XSS
    CVE-2026-8492
    CVE-2026-8491

    #Drupal #PHP #CyberSecurity #Infosec #CVE #WebSecurity #PostgreSQL #SqlInjection #PrivilegeEscalation #XSS

    #drupal #php #cybersecurity #infosec #cve #websecurity
  5. Tarnkappe.info @[email protected] ·

    📬 MiniPlasma zeigt: Selbst gepatchtes Windows ist angreifbar
    #ITSicherheit #ChaoticEclipse #CVE202017103 #Microsoft #MiniPlasma #Patchmanagement #PrivilegeEscalation #Sicherheitslücke #SYSTEMRechte #Windows11 #WindowsZeroDay sc.tarnkappe.info/9841ba

    #itsicherheit #chaoticeclipse #cve202017103 #microsoft #miniplasma #patchmanagement
  6. Tarnkappe.info @[email protected] ·

    📬 MiniPlasma zeigt: Selbst gepatchtes Windows ist angreifbar
    #ITSicherheit #ChaoticEclipse #CVE202017103 #Microsoft #MiniPlasma #Patchmanagement #PrivilegeEscalation #Sicherheitslücke #SYSTEMRechte #Windows11 #WindowsZeroDay sc.tarnkappe.info/9841ba

    #itsicherheit #chaoticeclipse #cve202017103 #microsoft #miniplasma #patchmanagement
  7. Tarnkappe.info @[email protected] ·

    📬 MiniPlasma zeigt: Selbst gepatchtes Windows ist angreifbar
    #ITSicherheit #ChaoticEclipse #CVE202017103 #Microsoft #MiniPlasma #Patchmanagement #PrivilegeEscalation #Sicherheitslücke #SYSTEMRechte #Windows11 #WindowsZeroDay sc.tarnkappe.info/9841ba

    #itsicherheit #chaoticeclipse #cve202017103 #microsoft #miniplasma #patchmanagement
  8. Tarnkappe.info @[email protected] ·

    📬 MiniPlasma zeigt: Selbst gepatchtes Windows ist angreifbar
    #ITSicherheit #ChaoticEclipse #CVE202017103 #Microsoft #MiniPlasma #Patchmanagement #PrivilegeEscalation #Sicherheitslücke #SYSTEMRechte #Windows11 #WindowsZeroDay sc.tarnkappe.info/9841ba

    #windowszeroday #windows11 #systemrechte #sicherheitslucke #privilegeescalation #patchmanagement
  9. Tarnkappe.info @[email protected] ·

    📬 MiniPlasma zeigt: Selbst gepatchtes Windows ist angreifbar
    #ITSicherheit #ChaoticEclipse #CVE202017103 #Microsoft #MiniPlasma #Patchmanagement #PrivilegeEscalation #Sicherheitslücke #SYSTEMRechte #Windows11 #WindowsZeroDay sc.tarnkappe.info/9841ba

    #itsicherheit #chaoticeclipse #cve202017103 #microsoft #miniplasma #patchmanagement
  10. Krzysztof Kołacz @[email protected] ·

    AI znalazło lukę w macOS – dlaczego Mac nigdy nie będzie tak bezpieczny jak iOS?

    Firma Anthropic i badacze z firmy Calif użyli modelu AI Claude Mythos, żeby znaleźć nową lukę w macOS. Przy okazji Jason Snell z Six Colors tłumaczy, jak Apple od lat zaciska ochronę Maca, nie rezygnując z jego otwartości.

    AI znalazło lukę, zanim zrobili to złoczyńcy

    Jak informuje MacRumors na podstawie „The Wall Street Journal”, badacze z firmy cyberbezpieczeństwa Calif użyli modelu Claude Mythos Preview — najnowszego modelu Anthropic — do odkrycia nowej luki w macOS. Konkretnie: model pomógł napisać kod łączący dwie istniejące podatności systemowe w taki sposób, że powstał z nich exploit klasy privilege escalation, czyli umożliwiający nieuprawnione podwyższenie uprawnień w systemie.

    <p class="font-claude-response-body break-words whitespace-normal leading-1„>Żeby zrozumieć, dlaczego to istotne, trzeba wiedzieć, czym jest Memory Integrity Enforcement (MIE). To opracowany przez Apple sprzętowy system bezpieczeństwa pamięci, zbudowany na bazie specyfikacji Arm Memory Tagging Extension z 2019 roku. W skrócie: każdy blok pamięci otrzymuje tajny znacznik, a hardware weryfikuje, czy każde odwołanie do pamięci zawiera właściwy znacznik. Jeśli nie — aplikacja się zawiesza. Apple rozwijało MIE przez pięć lat i wdrożyło go w iPhone’ach 17 i iPhone Air, a następnie rozszerzyło na MacBooki z M5.

    <p class="font-claude-response-body break-words whitespace-normal leading-1„>Calif obeszło tę ochronę na M5 w pięć dni. Bruce Dang znalazł podatności 25 kwietnia. Dion Blazakis dołączył do zespołu 27 kwietnia. Josh Maine zbudował narzędzia, a 1 maja działający exploit był gotowy. Atak startuje z konta zwykłego użytkownika bez żadnych specjalnych uprawnień, korzysta wyłącznie ze standardowych wywołań systemowych i kończy się uzyskaniem dostępu do powłoki roota — czyli pełnej kontroli nad systemem.

    <p class="font-claude-response-body break-words whitespace-normal leading-1„>Calif zaznacza, że Mythos Preview był kluczowym wsparciem na każdym etapie: szybko zidentyfikował podatności należące do znanych klas błędów, a potem pomagał przez cały proces budowania exploita. Jednocześnie badacze przyznają, że autonomiczne ominięcie MIE wymagało ludzkiej ekspertyzy — AI samo tego nie zrobiłoby. Badacze zastrzegają, że samo AI nie wystarczyłoby — do przeprowadzenia całości konieczna była ich własna ekspercka wiedza. Niemniej przypadek ten potwierdza, że modele językowe mogą skutecznie asystować w znajdowaniu podatności w oprogramowaniu, co jest zarówno dobrą, jak i niepokojącą wiadomością — zależy, kto z tego korzysta.

    Anthropic uruchomiło projekt o nazwie Glasswing, który umożliwia firmom technologicznym, w tym Apple, korzystanie z Claude Mythos Preview do szukania luk bezpieczeństwa w systemach operacyjnych i przeglądarkach. Znaleziona przez Calif podatność dotyczyła jądra systemu — i co ciekawe, w notatkach do aktualizacji macOS 26.5, którą Apple wydało w tym tygodniu, pojawia się wzmianka o naprawionej luce kernelowej z podziękowaniem właśnie dla Calif i Anthropic. The Wall Street Journal jednak sugeruje, że spotkanie Calif z Apple odbyło się dopiero w tym tygodniu i poprawka może jeszcze nie być wdrożona. Apple poinformowało, że analizuje raport firmy Calif.

    Puenta jest jednak wyraźna: mały zespół z dostępem do najlepszego modelu AI jest w stanie w tydzień pokonać zabezpieczenie, które kosztowało Apple lata pracy i prawdopodobnie miliardy dolarów.

    Mac nigdy nie będzie tak bezpieczny jak iOS — i dobrze

    To dobry moment, żeby sięgnąć po opublikowaną tego samego dnia analizę Jasona Snella z Six Colors, która nadaje całej historii szerszy kontekst.

    Snell pisze, że Mac z założenia jest platformą otwartą — możesz na nim uruchomić dowolny kod z dowolnego źródła — i to jest coś, co sprawia, że Mac jest Makiem. Jednocześnie ta otwartość czyni go bardziej podatnym niż iOS, gdzie Apple kontroluje każdy fragment oprogramowania przez podpisywanie kodu, App Store i notaryzację. Od lat Apple prowadzi na macOS swoistą grę w krecika ze złośliwym oprogramowaniem: kiedy jedno wyjście zostaje zablokowane, scammerzy szukają kolejnego.

    Kiedy Apple utrudniło instalowanie nienotaryzowanych aplikacji, scammerzy zaczęli instruować użytkowników, jak ominąć ostrzeżenia. Kiedy Apple utrudniło to do granic możliwości, przenieśli się do Terminala — i właśnie dlatego macOS 26.4 wprowadził ostrzeżenia przy wklejaniu kodu do Terminala, z inteligentnym mechanizmem rozpoznającym, czy użytkownik jest programistą (i wtedy ostrzeżenie jest mniej natrętne), czy zwykłym użytkownikiem (i wtedy blokada jest surowsza). Sprawdzane są też złośliwe skrypty AppleScript.

    Do tego Apple przez ostatnie lata coraz mocniej kryptograficznie podpisuje partycje systemowe, ograniczyło uprawnienia kont administratorskich, wprowadza aktualizacje bezpieczeństwa w tle między normalnymi aktualizacjami systemu i — od macOS 26.4 — obowiązkowo synchronizuje klucze FileVault przez iCloud.

    Snell kończy optymistycznie: jeśli scammerzy zeszli do poziomu nakłaniania użytkowników do wklejania kodu w Terminal, to być może po latach zaciskania śruby Apple sprawiło, że instalowanie złośliwego oprogramowania na Maku stało się po prostu za trudne dla przeciętnego oszusta. I że obietnica złożona przez przedstawiciela Apple na WWDC w 2018 roku — że użytkownicy Maka zawsze będą mogli uruchomić dowolny kod — wciąż jest dotrzymana.

    #Anthropic #Bezpieczeństwo #ClaudeMythos #FileVault #Gatekeeper #JasonSnell #lukaBezpieczeństwa #macOS #macOSTahoe265 #notaryzacja #privilegeEscalation #ProjectGlasswing #SixColors #terminal
    #anthropic #bezpieczenstwo #claudemythos #filevault #gatekeeper #jasonsnell
  11. Analyst207 @[email protected] ·

    Linux Flaw Exposes Systems to Root Privilege Attacks

    A newly discovered Linux kernel vulnerability, dubbed Fragnasia, allows hackers to gain root privileges and take control of your system - and it's been hiding in plain sight in all Linux kernels released before May 13, 2026. This high-severity flaw lets unprivileged attackers write malicious code into read-only files, giving…

    osintsights.com/linux-flaw-exp

    #LinuxKernelVulnerability #Cve202646300 #Fragnesia #EmergingThreats #PrivilegeEscalation

    #linuxkernelvulnerability #cve202646300 #fragnesia #emergingthreats #privilegeescalation
  12. PrivacyDigest @[email protected] ·

    #Fragnesia Made Public As Latest #Linux Local #PrivilegeEscalation #Vulnerability

    A new Linux local privilege escalation flaw called Fragnesia has been disclosed as a Dirty Frag-like vulnerability, allowing arbitrary byte writes into the #kernel page cache of read-only files through a separate ESP/XFRM logic bug.
    #dirtyfrag #security

    linux.slashdot.org/story/26/05

    #security #dirtyfrag #kernel #vulnerability #privilegeescalation #linux
  13. PrivacyDigest @[email protected] ·

    #Fragnesia Made Public As Latest #Linux Local #PrivilegeEscalation #Vulnerability

    A new Linux local privilege escalation flaw called Fragnesia has been disclosed as a Dirty Frag-like vulnerability, allowing arbitrary byte writes into the #kernel page cache of read-only files through a separate ESP/XFRM logic bug.
    #dirtyfrag #security

    linux.slashdot.org/story/26/05

    #security #dirtyfrag #kernel #vulnerability #privilegeescalation #linux
  14. PrivacyDigest @[email protected] ·

    #Fragnesia Made Public As Latest #Linux Local #PrivilegeEscalation #Vulnerability

    A new Linux local privilege escalation flaw called Fragnesia has been disclosed as a Dirty Frag-like vulnerability, allowing arbitrary byte writes into the #kernel page cache of read-only files through a separate ESP/XFRM logic bug.
    #dirtyfrag #security

    linux.slashdot.org/story/26/05

    #security #dirtyfrag #kernel #vulnerability #privilegeescalation #linux
  15. PrivacyDigest @PrivacyDigest ·

    Made Public As Latest Local

    A new Linux local privilege escalation flaw called Fragnesia has been disclosed as a Dirty Frag-like vulnerability, allowing arbitrary byte writes into the page cache of read-only files through a separate ESP/XFRM logic bug.

    linux.slashdot.org/story/26/05

    #security #dirtyfrag #kernel #vulnerability #privilegeescalation #linux
  16. PrivacyDigest @[email protected] ·

    #Fragnesia Made Public As Latest #Linux Local #PrivilegeEscalation #Vulnerability

    A new Linux local privilege escalation flaw called Fragnesia has been disclosed as a Dirty Frag-like vulnerability, allowing arbitrary byte writes into the #kernel page cache of read-only files through a separate ESP/XFRM logic bug.
    #dirtyfrag #security

    linux.slashdot.org/story/26/05

    #security #dirtyfrag #kernel #vulnerability #privilegeescalation #linux
  17. Analyst207 @[email protected] ·

    Linux Defenders Scramble to Outpace Exploit Cycle

    Linux defenders are racing against the clock to outmaneuver exploiters, with one maintainer proposing a temporary "kill switch" to disable vulnerable kernel functions until a proper patch can be developed. This stopgap solution aims to buy crucial time between vulnerability discovery and patch release.

    osintsights.com/linux-defender

    #LinuxKernelExploit #EmergingThreats #Cve202643284 #PrivilegeEscalation #VulnerabilityManagement

    #linuxkernelexploit #emergingthreats #cve202643284 #privilegeescalation #vulnerabilitymanagement
  18. Analyst207 @[email protected] ·

    Linux Defenders Scramble to Outpace Exploit Cycle

    Linux defenders are racing against the clock to outmaneuver exploiters, with one maintainer proposing a temporary "kill switch" to disable vulnerable kernel functions until a proper patch can be developed. This stopgap solution aims to buy crucial time between vulnerability discovery and patch release.

    osintsights.com/linux-defender

    #LinuxKernelExploit #EmergingThreats #Cve202643284 #PrivilegeEscalation #VulnerabilityManagement

    #linuxkernelexploit #emergingthreats #cve202643284 #privilegeescalation #vulnerabilitymanagement
  19. Analyst207 @[email protected] ·

    Attackers Exploit AD CS for Stealthy Privilege Escalation

    Malicious actors are exploiting weaknesses in Active Directory Certificate Services (AD CS) to secretly escalate privileges, often disguising their attacks as routine administrative actions. This stealthy tactic allows them to blend in with normal operations, making it a high-impact threat that's often…

    osintsights.com/attackers-expl

    #ActiveDirectoryCertificateServices #PrivilegeEscalation #Cve202226923 #SocialEngineering #StealthyThreats

    #activedirectorycertificateservices #privilegeescalation #cve202226923 #socialengineering #stealthythreats
  20. Analyst207 @[email protected] ·

    Attackers Exploit AD CS for Stealthy Privilege Escalation

    Malicious actors are exploiting weaknesses in Active Directory Certificate Services (AD CS) to secretly escalate privileges, often disguising their attacks as routine administrative actions. This stealthy tactic allows them to blend in with normal operations, making it a high-impact threat that's often…

    osintsights.com/attackers-expl

    #ActiveDirectoryCertificateServices #PrivilegeEscalation #Cve202226923 #SocialEngineering #StealthyThreats

    #activedirectorycertificateservices #privilegeescalation #cve202226923 #socialengineering #stealthythreats
  21. N-gated Hacker News @[email protected] ·

    🚨 Oh no, not another "all versions" #bug in FreeBSD! 🎉 Apparently, executing a program in your own system is now a privilege escalation 🧙‍♂️✨ Bravo to FreeBSD's stellar security team for fixing a problem that they didn't know existed until Ryan from Calif.io came along to enlighten them. 🙃🔒
    freebsd.org/security/advisorie #FreeBSD #PrivilegeEscalation #SecurityFix #HackerNews #Califio #HackerNews #ngated

    #bug #freebsd #privilegeescalation #securityfix #hackernews #califio
  22. N-gated Hacker News @[email protected] ·

    🚨 Oh no, not another "all versions" #bug in FreeBSD! 🎉 Apparently, executing a program in your own system is now a privilege escalation 🧙‍♂️✨ Bravo to FreeBSD's stellar security team for fixing a problem that they didn't know existed until Ryan from Calif.io came along to enlighten them. 🙃🔒
    freebsd.org/security/advisorie #FreeBSD #PrivilegeEscalation #SecurityFix #HackerNews #Califio #HackerNews #ngated

    #bug #freebsd #privilegeescalation #securityfix #hackernews #califio
  23. N-gated Hacker News @[email protected] ·

    🚨 Oh no, not another "all versions" #bug in FreeBSD! 🎉 Apparently, executing a program in your own system is now a privilege escalation 🧙‍♂️✨ Bravo to FreeBSD's stellar security team for fixing a problem that they didn't know existed until Ryan from Calif.io came along to enlighten them. 🙃🔒
    freebsd.org/security/advisorie #FreeBSD #PrivilegeEscalation #SecurityFix #HackerNews #Califio #HackerNews #ngated

    #bug #freebsd #privilegeescalation #securityfix #hackernews #califio
  24. N-gated Hacker News @[email protected] ·

    🚨 Oh no, not another "all versions" #bug in FreeBSD! 🎉 Apparently, executing a program in your own system is now a privilege escalation 🧙‍♂️✨ Bravo to FreeBSD's stellar security team for fixing a problem that they didn't know existed until Ryan from Calif.io came along to enlighten them. 🙃🔒
    freebsd.org/security/advisorie #FreeBSD #PrivilegeEscalation #SecurityFix #HackerNews #Califio #HackerNews #ngated

    #ngated #califio #hackernews #securityfix #privilegeescalation #freebsd
  25. N-gated Hacker News @[email protected] ·

    🚨 Oh no, not another "all versions" #bug in FreeBSD! 🎉 Apparently, executing a program in your own system is now a privilege escalation 🧙‍♂️✨ Bravo to FreeBSD's stellar security team for fixing a problem that they didn't know existed until Ryan from Calif.io came along to enlighten them. 🙃🔒
    freebsd.org/security/advisorie #FreeBSD #PrivilegeEscalation #SecurityFix #HackerNews #Califio #HackerNews #ngated

    #bug #freebsd #privilegeescalation #securityfix #hackernews #califio
  26. morrolinux @[email protected] ·

    Come funzionano le vulnerabilità di #PrivilegeEscalation #Linux basate su corruzione della Cache? (#CopyFail, #DirtyFrag, #DirtyPipe)

    youtu.be/1rbvUpTI_OY

    #privilegeescalation #linux #copyfail #dirtyfrag #dirtypipe
  27. morrolinux @[email protected] ·

    Come funzionano le vulnerabilità di #PrivilegeEscalation #Linux basate su corruzione della Cache? (#CopyFail, #DirtyFrag, #DirtyPipe)

    youtu.be/1rbvUpTI_OY

    #privilegeescalation #linux #copyfail #dirtyfrag #dirtypipe
  28. morrolinux @[email protected] ·

    Come funzionano le vulnerabilità di #PrivilegeEscalation #Linux basate su corruzione della Cache? (#CopyFail, #DirtyFrag, #DirtyPipe)

    youtu.be/1rbvUpTI_OY

    #privilegeescalation #linux #copyfail #dirtyfrag #dirtypipe
  29. morrolinux @[email protected] ·

    Come funzionano le vulnerabilità di #PrivilegeEscalation #Linux basate su corruzione della Cache? (#CopyFail, #DirtyFrag, #DirtyPipe)

    youtu.be/1rbvUpTI_OY

    #dirtypipe #dirtyfrag #copyfail #linux #privilegeescalation
  30. morrolinux @[email protected] ·

    Come funzionano le vulnerabilità di #PrivilegeEscalation #Linux basate su corruzione della Cache? (#CopyFail, #DirtyFrag, #DirtyPipe)

    youtu.be/1rbvUpTI_OY

    #privilegeescalation #linux #copyfail #dirtyfrag #dirtypipe
  31. Michael J Burgess @[email protected] ·

    Copy Fail Linux Privilege

    Copy Fail is a Linux kernel privilege escalation flaw. Learn who may be affected, why it matters, and how to update safely.

    beitmenotyou.online/copy-fail-

    #copyfail #cve202631431 #debiansecurity #linuxkernelvulnerability #linuxsecurity #linuxupdates
  32. Michael J Burgess @[email protected] ·

    Copy Fail Linux Privilege

    Copy Fail is a Linux kernel privilege escalation flaw. Learn who may be affected, why it matters, and how to update safely.

    beitmenotyou.online/copy-fail-

    #copyfail #cve202631431 #debiansecurity #linuxkernelvulnerability #linuxsecurity #linuxupdates
  33. data0 @[email protected] ·

    And here's another one:
    github.com/0xdeadbeefnetwork/C

    This one is not fixed by f4c50a40, so all current kernels are vulnerable. Looks like mitigation is possible by blocking kernel modules `esp4` + `esp6` here as well (and breaking #IPSec in doing so). Can someone confirm?

    Why is it called "Electric Boogaloo"… is this a #DonaldByrd fan? Were they inspired by this week's @thekalimerashow shows??

    #privilegeescalation #linux #vulnerability #linuxadmin #sysadmin #exploit #copyfail2 #electricboogaloo

    #ipsec #privilegeescalation #linux #vulnerability #linuxadmin #sysadmin
  34. data0 @[email protected] ·

    And here's another one:
    github.com/0xdeadbeefnetwork/C

    This one is not fixed by f4c50a40, so all current kernels are vulnerable. Looks like mitigation is possible by blocking kernel modules `esp4` + `esp6` here as well (and breaking #IPSec in doing so). Can someone confirm?

    Why is it called "Electric Boogaloo"… is this a #DonaldByrd fan? Were they inspired by this week's @thekalimerashow shows??

    #privilegeescalation #linux #vulnerability #linuxadmin #sysadmin #exploit #copyfail2 #electricboogaloo

    #ipsec #privilegeescalation #linux #vulnerability #linuxadmin #sysadmin
  35. data0 @[email protected] ·

    And here's another one:
    github.com/0xdeadbeefnetwork/C

    This one is not fixed by f4c50a40, so all current kernels are vulnerable. Looks like mitigation is possible by blocking kernel modules `esp4` + `esp6` here as well (and breaking #IPSec in doing so). Can someone confirm?

    Why is it called "Electric Boogaloo"… is this a #DonaldByrd fan? Were they inspired by this week's @thekalimerashow shows??

    #privilegeescalation #linux #vulnerability #linuxadmin #sysadmin #exploit #copyfail2 #electricboogaloo

    #ipsec #privilegeescalation #linux #vulnerability #linuxadmin #sysadmin
  36. data0 @[email protected] ·

    And here's another one:
    github.com/0xdeadbeefnetwork/C

    This one is not fixed by f4c50a40, so all current kernels are vulnerable. Looks like mitigation is possible by blocking kernel modules `esp4` + `esp6` here as well (and breaking #IPSec in doing so). Can someone confirm?

    Why is it called "Electric Boogaloo"… is this a #DonaldByrd fan? Were they inspired by this week's @thekalimerashow shows??

    #privilegeescalation #linux #vulnerability #linuxadmin #sysadmin #exploit #copyfail2 #electricboogaloo

    #donaldbyrd #electricboogaloo #copyfail2 #exploit #sysadmin #linuxadmin
  37. data0 @[email protected] ·

    And here's another one:
    github.com/0xdeadbeefnetwork/C

    This one is not fixed by f4c50a40, so all current kernels are vulnerable. Looks like mitigation is possible by blocking kernel modules `esp4` + `esp6` here as well (and breaking #IPSec in doing so). Can someone confirm?

    Why is it called "Electric Boogaloo"… is this a #DonaldByrd fan? Were they inspired by this week's @thekalimerashow shows??

    #privilegeescalation #linux #vulnerability #linuxadmin #sysadmin #exploit #copyfail2 #electricboogaloo

    #ipsec #privilegeescalation #linux #vulnerability #linuxadmin #sysadmin
  38. data0 @[email protected] ·

    Here we go again :-/ Another deterministic #privilegeescalation bug in the #Linux kernel. Make sure you're using at least the following version of your branch to mitigate against #dirtyfrag:

    - 7.0.5
    - 6.18.28
    - 6.12.87
    - 6.6.138
    - 6.1.171
    - 5.15.205
    - 5.10.255

    6.19 is eol, so it probably won't get patched. Remove and blocklist the following modules if you have to use an unpatched kernel: esp4 esp6 rxrpc

    See github.com/V4bel/dirtyfrag/blo for more info.

    #vulnerability #linuxadmin #sysadmin #exploit

    #privilegeescalation #linux #dirtyfrag #vulnerability #linuxadmin #sysadmin
  39. data0 @[email protected] ·

    Here we go again :-/ Another deterministic #privilegeescalation bug in the #Linux kernel. Make sure you're using at least the following version of your branch to mitigate against #dirtyfrag:

    - 7.0.5
    - 6.18.28
    - 6.12.87
    - 6.6.138
    - 6.1.171
    - 5.15.205
    - 5.10.255

    6.19 is eol, so it probably won't get patched. Remove and blocklist the following modules if you have to use an unpatched kernel: esp4 esp6 rxrpc

    See github.com/V4bel/dirtyfrag/blo for more info.

    #vulnerability #linuxadmin #sysadmin #exploit

    #privilegeescalation #linux #dirtyfrag #vulnerability #linuxadmin #sysadmin
  40. data0 @[email protected] ·

    Here we go again :-/ Another deterministic #privilegeescalation bug in the #Linux kernel. Make sure you're using at least the following version of your branch to mitigate against #dirtyfrag:

    - 7.0.5
    - 6.18.28
    - 6.12.87
    - 6.6.138
    - 6.1.171
    - 5.15.205
    - 5.10.255

    6.19 is eol, so it probably won't get patched. Remove and blocklist the following modules if you have to use an unpatched kernel: esp4 esp6 rxrpc

    See github.com/V4bel/dirtyfrag/blo for more info.

    #vulnerability #linuxadmin #sysadmin #exploit

    #privilegeescalation #linux #dirtyfrag #vulnerability #linuxadmin #sysadmin
  41. data0 @[email protected] ·

    Here we go again :-/ Another deterministic #privilegeescalation bug in the #Linux kernel. Make sure you're using at least the following version of your branch to mitigate against #dirtyfrag:

    - 7.0.5
    - 6.18.28
    - 6.12.87
    - 6.6.138
    - 6.1.171
    - 5.15.205
    - 5.10.255

    6.19 is eol, so it probably won't get patched. Remove and blocklist the following modules if you have to use an unpatched kernel: esp4 esp6 rxrpc

    See github.com/V4bel/dirtyfrag/blo for more info.

    #vulnerability #linuxadmin #sysadmin #exploit

    #exploit #sysadmin #linuxadmin #vulnerability #dirtyfrag #linux
  42. data0 @[email protected] ·

    Here we go again :-/ Another deterministic #privilegeescalation bug in the #Linux kernel. Make sure you're using at least the following version of your branch to mitigate against #dirtyfrag:

    - 7.0.5
    - 6.18.28
    - 6.12.87
    - 6.6.138
    - 6.1.171
    - 5.15.205
    - 5.10.255

    6.19 is eol, so it probably won't get patched. Remove and blocklist the following modules if you have to use an unpatched kernel: esp4 esp6 rxrpc

    See github.com/V4bel/dirtyfrag/blo for more info.

    #vulnerability #linuxadmin #sysadmin #exploit

    #privilegeescalation #linux #dirtyfrag #vulnerability #linuxadmin #sysadmin
  43. Tomas Ekeli @[email protected] ·

    Ah, here we go again

    github.com/V4bel/dirtyfrag/blob/master/assets/write-up.md

    #DirtyFrag #Linux #Kernel #Security #PrivilegeEscalation #bug

    #dirtyfrag #linux #kernel #security #privilegeescalation #bug
  44. Tomas Ekeli @[email protected] ·

    Ah, here we go again

    github.com/V4bel/dirtyfrag/blob/master/assets/write-up.md

    #DirtyFrag #Linux #Kernel #Security #PrivilegeEscalation #bug

    #dirtyfrag #linux #kernel #security #privilegeescalation #bug
  45. Tomas Ekeli @[email protected] ·

    Ah, here we go again

    github.com/V4bel/dirtyfrag/blob/master/assets/write-up.md

    #DirtyFrag #Linux #Kernel #Security #PrivilegeEscalation #bug

    #dirtyfrag #linux #kernel #security #privilegeescalation #bug
  46. Tomas Ekeli @[email protected] ·

    Ah, here we go again

    github.com/V4bel/dirtyfrag/blob/master/assets/write-up.md

    #DirtyFrag #Linux #Kernel #Security #PrivilegeEscalation #bug

    #bug #privilegeescalation #security #kernel #linux #dirtyfrag
  47. Tomas Ekeli @[email protected] ·

    Ah, here we go again

    github.com/V4bel/dirtyfrag/blob/master/assets/write-up.md

    #DirtyFrag #Linux #Kernel #Security #PrivilegeEscalation #bug

    #dirtyfrag #linux #kernel #security #privilegeescalation #bug
  48. Alexandra Beekers 🏳️‍🌈🌍 @[email protected] ·

    #DirtyFrag — No Patch, No Warning — Root Access on Every Major #Linux distro.
    #cybersecurity #vulnerability #PrivilegeEscalation
    cyberkendra.com/2026/05/dirty-

    #dirtyfrag #linux #cybersecurity #vulnerability #privilegeescalation
  49. Alexandra Beekers 🏳️‍🌈🌍 @[email protected] ·

    #DirtyFrag — No Patch, No Warning — Root Access on Every Major #Linux distro.
    #cybersecurity #vulnerability #PrivilegeEscalation
    cyberkendra.com/2026/05/dirty-

    #dirtyfrag #linux #cybersecurity #vulnerability #privilegeescalation
  50. Alexandra Beekers 🏳️‍🌈🌍 @[email protected] ·

    #DirtyFrag — No Patch, No Warning — Root Access on Every Major #Linux distro.
    #cybersecurity #vulnerability #PrivilegeEscalation
    cyberkendra.com/2026/05/dirty-

    #privilegeescalation #vulnerability #cybersecurity #linux #dirtyfrag