{"id":238602,"date":"2026-06-09T02:38:03","date_gmt":"2026-06-09T07:38:03","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2026\/06\/one-character-linux-kernel-flaw-enables-local-root-access-exploits-now-public"},"modified":"2026-06-09T02:38:03","modified_gmt":"2026-06-09T07:38:03","slug":"one-character-linux-kernel-flaw-enables-local-root-access-exploits-now-public","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2026\/06\/one-character-linux-kernel-flaw-enables-local-root-access-exploits-now-public","title":{"rendered":"One-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now Public"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/one-character-linux-kernel-flaw-enables-local-root-access-exploits-now-public.jpg\"><\/a><\/p>\n<p>FuzzingLabs reproduced the bug on RHEL 10 ahead of Pwn2Own Berlin 2026, building its own root exploit by a different route. The timeline is tight: the fix shipped February 5, FuzzingLabs published April 16, and Exodus\u2019s detailed write-up landed June 8.<\/p>\n<p>The technique is now documented across Debian, Ubuntu, and Red Hat. Because the bug is in the mainline, any distribution that shipped a vulnerable kernel with both features enabled is exposed, unless a distribution\u2019s hardening or namespace restrictions block the path.<\/p>\n<p>CVE-2026\u201323111 lands in the middle of a heavy run of Linux local-root disclosures. Recent weeks have brought <a href=\"https:\/\/thehackernews.com\/2026\/04\/new-linux-copy-fail-vulnerability.html\">Copy Fail<\/a>, the <a href=\"https:\/\/thehackernews.com\/2026\/05\/linux-kernel-dirty-frag-lpe-exploit.html\">Dirty Frag<\/a> chain, its <a href=\"https:\/\/thehackernews.com\/2026\/05\/new-fragnesia-linux-kernel-lpe-grants.html\">Fragnesia<\/a> variant, <a href=\"https:\/\/thehackernews.com\/2026\/05\/dirtydecrypt-poc-released-for-linux.html\">DirtyDecrypt<\/a>, and a <a href=\"https:\/\/thehackernews.com\/2026\/05\/9-year-old-linux-kernel-flaw-enables.html\">nine-year-old ptrace flaw<\/a> that reads \/etc\/shadow and runs commands as root.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>FuzzingLabs reproduced the bug on RHEL 10 ahead of Pwn2Own Berlin 2026, building its own root exploit by a different route. The timeline is tight: the fix shipped February 5, FuzzingLabs published April 16, and Exodus\u2019s detailed write-up landed June 8. The technique is now documented across Debian, Ubuntu, and Red Hat. Because the bug [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1523],"tags":[],"class_list":["post-238602","post","type-post","status-publish","format-standard","hentry","category-computing"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/238602","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=238602"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/238602\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=238602"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=238602"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=238602"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}