When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works .
The vulnerability resides in the Linux kernel‘s “algif_aead” cryptographic interface and allows unprivileged local users to escalate privileges to root. In practice, this means an attacker with limited access to a system can gain full administrative control.
Security researchers at Theori disclosed the flaw publicly last week, releasing a working proof-of-concept exploit alongside their findings. According to the team, the exploit is “100% reliable” and functions without modification across multiple major Linux distributions, including Ubuntu 24.04 LTS, Amazon Linux 2023, RHEL 10.1, and SUSE 16. That level of portability is unusual and lowers the barrier for attackers seeking to weaponize the bug.
You may like Zero-day exploit instantly grants administrator access on most Linux distributions since 2017 Linux 7.0 launches with enablement for Intel Nova Lake, AMD Zen 6 Anthropic's Model Context Protocol includes a critical remote code execution vulnerability At a technical level, the bug enables attackers to write controlled data into the kernel‘s page cache, a low-level memory structure, ultimately allowing privilege escalation. While the exploit requires local access, it still allows attackers to break out of standard user restrictions and gain full control of the system.
Compounding the risk, a discussion on the Openwall oss-security mailing list suggests that the vulnerability and the working exploit were publicly disclosed without prior coordination with Linux distribution maintainers. In typical responsible disclosure processes, vendors are given advance notice to prepare and distribute patches before technical details are made public.
In this case, however, maintainers indicated that no such heads-up was provided, leaving some distributions without fixes ready at the time of disclosure. One contributor noted that older long-term support kernel branches had yet to receive backported patches, forcing developers to rely on temporary mitigations, including disabling affected cryptographic modules.
The result is a compressed response window in which defenders must scramble to deploy updates while attackers can immediately leverage publicly available exploit code.
Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.
Key considerations
- Investor positioning can change fast
- Volatility remains possible near catalysts
- Macro rates and liquidity can dominate flows
Reference reading
- https://www.tomshardware.com/software/linux/SPONSORED_LINK_URL
- https://www.tomshardware.com/software/linux/cisa-flags-actively-exploited-copy-fail-linux-kernel-flaw-enabling-root-takeover-across-major-distros-unpatched-systems-may-remain-vulnerable-to-attack#main
- https://www.tomshardware.com
- Enthusiast creates Peltier thermoelectric cooler from scratch — impressive rig uses two 360mm AIOs, homemade DC controllers, and a custom loop
- Redditor gambles $20 on a 4TB Temu external HDD — receives a microSD card reader hot-glued inside a plastic box
- Slimline Commodore 64C Ultimate Edition computers go up for pre-order — firm reintroduces the C64’s sleeker 1986-1994 styling across the range
- A suspected YouTube interface bug spikes RAM usage above 7 gigabytes, users report severe lag and frozen tabs — bug might be trapping browsers in an endless lay
- NVIDIA and Google Cloud Collaborate to Advance Agentic and Physical AI
Informational only. No financial advice. Do your own research.