* . *
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Thursday, July 9, 2026
Earth-News
  • Home
  • Business
  • Entertainment

    Annex Theatre Collective: Unearthing Onstage Treasures for Over 40 Years

    From Michelle Obama To Cardi B, Keke & Brandy & Monica, This Is Your Guide To Celebs At Essence Fest – Refinery29

    Rogers agrees to take 100% ownership of Maple Leaf Sports & Entertainment – Field Level Media

    Minions & Monsters: A Witty Comedy That Playfully Dives into Movie History

    Transforming Saint Paul’s Entertainment Complex into a Thriving Hub for the Future

    Get Ready for an Unforgettable Live Entertainment Lineup at Struthers’ Big Boy Train Celebration!

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology

    QuantumDiamonds Raises €91 Million to Transform Quantum Chip Inspection Technology

    Why Micron Technology (MU) Is the AI Stock Everyone’s Talking About, Backed by Billionaire Jeffrey Talpins

    OPM’s HR Systems Award Sparks Fresh Wave of Protests

    Persol Cross Technology Lands Major Digital Talent Deal

    How GetSetUp Classes Transformed Seniors’ Tech Skills, Medicare Knowledge, and Social Lives

    Who owns Micron Technology? A look at its top investors – Yahoo Finance

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
  • Home
  • Business
  • Entertainment

    Annex Theatre Collective: Unearthing Onstage Treasures for Over 40 Years

    From Michelle Obama To Cardi B, Keke & Brandy & Monica, This Is Your Guide To Celebs At Essence Fest – Refinery29

    Rogers agrees to take 100% ownership of Maple Leaf Sports & Entertainment – Field Level Media

    Minions & Monsters: A Witty Comedy That Playfully Dives into Movie History

    Transforming Saint Paul’s Entertainment Complex into a Thriving Hub for the Future

    Get Ready for an Unforgettable Live Entertainment Lineup at Struthers’ Big Boy Train Celebration!

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology

    QuantumDiamonds Raises €91 Million to Transform Quantum Chip Inspection Technology

    Why Micron Technology (MU) Is the AI Stock Everyone’s Talking About, Backed by Billionaire Jeffrey Talpins

    OPM’s HR Systems Award Sparks Fresh Wave of Protests

    Persol Cross Technology Lands Major Digital Talent Deal

    How GetSetUp Classes Transformed Seniors’ Tech Skills, Medicare Knowledge, and Social Lives

    Who owns Micron Technology? A look at its top investors – Yahoo Finance

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
Earth-News
No Result
View All Result
Home Technology

Easy-to-use make-me-root exploit lands for recent Linux kernels. Get patching

March 30, 2024
in Technology
Easy-to-use make-me-root exploit lands for recent Linux kernels. Get patching
Share on FacebookShare on Twitter

A Linux privilege-escalation proof-of-concept exploit has been published that, according to the bug hunter who developed it, typically works effortlessly on kernel versions between at least 5.14 and 6.6.14. 

Running the exploit as a normal user on a vulnerable machine will grant you root access to the box, allowing you to do whatever you want on it. This can be used by rogue insiders or malware already on a computer to cause further damage and problems.

This affects Debian, Ubuntu, Red Hat, Fedora, and no doubt other Linux distributions. The flaw finder, known by the handle Notselwyn, issued a highly detailed technical report of the bug this week, and said their exploit had a success rate of 99.4 percent on kernel 6.4.16, for instance.

The vulnerability is tracked as CVE-2024-1086. It is rated 7.8 out of 10 in terms of CVSS severity. It was patched at the end of January, updates have been rolling out since then, and if you haven’t yet upgraded your vulnerable kernel and local privilege escalation (LPE) is a concern, take a closer look at this thing.

“Never had I ever gotten so much joy developing a project, specifically when dropping the first root shell with the bug,” Notselwyn enthused.

The flaw is a double-free bug in the Linux kernel’s netfilter component involving nf_tables. As the US National Vulnerability Database explained:

All of that can lead to a crash or arbitrary code execution in the kernel upon exploitation. Before heading out for the Easter weekend we’d suggest patching first, again if LPE is a critical issue for you, so the only headache that greets you on Monday morning is pain from too much chocolate.

JetBrains keeps mum on 26 ‘security problems’ fixed after Rapid7 spat

Nvidia’s newborn ChatRTX bot patched for security bugs

These 17,000 unpatched Microsoft Exchange servers are a ticking time bomb

‘Thousands’ of businesses at mercy of miscreants thanks to unpatched Ray AI flaw

In their analysis, Notselwyn details the steps needed to drop a universal root shell on nearly all affected Linux kernels using CVE-2024-1086. This includes a particularly interesting method that builds on an earlier Linux kernel universal exploit technique, dubbed Dirty Pagetable, that involves abusing heap-based bugs to manipulate page tables to gain unauthorized control over a system’s memory and thus operation.

The latest method has been called Dirty Pagedirectory, and Notselwyn says it allows unlimited, stable read/write access to all memory pages in a Linux system, which would give an attacker full control over the box: 

Notselwyn has also shared the source code to an exploit PoC, which is “trivial” to run.

Exploiting the bug requires that the unprivileged-user namespaces option be set to access nf_tables, which is enabled by default on Debian, Ubuntu, and other major distributions. An attacker would then need to trigger a double-free, scan the physical memory for the kernel base address, bypassing KASLR, and then access the modprobe_path kernel variable with read/write privileges.

After overwriting the modprobe_path, the exploit starts a root shell, and then it’s game over. ®

>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : The Register – https://go.theregister.com/feed/www.theregister.com/2024/03/29/linux_kernel_flaw/

Tags: Easy-to-usemake-me-roottechnology
Previous Post

IPL 2024: Why Nicholas Pooran Replaced KL Rahul At Toss For LSG vs PBKS Clash?

Next Post

Malicious SSH backdoor sneaks into xz, Linux world’s data compression library

Beavers Flourish as Key Ecosystem Engineers in Pacific Northwest Tidal Wetlands

July 9, 2026

WHRO Writers Contest Winner Goes on to Win at National Science Competition – WHRO

July 9, 2026

Scientists Build Near-Living Cell from Scratch, Unlocking Secrets of Life’s Origins

July 9, 2026

UHC Unveils Exciting New Lifestyle Spending Accounts for Employer Plans

July 9, 2026

What to know about the World Cup quarterfinals: Remaining teams, schedules and past finishes – ABC News – Breaking News, Latest News and Videos

July 9, 2026

Why Are Half a Million Russians on the Brink of Bankruptcy Amid the Ukraine War?

July 9, 2026

Annex Theatre Collective: Unearthing Onstage Treasures for Over 40 Years

July 9, 2026

SensorFM: Revolutionizing General Intelligence with Seamless Wearable Health Interfaces

July 9, 2026

Indiana Takes a Stand: Putting Kids’ Nutrition Above Politics

July 9, 2026

QuantumDiamonds Raises €91 Million to Transform Quantum Chip Inspection Technology

July 9, 2026

Categories

Archives

July 2026
M T W T F S S
 12345
6789101112
13141516171819
20212223242526
2728293031  
« Jun    
Earth-News.info

The Earth News is an independent English-language daily published Website from all around the World News

Browse by Category

  • Business (20,132)
  • Ecology (1,306)
  • Economy (1,326)
  • Entertainment (22,203)
  • General (22,542)
  • Health (10,361)
  • Lifestyle (1,340)
  • News (22,149)
  • People (1,331)
  • Politics (1,348)
  • Science (16,541)
  • Sports (21,826)
  • Technology (16,312)
  • World (1,320)

Recent News

Beavers Flourish as Key Ecosystem Engineers in Pacific Northwest Tidal Wetlands

July 9, 2026

WHRO Writers Contest Winner Goes on to Win at National Science Competition – WHRO

July 9, 2026
  • About
  • Advertise
  • Privacy & Policy
  • Contact

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

Go to mobile version