news
Kernel News and Security Lapses, Patches
-
University of Toronto ☛ A performance mystery with Linux WireGuard on 10G Ethernet
As a followup on discovering that WireGuard can saturate a 1G Ethernet (on Linux), I set up WireGuard on some slower servers here that have 10G networking. This isn't an ideal test but it's more representative of what we would see with our actual fileservers, since I used spare fileserver hardware. What I got out of it was a performance and CPU usage mystery.
-
Bleeping Computer ☛ New Linux udisks flaw lets attackers get root on major Linux distros
The first flaw (tracked as CVE-2025-6018) was found in the configuration of the Pluggable Authentication Modules (PAM) framework on openSUSE Leap 15 and SUSE Linux Enterprise 15, allowing local attackers to gain the privileges of the "allow_active" user.
-
Hacker News ☛ CISA Warns of Active Exploitation of Linux Kernel Privilege Escalation Vulnerability
The vulnerability, CVE-2023-0386 (CVSS score: 7.8), is an improper ownership bug in the Linux kernel that could be exploited to escalate privileges on susceptible systems. It was patched in early 2023.
-
Hot Hardware ☛ Major Linux Distros Are Exposed To A Root-Level Security Threat, Update ASAP
Linux server administrators, it's time to get your patch on. The boffins at Qualys, a security firm well known for its excellent SSL configuration tester, found a pair of security vulnerabilities that combined can grant any unprivileged user instant root (administrator) access.
The first vulnerability in this situation is the least impactful, but is key to the root-access combo. Security bulletin CVE-2025-6018 describes a misconfiguration in the default settings for the PAM (Pluggable Authentication Module) framework on openSUSE Leap 15 and SUSE Linux Enterprise 15. The issue revolves around the "allow_active" flag being erroneously set and allowing non-local unprivileged users to perform some elevated-privilege actions. In other words, just SSH into the machine, and you'll likely be able to mount/unmount volumes, shutdown and reboot the machine, etc.
-
Help Net Security ☛ Chaining two LPEs to get “root”: Most Linux distros vulnerable (CVE-2025-6018, CVE-2025-6019)
Qualys researchers have unearthed two local privilege escalation vulnerabilities (CVE-2025-6018, CVE-2025-6019) that can be exploited in tandem to achieve root access on most Linux distributions “with minimal effort.”
-
Bleeping Computer ☛ CISA warns of attackers exploiting Linux flaw with PoC exploit
CISA has warned U.S. federal agencies about attackers targeting a high-severity vulnerability in the Linux kernel's OverlayFS subsystem that allows them to gain root privileges.
This local privilege escalation security flaw (CVE-2023-0386) is caused by a Linux kernel improper ownership management weakness and was patched in January 2023 and publicly disclosed two months later.
Multiple proof-of-concept (PoC) exploits were also shared on GitHub starting in May 2023, making exploitation attempts easier to pull off and pushing the vulnerability to the top of Linux admins' patching priority lists.
-
Security Affairs ☛ U.S. CISA adds Linux Kernel flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Linux Kernel vulnerability to its Known Exploited Vulnerabilities catalog.