1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Another major Linux security flaw revealed nine-year old issue c

    From TechnologyDaily@1337:1/100 to All on Sat May 23 02:30:25 2026
    Another major Linux security flaw revealed nine-year old issue could spell disaster for users

    Date:
    Sat, 23 May 2026 01:20:00 +0000

    Description:
    There was a way to elevate normal Linux users' privileges to root, granting threat actors admin access.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter Qualys discloses CVE202646333,
    a Linux flaw present since 2016 which lets unprivileged users briefly hijack privileged processes to gain admin access Exploits were confirmed on default installs of Debian, Ubuntu, and Fedora Admins should apply updates
    immediately Security researchers Qualys discovered a major flaw in the Linux operating system (OS) that could let any ordinary user, or malicious actor, gain full admin access on vulnerable endpoints.

    This bug lingered in Linux systems since 2016, and affects the default installations of several major distributions, including Red Hat, SUSE,
    Debian, Fedora, AlmaLinux, CloudLinux, and others. Qualys says attackers
    could use it to view sensitive files or run commands with the highest level
    of system control. Latest Videos From You may like "Copy Fail" flaw impacts all Linux kernels released since 2017 Another major Linux security issue uncovered - new Fragnesia flaw allows attackers to run malicious code as root Another major Linux security flaw revealed 'Dirty Frag' allows root on all major distros, with no patch or fix available yet Working exploits The vulnerability is now tracked as CVE-2026-46333 and has a severity score of 5.5/10 (medium). It works by exploiting a narrow window in which a privileged process dropping its credentials remains reachable.

    When a program with admin-level privileges is in the process of shutting
    down, Linux is supposed to immediately cut off other programs from peeking into it. CVE-2026-46333 means that cut-off happens a fraction of a second too late, allowing normal, unprivileged users to exploit that tiny gap.

    During that window, the attacker can use a feature to grab a copy of the
    dying privileged programs open connections and files before they disappear.

    Qualys built four working exploits demonstrating the practical danger, confirming they work on default installs of Debian 13, Ubuntu 24.04/26.04, Fedora 43, and Fedora 44. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features
    and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

    The researchers reported the flaw privately to the Linux kernel security team on May 11, 2026, and the team came back with a patch three days later, on May 14. Shortly after, an independent exploit derived from the public commit appeared, effectively breaking the embargo and prompting the full advisory release.

    Administrators are advised to apply the kernel update from their distribution immediately. Those that cannot patch immediately should raise kernel.yama.ptrace_scope to 2 to block public exploits.

    Hosts that had untrusted local users during the exposure windows are advised to treat SSH host keys and locally cached credentials as compromised and should rotate them as soon as possible.

    Via The Hacker News The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/another-major-linux-security-flaw-revea led-nine-year-old-issue-could-spell-disaster-for-users


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)