You gave me a u32. I gave you root. (io_uring ZCRX freelist LPE)
Summary
A local privilege escalation exploit in the Linux kernel's io_uring subsystem via a zero-copy receive freelist bug.
Similar Articles
Dirtyfrag: Universal Linux LPE
A report titled 'Dirty Frag' details a universal Linux Local Privilege Escalation (LPE) vulnerability that allows root access on major distributions by chaining two kernel bugs. The disclosure notes that due to a broken embargo, no patches currently exist for this critical security issue.
CVE-2026-31431: Copy Fail
CVE-2026-31431 (Copy Fail) is a local privilege escalation vulnerability in the Linux kernel affecting all major distributions since 2017, allowing unprivileged users to gain root shell access through a deterministic 4-byte write to any readable file's page cache via the AF_ALG crypto subsystem.
Copy Fail 2: Electric Boogaloo
Copy Fail 2 is a proof-of-concept exploit for an unprivileged Linux Local Privilege Escalation (LPE) vulnerability in the kernel's xfrm subsystem, allowing attackers to gain root access on modern distributions.
Hunting a 34 year old pointer bug in EtherSlip (DOS Networking)
A developer recounts tracking down a 34-year-old NULL-pointer bug in the EtherSlip DOS packet driver using Open Watcom’s heap-corruption sentinel.
Podman rootless containers and the Copy Fail exploit
The article discusses the Copy Fail exploit, a security vulnerability that affects Podman rootless containers.