Tag
Proof of concept for a Linux local privilege escalation and container/jail escape via an IPv6 fragmentation bug in the kernel, targeting CentOS/RHEL 10.
A single faulty character in the Linux kernel introduced a use-after-free vulnerability (CVE-2026-53111) allowing unprivileged users to escalate privileges to root on Debian and Ubuntu systems; the bug has been fixed and backported.
Hanno Böck discusses recent kernel exploits affecting the ESP (IPSEC) module and suggests disabling IPSEC-related kernel config options to reduce attack surface, highlighting how many unused kernel modules are loaded by default.
YellowKey is a proof-of-concept exploit that bypasses BitLocker encryption on Windows 11 by leveraging a vulnerability in the Windows Recovery Environment, allowing unrestricted access to protected volumes.
CVE-2026-31431 (Copy Fail) is a local privilege escalation vulnerability in the Linux kernel affecting all major distributions since 2017, allowing unprivileged users to gain root shell access through a deterministic 4-byte write to any readable file's page cache via the AF_ALG crypto subsystem.