LINUX Archives - Security Affairs

Pierluigi Paganini July 04, 2025

Critical Sudo bugs expose major Linux distros to local Root exploits

Critical Sudo flaws let local users gain root access on Linux systems, the vulnerabilities affect major Linux distributions. Cybersecurity researchers disclosed two vulnerabilities in the Sudo command-line utility for Linux and Unix-like operating systems. Local attackers can exploit the vulnerabilities to escalate privileges to root on affected systems. Sudo (short for “superuser do”) is a […]

Pierluigi Paganini June 20, 2025

Linux flaws chain allows Root access across major distributions

Researchers discovered two local privilege escalation flaws that could let attackers gain root access on systems running major Linux distributions. Qualys researchers discovered two local privilege escalation (LPE) vulnerabilities, an attacker can exploit them to gain root privileges on machines running major Linux distributions. The two vulnerabilities are: The first flaw (CVE-2025-6018) allows an unprivileged […]

Pierluigi Paganini June 18, 2025

U.S. CISA adds Linux Kernel flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Linux Kernel vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Google Chromium V8 Out-of-Bounds Read and Write Vulnerability, tracked as CVE-2023-0386, to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability, CVE-2023-0386 (CVSS score: 7.8), is an improper ownership vulnerability in the Linux kernel that […]

Pierluigi Paganini May 31, 2025

Two Linux flaws can lead to the disclosure of sensitive data

Qualys warns of two information disclosure flaws in apport and systemd-coredump, the core dump handlers in Ubuntu, Red Hat Enterprise Linux, and Fedora distros. Researchers discovered a vulnerability in Apport (Ubuntu’s core dump handler) and another bug in systemd-coredump, which is used in the default configuration of Red Hat Enterprise Linux 9 and the Fedora distribution. systemd-coredump automatically captures “core […]

Pierluigi Paganini April 28, 2025

PoC rootkit Curing evades traditional Linux detection systems

Researchers created a PoC rootkit called Curing that uses Linux’s io_uring feature to evade traditional system call monitoring. Armo researchers have demonstrated a proof-of-concept (PoC) rootkit named Curing that relies on Linux asynchronous I/O mechanism io_uring to bypass traditional system call monitoring. “Curing is a POC of a rootkit that uses io_uring to perform different tasks without using any syscalls, […]

Pierluigi Paganini April 10, 2025

U.S. CISA adds Linux Kernel flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Linux Kernel flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Linux Kernel flaws, respectively tracked as CVE-2024-53197 and CVE-2024-53150, to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability CVE-2024-53197 (CVSS score of 7.8) resides in the Linux kernel’s ALSA USB-audio driver affecting Extigy […]

Pierluigi Paganini March 17, 2025

Researcher releases free GPU-Based decryptor for Linux Akira ransomware

A researcher released a free decryptor for Linux Akira ransomware, using GPU power to recover keys through brute force. Security researcher Yohanes Nugroho created a free decryptor for Linux Akira ransomware, using GPUs to brute force the decryption keys. Initially estimating a week, the project took three weeks and cost $1,200 in GPU resources due […]

Pierluigi Paganini February 05, 2025

U.S. CISA adds Linux kernel flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Linux kernel vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Linux kernel vulnerability, tracked as CVE-2024-53104, to its Known Exploited Vulnerabilities (KEV) catalog. The February 2025 Android security updates addressed 48 vulnerabilities, the zero-day flaw CVE-2024-53104 which is actively exploited in attacks […]

Pierluigi Paganini December 03, 2024

BootKitty Linux UEFI bootkit spotted exploiting LogoFAIL flaws

The ‘Bootkitty’ Linux UEFI bootkit exploits the LogoFAIL flaws (CVE-2023-40238) to target systems using vulnerable firmware. Cybersecurity researchers from ESET recently discovered the first UEFI bootkit designed to target Linux systems, called by its authors Bootkitty. The bootkit allows attackers to disable the kernel’s signature verification feature and to preload two as yet unknown ELF […]

Pierluigi Paganini November 27, 2024

Bootkitty is the first UEFI Bootkit designed for Linux systems

ESET discovered the first Unified Extensible Firmware Interface (UEFI) bootkit specifically designed for Linux systems, named Bootkitty. Cybersecurity researchers from ESET discovered the first UEFI bootkit designed to target Linux systems, called by its authors Bootkitty. The bootkit allows attackers to disable the kernel’s signature verification feature and to preload two as yet unknown ELF […]

LINUX

Critical Sudo bugs expose major Linux distros to local Root exploits

Linux flaws chain allows Root access across major distributions

U.S. CISA adds Linux Kernel flaw to its Known Exploited Vulnerabilities catalog

Two Linux flaws can lead to the disclosure of sensitive data

PoC rootkit Curing evades traditional Linux detection systems

U.S. CISA adds Linux Kernel flaws to its Known Exploited Vulnerabilities catalog

Researcher releases free GPU-Based decryptor for Linux Akira ransomware

U.S. CISA adds Linux kernel flaw to its Known Exploited Vulnerabilities catalog

BootKitty Linux UEFI bootkit spotted exploiting LogoFAIL flaws

Bootkitty is the first UEFI Bootkit designed for Linux systems

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

U.S. CISA urges FCEB agencies to fix two Microsoft SharePoint flaws immediately and added them to its Known Exploited Vulnerabilities catalog

Sophos fixed two critical Sophos Firewall vulnerabilities

French Authorities confirm XSS.is admin arrested in Ukraine

Microsoft linked attacks on SharePoint flaws to China-nexus actors

Cisco confirms active exploitation of ISE and ISE-PIC flaws

QUICK LINKS

LINUX

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!