Linux-Kernel
Bad Epoll (CVE-2026-46242): A Six-Instruction Race in epoll() Roots Linux 6.4+ and Android
A use-after-free race in the Linux epoll subsystem, introduced by a 2023 commit, lets an unprivileged local user gain root with a 99%-reliable exploit — and the same code path may be reachable from Chrome's renderer sandbox on Android.
DirtyClone: Linux Kernel LPE via Cloned sk_buff Gives Any Local User Root (CVE-2026-43503)
JFrog releases a working exploit for DirtyClone, a Linux kernel socket-buffer cloning flaw that silently rewrites in-memory setuid binaries and grants root—with container escape potential on cloud and Kubernetes hosts.
Linux Kernel CVE-2026-46331: Pedit COW Traffic-Control Bug Delivers Root Shell, Ubuntu Still Unpatched
A weaponized PoC for CVE-2026-46331 (Pedit COW) corrupts the kernel page cache via act_pedit to drop a root shell; Ubuntu 18.04–26.04 remain unpatched.
DirtyDecrypt (CVE-2026-31635): Public PoC Roots Fedora, Arch, and openSUSE via the Kernel's RxGK Path
A released proof-of-concept weaponizes CVE-2026-31635, a missing copy-on-write guard in the Linux kernel's RxGK receive path, for local root on Fedora, Arch, and openSUSE Tumbleweed — and pod escape on affected worker nodes.
ssh-keysign-pwn (CVE-2026-46333): Six-Year-Old Linux Kernel Race Hands Unprivileged Users SSH Host Keys and /etc/shadow
Qualys disclosed a six-year-old logic flaw in __ptrace_may_access that lets any local user race ssh-keysign and chage out of their host keys and shadow file. Public PoC works out of the box on Debian, Ubuntu, Arch, and the EL9/EL10 families. Patch or set kernel.yama.ptrace_scope=2 now.
Dirty Frag: Chained Linux Kernel Bugs Hand Out Root, One Half Still Unpatched
Dirty Frag chains an xfrm-ESP page-cache write (CVE-2026-43284) with an unpatched RxRPC page-cache write (CVE-2026-43500) for reliable root on most Linux distros. Embargo blew up early — public PoC is out, RxRPC fix is not.
Copy Fail (CVE-2026-31431): A 732-Byte Python Script Roots Every Major Linux Distro Since 2017
A nine-year-old logic bug in the kernel's algif_aead crypto interface lets an unprivileged user plant four bytes anywhere in the page cache — including inside a setuid binary's cached pages. Root in seconds, no on-disk artifacts, breaks containers.
CVE-2026-31414: Linux Kernel Netfilter Conntrack Flaw Enables Container Escape Privilege Escalation
A use-after-free in Linux kernel netfilter connection tracking allows local privilege escalation from container workloads — patch your nodes now.
CVE-2026-23442: Remote Kernel Panic via SRv6 NULL Pointer Dereference Threatens IPv6 Infrastructure
A CVSS 8.2 flaw in the Linux kernel's SRv6 implementation lets remote attackers crash systems with crafted IPv6 packets. Patches are out—update now.