TECH NEWS

High-severity vulnerability in Linux caused by a single errant character

When a verdict map is deleted from memory, catchall elements are deactivated and a chain’s reference counter is decremented. When errors occur the deletion can be reversed and the counter incremented. CVE-2026-53111 allows for that process to be altered. As a result, the exploit can decrement the variable an arbitrary number of times and then delete and free the chain when some objects still point to it.

“In this blog post, we have seen how one incorrect exclamation mark introduced a use-after-free vulnerability which can be exploited by an unprivileged user on Debian and Ubuntu to escalate privileges to root,” researchers from security firm Exodus Intelligence wrote Monday. “Although the exploit triggers the use-after-free vulnerability multiple times to leak the kernel base address, leak heap addresses, and hijack the control flow, the stability tests resulted in a stability of >99% on an idle system.”

The vulnerability was fixedin...

Copyright of this story solely belongs to arstechnica.com. To see the full text click HERE

High-severity vulnerability in Linux caused by a single errant character

Read more

Scale Robot Reinforcement Learning with NVIDIA Isaac Lab on Amazon SageMaker AI | Amazon Web Services

Two Russian APT groups are exploiting a WinRAR flaw patched nearly a year ago to hit Ukraine

Rem3dy Health raises £14M at £84M valuation to take 3D-printed personalised vitamins global

Apple says 79% of all iPhones and 86% of iPhones released in the last four years were running iOS 26 as of June 7, vs. 82% and 88% for iOS 18 before WWDC 2025