One-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now Public
A critical vulnerability in the Linux kernel, identified as CVE-2026-23111, allows unprivileged local users to gain root access and escape containerized environments. This use-after-free flaw resides within the kernel's nf_tables packet-filtering subsystem. The vulnerability was officially patched by the Linux kernel development team on February 5, 2026. Security firm Exodus Intelligence subsequently published a comprehensive technical explanation and a working exploit for the flaw on June 8, 2026. The exploit's public release means that systems not yet updated with the patch are immediately susceptible to compromise. This type of vulnerability is particularly concerning as it can be leveraged by attackers already present on a system with limited privileges to achieve complete control.
Original source — read the full reporting at the publisher:
Read on The Hacker News