High-severity vulnerability in Linux caused by a single errant character

<p>Researchers have analyzed a high-severity vulnerability in Linux that’s able to escalate untrusted users to root by exploiting a bug you don't often see: a single errant character inside the kernel.</p> <p>The vulnerability, tracked as <a href="https://nvd.nist.gov/vuln/detail/CVE-2026-23111">CVE-2026-23111</a>, is located in nf_tables, a subsystem of the Linux kernel that provides packet filtering capabilities. It’s used to manage firewall rules and replaces older subsystems such as iptables, ip6tables, arptables, and ebtables.</p> <h2>!!!WTF!!!</h2> <p>The presence of a single mis-issued exclamation point in code implementing nf_tables introduced a use-after-free, a class of vulnerability that corrupts memory by placing malicious code at memory addresses that haven’t been properly freed of their previous contents. CVE-2026-23111 can be exploited by an unprivileged user or process to elevate system rights to root.</p><p><a href="https://arstechnica.com/security/2026/06/a-single-errant-character-in-the-linux-kernel-allows-attacker-to-gain-root/">Read full article</a></p> <p><a href="https://arstechnica.com/security/2026/06/a-single-errant-character-in-the-linux-kernel-allows-attacker-to-gain-root/#comments">Comments</a></p> Reference : https://ift.tt/wmiASWa