Another Logic Bug Found in Linux Kernel

Jun 01, 2026

Qualys has discovered a vulnerability in the Linux kernel that can be used to elevate standard user privileges.

The kernel function __ptrace_may_access() has been found to contain a vulnerability that is exploitable via a race condition. The function determines if one process is permitted to inspect another process and uses credential verification, process ancestry, and the "dumpable" flag to make the determination.

Qualys released an advisory that includes four proofs-of-concept (PoCs) that include exploits against chage, ssh-keysign, pkexec, and accounts-daemon that illustrate how the PoCs can be used by unprivileged attackers to read password hashes, steal SSH keys, and run random commands with root privileges. Qualys has also confirmed these PoCs work on Debian 13, Fedora 43 and 44, and Ubuntu 24.04 and 26.04.

It is important to note that Qualys stated in the advisory, "Please note that we have not exhaustively searched for exploitable userland programs (set-uid, set-gid, set-capabilities binaries, and root daemons); we simply remembered the four that we found from past research projects, and other, possibly better, exploitable programs may exist."

The report also points out how even SELinux can be skirted: "On Fedora, SELinux prevents accounts-daemon from starting a transient systemd unit, but we can send a request to another dbus-daemon instead; for example, we can send a request to accounts-daemon itself, to set an administrator's password (SetPassword) of our choice, and then su to this administrator, and then sudo to root."

The good news is that a patch has been issued by the Linux kernel developer team.
 
 

 
 
 

Related content

  • Two Local Privilege Escalation Flaws Discovered in Linux

    Qualys researchers have discovered two local privilege escalation vulnerabilities that allow hackers to gain root privileges on major Linux distributions.

    more »
  • New Linux Vulnerability Enables a Privilege Escalation

    Looney Tunables is a new Linux vulnerability that has been discovered in the GNU C library that can lead to privilege escalation.

    more »
  • News

    In the news: Valve Updates Proton to Greatly Improve Windows Gaming on Linux; New Linux Vulnerability Enables Privilege Escalation; elementary OS 7.1 Available for Download; The GNU Project Celebrates Its 40th Birthday; Linux Kernel Reducing Long-Term Support; Fedora 39 Beta Available for Testing; Fedora Linux 40 to Drop X11 for KDE Plasma; and Real-Time Ubuntu Available in AWS Marketplace.

    more »
  • Decade-Old Sudo Flaw Discovered

    A vulnerability has been discovered in the Linux sudo command that’s been hiding in plain sight.

    more »
  • News

    In the news: Zorin OS 16 Educational Spin Now Available; System76 Releases AMD-Powered Kudu Laptop; Ubuntu Budgie Sets Its Sights on Gamers: Linux Mint Edge Is Ready for the Newest Hardware; Linux Kernel 5.17 Code Merge Window Is Closed; and Another Serious Flaw Found in All Major Linux Distributions.

    more »
comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More

News

Tag Cloud

Administration Community Desktop Events Hardware Linux Mobile Programming Security Software Ubuntu Web Development Windows free software open source