SWAT3d ago

Friday afternoon, yet another exploit. #PinTheft

This one hits the 'rds' and 'rds_tcp' kernel modules: https://github.com/v12-security/pocs/

Mainly (by default) affecting #Arch

GitHub - v12-security/pocs: poc it like it's hot

poc it like it's hot. Contribute to v12-security/pocs development by creating an account on GitHub.

GitHub
sandwurm4d ago

Yay, next Linux vulnerability: CVE-2026-43494
PinTheft.

The Linux kernel fails to reset the op_nents counter when a zerocopy page pinning operation fails. This oversight causes the subsequent cleanup routine to iterate over an incorrect non‑zero count, freeing memory pages that were already released. The resulting double free can lead to kernel memory corruption, which in a privileged environment can be leveraged to run arbitrary code with kernel privileges. The vulnerability is therefore a severe kernel-level bug that, if exploited, could allow an attacker to execute code with elevated privileges.

Without evidence of active exploitation, the likelihood remains uncertain, but the risk of a privileged escalation scenario warrants immediate attention.
https://app.opencve.io/cve/CVE-2026-43494
#linux #LPE #security #cve_2026_43494 #PinTheft

CVE-2026-43494 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: net/rds: reset op_nents when zerocopy page pin fails When iov_iter_get_pages2() fails in rds_message_zcopy_from_user(), the pinned pages are released with put_page(), and rm->data.op_mmp_znotifier is cleared. But we fail to properly clear rm->data.op_nents. Later when rds_message_purge() is called from rds_sendmsg() the cleanup loop iterates over the incorrectly non zero number of op_nents and frees them again. Fix this by properly resetting op_nents when it should be in rds_message_zcopy_from_user().

The New Oil5d ago

Exploit released for new #PinTheft #ArchLinux root escalation flaw

https://www.bleepingcomputer.com/news/linux/exploit-released-for-new-pintheft-arch-linux-root-escalation-flaw/

#cybersecurity #FOSS #Arch #Linux

Exploit released for new PinTheft Arch Linux root escalation flaw

PinTheft, a recently patched Linux privilege escalation vulnerability, now has a publicly available proof-of-concept (PoC) exploit that allows local attackers to gain root privileges on Arch Linux systems.

BleepingComputer
Show threadNOC Evolix / AS1976965d ago

Pour information, nous partageons les tasks Ansible que l'on a appliqué pour contourner #pintheft :

https://paste.evolix.org/?6a4ffffa7c5b4966#4bjrh2Hk4p9zuftnk9eRB85y8QGztx3WYdz6SQeZisdq

PrivateBin

Visit this link to see the note. Giving the URL to anyone allows them to access the note, too.

PrivateBin
NOC Evolix / AS1976965d ago
Nous sommes en train d'investiguer sur la nouvelle faille sur le noyau Linux qui concerne des modules rds (permettant un protocole réseau complètement inutilisé chez nous) #pintheft
* les noyaux sous Debian ne sont pas affectés car un patch désactive l'autoloading de ces modules : https://sources.debian.org/patches/linux/5.10.46-4/debian/rds-Disable-auto-loading-as-mitigation-against-local.patch/
* les noyaux sous Proxmox sont spécifiques et sont affectés : nous avons déployé un patch pour blacklister les modules rds
Package: linux | Debian Sources

Jérémy Lecour5d ago
Et alors quoi ? On ne peut plus passer une semaine sans faille majeure dans le noyau Linux ? #pintheft #linux #sysadmin
https://github.com/v12-security/pocs/tree/main/pintheft
pocs/pintheft at main · v12-security/pocs

poc it like it's hot. Contribute to v12-security/pocs development by creating an account on GitHub.

GitHub
securityaffairs5d ago
#PinTheft: Another #Linux Privilege Escalation, Another Working Exploit, This Time Targeting Arch
https://securityaffairs.com/192456/hacking/pintheft-another-linux-privilege-escalation-another-working-exploit-this-time-targeting-arch.html
#securityaffairs #hacking
PinTheft: Another Linux Privilege Escalation, Another Working Exploit, This Time Targeting Arch

PinTheft is a Linux LPE flaw in the RDS subsystem with public exploit code. Arch Linux users should patch it immediately

Security Affairs
Analyst2076d ago

Exploit Released for PinTheft Linux Flaw

A critical Linux flaw, dubbed PinTheft, has been exploited, allowing local attackers to gain root privileges on affected systems through a complex vulnerability in the Reliable Datagram Sockets (RDS) code. This security gap can be triggered by a specific interaction between RDS zerocopy and io_uring fixed buffers.

https://osintsights.com/exploit-released-for-pintheft-linux-flaw?utm_source=mastodon&utm_medium=social

#LinuxPrivilegeEscalation #Pintheft #RdsZerocopy #Iouring #LocalPrivilegeEscalation

Exploit Released for PinTheft Linux Flaw

Learn how to protect your Linux system from the PinTheft exploit, a local privilege escalation vulnerability in RDS zerocopy, and take action to secure your system now.

OSINTSights
Show threadadlerweb // BitBastelei6d ago
…and again and again…
https://github.com/v12-security/pocs/tree/main/pintheft
#LPE #PinTheft
pocs/pintheft at main · v12-security/pocs

poc it like it's hot. Contribute to v12-security/pocs development by creating an account on GitHub.

GitHub
histrio6d ago

A fresh one

https://github.com/v12-security/pocs/tree/09e835b587bf71249775654061ae4c79e92cf430/pintheft

No major distro is currently default-exposed to this PoC as written:
- anything on a kernel below 6.13 (Debian 13, Ubuntu LTS) lacks the required primitive
- enterprise distros (RHEL/Alma/Rocky) strip RDS entirely

#LPE #pintheft