[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"article-why-linux-kernel-security-still-fails-default-installs-en":3,"article-related-why-linux-kernel-security-still-fails-default-installs-en":31,"series-research-7c749fe2-7383-4170-8ca9-15778970037a":84},{"id":4,"slug":5,"title":6,"content":7,"summary":8,"source":9,"source_url":10,"author":11,"image_url":12,"cover_image":12,"category":13,"language":14,"translated_content":11,"related_article_id":15,"keywords":16,"key_takeaways":23,"views":27,"created_at":28,"published_at":29,"topic_cluster_id":30},"7c749fe2-7383-4170-8ca9-15778970037a","why-linux-kernel-security-still-fails-default-installs-en","Why Linux Kernel Security Still Fails on Default Installs","\u003Cp data-speakable=\"summary\">Default Linux installs still turn local bugs into root on major distros.\u003C\u002Fp>\u003Cp>The Linux kernel security model is failing at the exact point users trust it most: default installs on major distributions still let a local flaw become root command execution.\u003C\u002Fp>\u003Cp>Qualys says CVE-2026-46333 sat undetected for nine years, was introduced in 2016, and can let an unprivileged local user read sensitive files and run commands as root on Debian, Fedora, and Ubuntu. That is not a narrow edge case. It is a reminder that the kernel’s attack surface is not theoretical, and that “local only” still means “full compromise” when the flaw lands in the wrong privilege path.\u003C\u002Fp>\u003Ch2>First argument: kernel privilege bugs are system-wide failures, not isolated defects\u003C\u002Fh2>\u003Cp>When a kernel bug reaches the boundary between user space and root, the blast radius is the whole host. Qualys ties CVE-2026-46333 to improper privilege management in __ptrace_may_access(), a function that decides who can inspect whom. Once that logic breaks, the attacker is not poking a single app. They are stepping into the trust machinery that protects every process on the machine.\u003C\u002Fp>\n\u003Cfigure class=\"my-6\">\u003Cimg src=\"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1779818752218-03j9.png\" alt=\"Why Linux Kernel Security Still Fails on Default Installs\" class=\"rounded-xl w-full\" loading=\"lazy\" \u002F>\u003C\u002Ffigure>\n\u003Cp>The concrete impact matters more than the CVSS score. A local attacker can expose \u002Fetc\u002Fshadow, steal SSH host private keys, and then execute arbitrary commands as root through multiple paths including chage, ssh-keysign, pkexec, and accounts-daemon. That is the kind of chain that turns one overlooked kernel mistake into credential theft, persistence, and lateral movement across an entire fleet.\u003C\u002Fp>\u003Ch2>Second argument: long-lived bugs prove patch cadence is not enough\u003C\u002Fh2>\u003Cp>This flaw lived for nine years before disclosure. That timeline is the real indictment. If a privilege-management bug can survive from 2016 to 2026 inside a kernel shipped by major distros, then the industry cannot keep pretending that routine patching alone is a security strategy. It is necessary, but it is not sufficient.\u003C\u002Fp>\u003Cp>The same week, researchers also released a PoC for PinTheft, a local privilege escalation issue on Arch Linux that depends on RDS, io_uring, a readable SUID-root binary, and x86_64 payload support. Different bug, same lesson: modern Linux security failures are piling up in subsystems that defenders rarely audit directly. The problem is not one bad commit. It is the accumulation of deep, hard-to-test privilege paths that keep yielding root.\u003C\u002Fp>\u003Ch2>The counter-argument\u003C\u002Fh2>\u003Cp>Kernel bugs are unavoidable in a codebase this large, and the Linux ecosystem does respond. Distros ship updates quickly, researchers publish details, and temporary mitigations exist. In this case, Qualys recommends raising kernel.yama.ptrace_scope to 2, rotating host keys, and reviewing administrative material that may have lived in memory during the exposure window. That is a real, responsible response to a real vulnerability.\u003C\u002Fp>\n\u003Cfigure class=\"my-6\">\u003Cimg src=\"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1779818767013-baqs.png\" alt=\"Why Linux Kernel Security Still Fails on Default Installs\" class=\"rounded-xl w-full\" loading=\"lazy\" \u002F>\u003C\u002Ffigure>\n\u003Cp>But that defense only goes so far because it assumes organizations can patch fast enough and can trust every local user until they do. They cannot. The exposure window is the vulnerability. Once untrusted local users have access, the host is already at risk, and the right response is not optimism about patch velocity but disciplined reduction of local privilege paths, module exposure, and credential residency.\u003C\u002Fp>\u003Ch2>What to do with this\u003C\u002Fh2>\u003Cp>Engineers and operators should treat local Linux privilege escalation as a primary threat, not a niche post-exploitation step: patch kernels immediately, disable or limit unnecessary modules and services, raise ptrace_scope where compatible, rotate SSH host keys after exposure, and audit any SUID-root or credential-handling paths that could turn a local shell into root. If your environment allows untrusted local users, assume that one kernel bug is enough to expose the host.\u003C\u002Fp>","Default Linux installs are still too easy to turn into root through kernel bugs.","thehackernews.com","https:\u002F\u002Fthehackernews.com\u002F2026\u002F05\u002F9-year-old-linux-kernel-flaw-enables.html",null,"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1779818752218-03j9.png","research","en","d580b00b-e2e7-4222-add6-4a37e5095d1c",[17,18,19,20,21,22],"Linux kernel","CVE-2026-46333","Qualys","privilege escalation","Debian","Ubuntu",[24,25,26],"Default Linux installs still let kernel privilege bugs become root compromises.","A nine-year undetected flaw shows patching alone is not a security strategy.","Treat local users, SUID paths, and kernel exposure as high-risk attack surfaces.",5,"2026-05-26T18:05:27.092113+00:00","2026-05-26T18:05:27.084+00:00","d42ba6b9-8f5a-41b9-a385-4fd71d294ef3",{"tags":32,"relatedLang":43,"relatedPosts":47},[33,35,37,39,41],{"name":17,"slug":34},"linux-kernel",{"name":21,"slug":36},"debian",{"name":20,"slug":38},"privilege-escalation",{"name":18,"slug":40},"cve-2026-46333",{"name":19,"slug":42},"qualys",{"id":15,"slug":44,"title":45,"language":46},"why-linux-kernel-security-still-fails-default-installs-zh","為什麼 Linux Kernel 預設安裝的安全性仍然失敗","zh",[48,54,60,66,72,78],{"id":49,"slug":50,"title":51,"cover_image":52,"image_url":52,"created_at":53,"category":13},"850449f2-e75b-4dbf-97c0-3590c6cbf097","crdts-keep-replicas-in-sync-without-locks-en","CRDTs keep replicas in sync without locks","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1781011086602-cokl.png","2026-06-09T13:17:35.890527+00:00",{"id":55,"slug":56,"title":57,"cover_image":58,"image_url":58,"created_at":59,"category":13},"7c6b6428-ba8d-4c59-840b-cf96a95139e5","post-deterministic-systems-autonomous-infra-en","Post-Deterministic Systems for Autonomous Infra","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1781010190497-1grq.png","2026-06-09T13:02:33.235795+00:00",{"id":61,"slug":62,"title":63,"cover_image":64,"image_url":64,"created_at":65,"category":13},"53ec2203-e127-4bf8-8b3d-2dce8d156a54","causal-learnability-formal-language-tasks-en","Causal methods for measuring task learnability","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1780987698514-ky8m.png","2026-06-09T06:47:35.103221+00:00",{"id":67,"slug":68,"title":69,"cover_image":70,"image_url":70,"created_at":71,"category":13},"55e7197e-f114-4b6c-b3e2-af1a3cd9dfa4","rl-training-hands-off-control-gradually-en","RL Training That Hands Off Control Gradually","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1780986801034-gf8m.png","2026-06-09T06:32:33.516452+00:00",{"id":73,"slug":74,"title":75,"cover_image":76,"image_url":76,"created_at":77,"category":13},"93fc6735-b524-4baf-989f-645c4c47d593","omnigamearena-vlm-game-agent-benchmark-en","OmniGameArena benchmarks VLM game agents better","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1780985895695-ugcj.png","2026-06-09T06:17:32.668876+00:00",{"id":79,"slug":80,"title":81,"cover_image":82,"image_url":82,"created_at":83,"category":13},"9f0c9505-6d75-411c-ba46-2382e8f295a5","turboquant-cuts-kv-cache-memory-6x-google-tests-en","TurboQuant cuts KV cache memory 6x in Google tests","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1780906679116-fqdo.png","2026-06-08T08:17:22.276769+00:00",[85,90,95,100,105,110,115,120,125,130],{"id":86,"slug":87,"title":88,"created_at":89},"a2715e72-1fe8-41b3-abb1-d0cf1f710189","ai-predictions-2026-big-changes-en","AI Predictions for 2026: Brace for Big Changes","2026-03-26T01:25:07.788356+00:00",{"id":91,"slug":92,"title":93,"created_at":94},"8404bd7b-4c2f-4109-9ec4-baf29d88af2b","ml-papers-of-the-week-github-research-desk-en","ML Papers of the Week Turns GitHub Into a Research Desk","2026-03-27T01:11:39.480259+00:00",{"id":96,"slug":97,"title":98,"created_at":99},"87897a94-8065-4464-a016-1f23e89e17cc","ai-ml-conferences-to-watch-in-2026-en","AI\u002FML Conferences to Watch in 2026","2026-03-27T01:51:54.184108+00:00",{"id":101,"slug":102,"title":103,"created_at":104},"6f1987cf-25f3-47a4-b3e6-db0997695be8","openclaw-agents-manipulated-self-sabotage-en","OpenClaw Agents Can Be Manipulated Into Failure","2026-03-28T03:03:18.899465+00:00",{"id":106,"slug":107,"title":108,"created_at":109},"a53571ad-735a-4178-9f93-cb09b699d99c","vega-driving-language-instructions-en","Vega: Driving with Natural Language Instructions","2026-03-28T14:54:04.698882+00:00",{"id":111,"slug":112,"title":113,"created_at":114},"a34581d6-f36e-46da-88bb-582fb3e7425c","personalizing-autonomous-driving-styles-en","Drive My Way: Personalizing Autonomous Driving Styles","2026-03-28T14:54:26.148181+00:00",{"id":116,"slug":117,"title":118,"created_at":119},"2bc1ad7f-26ce-4f02-9885-803b35fd229d","training-knowledge-bases-writeback-rag-en","Training Knowledge Bases with WriteBack-RAG","2026-03-28T14:54:45.643433+00:00",{"id":121,"slug":122,"title":123,"created_at":124},"71adc507-3c54-4605-bbe2-c966acd6187e","packforcing-long-video-generation-en","PackForcing: Efficient Long-Video Generation Method","2026-03-28T14:55:02.646943+00:00",{"id":126,"slug":127,"title":128,"created_at":129},"675942ef-b9ec-4c5f-a997-381250b6eacb","pixelsmile-facial-expression-editing-en","PixelSmile Framework Enhances Facial Expression Editing","2026-03-28T14:55:20.633463+00:00",{"id":131,"slug":132,"title":133,"created_at":134},"6954fa2b-8b66-4839-884b-e46f89fa1bc3","adaptive-block-scaled-data-types-en","IF4: Smarter 4-Bit Quantization That Adapts to Your Data","2026-03-31T06:00:36.65963+00:00"]