Agents are capable of finding this kind of stuff now and people are having a field day using them to find high-profile CVEs for fun or profit.
Slowly at first, and then suddenly. AI assisted anything follows this trend. As capabilities improve, new avenues become "good enough" to automate. Today is security.
But still might be an open threat. On the email thread Jens seems to think that this is already patched and in stable, he also points out that for this exploit to work (as written in the article) you already need escalated privileges [2] Catchy title though.
[1] https://snailsploit.com/security-research/general/io-uring-z... [2] https://seclists.org/oss-sec/2026/q2/448
Am I reading this wrong or is this just a way of executing an arbitrary binary with uid=0 if you have both CAP_NET_ADMIN and CAP_SYS_ADMIN?
If you can write modprobe_path, is it really news that you can find a way to execute code?
rvz•1h ago
Linux is falling apart faster than it can assign these CVEs.
EGreg•53m ago
cachius•48m ago
mschuster91•16m ago
Given Windows' absurd amount of backwards compatibility, chances are pretty high that there are a lot of sleeping dragons buried inside even modern Windows 10/11 kernel and userland that date back to code and issues from the 90s - code where half the people who have worked on it probably not just have departed Microsoft but departed living in the meantime.
yjftsjthsd-h•11m ago
otterley•8m ago
toast0•11m ago
maven29•47m ago
ChocolateGod•45m ago
yjftsjthsd-h•9m ago
hn92726819•38m ago
gordonhart•38m ago