Red Hat News Articles

Linux Privilege Escalation Exploit Released - udisksd & libblockdev Vulnerability

This flaw allows users in the allow_active group to escalate their privileges to root under certain conditions, posing a severe risk to multi-user and shared environments.

2 weeks ago

PoC Released for Linux Privilege Escalation Flaw in udisksd and libblockdev

Security researchers disclosed a critical local privilege escalation (LPE) vulnerability affecting Fedora, SUSE, and other major Linux distributions.

2 weeks ago

Former US Army Sergeant pleads guilty after amateurish attempt at selling secrets to China

Infosec in brief A former US Army sergeant has admitted he attempted to sell classified data to China. Joseph Daniel Schmidt last Friday pled guilty after the Feds charged him with using his top secret...

1 month ago

Former US Army Sergeant admits he sold secrets to China

Infosec in brief A former US Army sergeant has admitted he attempted to sell classified data to China. Joseph Daniel Schmidt last Friday pled guilty after the Feds charged him with using his top secret...

1 month ago

CVE-2025-6019: time to upgrade Linux

Vulnerability CVE-2025-6019 allows an attacker to gain root privileges in most Linux distributions.

New Linux bug CVE-2025-6019 a “critical and universal” risk

Newly found Linux vulnerability CVE-2025-6019, is a “critical and universal” risk in Ubuntu, Fedora, Debian, and openSUSE says Qualys.

New Linux udisks flaw lets attackers get root on major Linux distros

Attackers can exploit two newly discovered local privilege escalation (LPE) vulnerabilities to gain root privileges on systems running major Linux distributions.

Five Critical Security Vulnerabilities Disclosed in Widely-Used libxml2 Library

The maintainers of libxml2, a fundamental XML parsing library used across countless software applications, have disclosed five serious security vulnerabilities that could enable denial-of-service attacks and...

New Linux Flaws Allow Password Hash Theft via Core Dumps in Ubuntu, RHEL, Fedora

Linux vulnerabilities CVE-2025-5054 and CVE-2025-4598 let local attackers extract sensitive data via SUID core dumps.

The Windows Security Updates of August 2024 are now available - BitLocker Recovery issue fixed - gHacks Tech News

Here is an overview of the August 2024 security updates that Microsoft released for its Windows operating systems.

PoC Exploit Published for Linux Kernel Privilege Escalation Flaw

A critical vulnerability has been discovered in the netfilter subsystem of the Linux kernel Privilege Escalation Flaw.

CVE-2023-6246 Archives

All posts tagged "CVE-2023-6246" Security Architecture GNU C Library Vulnerability Leads to Full Root Access Researchers at Qualys call attention to a vulnerability in Linux’s GNU C Library...

glibc - CVE CyberSecurity Database News

CVE CyberSecurity Database News - Latest cybersecurity news and CVE details Sign...

Tag: CVE-2023-6246 | Qualys Security Blog

Join the discussion today! Learn more about Qualys and industry best practices. Share what you know and build a reputation. Secure your systems and improve...

Debian: DSA-5611-1: glibc security update | LinuxSecurity.com

Debian Security Advisory DSA-5611-1 https://www.debian.org/security/Salvatore Bonaccorso January 30,

Glibc library vulnerability published

CVE-2023-6246 found in glibc (GNU C Library) affects Debian, Ubuntu and Fedora, and likely other Linux distributions.

Glibc library vulnerability published

CVE-2023-6246 found in glibc (GNU C Library) affects Debian, Ubuntu and Fedora, and likely other Linux distributions.

New Glibc Library Flaw Grants Root Access to Major Linux Distros - Cyber Kendra

New Glibc Library Flaw Grants Root Access to Major Linux Distros

CVE-2024-1753: Podman/Buildah Vulnerability Allow Container Escapes

A serious vulnerability (CVE-2024-1753) has been discovered in the popular containerization tools Podman and Buildah

Critical Shim Vulnerability Affecting Linux Secure Boot: An In-depth Look

A serious vulnerability, CVE-2023-40547, discovered in Shim could lead to remote code execution. The bug affects Linux distributions supporting secure boot.

The Real Shim Shady - How CVE-2023-40547 Impacts Most Linux Systems - Eclypsium | Supply Chain Security for the Modern Enterprise

Six new vulnerabilities have been identified in the shim bootloader used to support Secure Boot in most Linux distributions. One vulnerability in particular, CVE-2023-40547, can be exploited to control the boot sequence and circumvent operating system controls.

Linux Systems Exposed: Critical RCE Vulnerability in Shim Bootloader Demands Urgent Patching

A severe RCE vulnerability in the shim bootloader threatens Linux systems using Secure Boot. Update to shim 15.8 and follow these steps to mitigate the risk.

EP1652: Chill Chill Security - CVE-2023-40547 by Chill Chill Security

Sponsor by ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠SEC Playground

Linux Devs Rush to Patch Critical Vulnerability in Shim

The flaw allows the installation of malware that operates at the firmware level

RedHat patches critical flaw in Linux shim bootloader

Security pros say teams need to patch right away because attackers can leverage the bug to gain control of the entire boot process.

How to fix CVE-2023-40547 in Linux

CVE-2023-40547 is a critical vulnerability allowing bootkit installations on Linux systems. Here's everything you need to know.

Critical Shim Boot Loader Vulnerability Affects Linux Distributions (CVE-2023-40547) - OP INNOVATE

CVE-2023-40547 poses a critical threat to Linux distributions with a CVSS score of 9.8, enabling Secure Boot bypass and potential remote code execution. Discovered by Bill Demirkapi, this vulnerability is critical in the shim boot loader's HTTP response handling and could lead to system compromise t...

Linux Distros Hit By RCE Vulnerability in Shim Bootloader

However, not everyone agrees with the NVD's assessment of CVE-2023-40547 being a near-maximum severity bug.

Major Linux Flaw Opens Door to Undetectable Bootkit Infections

A critical vulnerability (CVE-2023-40547) in the Linux bootloader shim exposes millions of systems to persistent, stealthy bootkits. Learn how to protect yourself and stay updated on patches.

Critical flaw in Shim bootloader impacts major Linux distros

A critical vulnerability in the Shim Linux bootloader enables attackers to execute code and take control of a target system before the kernel is loaded, bypassing existing security mechanisms.

Linux Shim Bootloader Flaw Expose Most Linux Distros to Code Execution Attacks

Shim is maintained by Red Hat and used in almost all Linux distributions that support secure boot including Debian, Ubuntu, SUSE, and many others.

Critical Bootloader Vulnerability in Shim Impacts Nearly All Linux Distros

A critical vulnerability (CVE-2023-40547) has been found in the shim bootloader, leaving millions of Linux systems vulnerable to attack.

Critical vulnerability in shim puts Linux systems in jeopardy | Candid.Technology

A vulnerability tracked as CVE-2023-40547 has been discovered in the Secure Boot process that is widely used by Linux distributions.

Shim15.8 RPM availability for Rocky Linux 8 to fix CVE-2023-40546 CVE-2023-40547 CVE-2023-40548 CVE-2023-40549 CVE-2023-40550 CVE-2023-40551 - Rocky Linux General - Rocky Linux Forum

Hi Team, SHIM released 15.8 addressing 7 CVEs (1 with critical score of 9.8 CVE-2023-40547) When can we expect x86_64 RPM.

CVE-2023-6246 Root Access Vulnerability in glibc - Open Source Security Foundation

The CVE-2023-6246 vulnerability in glibc can allow an attacker to escalate their local unprivileged access to the full root privilege level. CVEs like this highlight the significance of the initiatives that OpenSSF has been championing like Memory Safe Languages, Tools, and Coordinated Vulnerability...

Glibc library vulnerability published

CVE-2023-6246 found in glibc (GNU C Library) affects Debian, Ubuntu and Fedora, and likely other Linux distributions.

Glibc library vulnerability published

CVE-2023-6246 found in glibc (GNU C Library) affects Debian, Ubuntu and Fedora, and likely other Linux distributions.

Qualys discovers glibc flaw that could enable attackers to gain full root access

Well, here's another reminder to keep your PC up to date. Despite Linux being known for security, it's not perfect (no software is) and researchers at Qualys have discovered multiple vulnerabilities in the GNU C Library.

Qualys TRU Discovers Important Vulnerabilities in GNU C Library’s syslog() | Qualys Security Blog

The Qualys Threat Research Unit (TRU) has recently unearthed four significant vulnerabilities in the GNU C Library, a cornerstone for countless applications in…

New Linux glibc flaw lets attackers get root on major distros

​Unprivileged attackers can get root access on multiple major Linux distributions in default configurations by exploiting a newly disclosed local privilege escalation (LPE) vulnerability in the GNU C Library (glibc).

Root access vulnerability in glibc library impacts many Linux distros

Qualys researchers discovered a root access flaw, tracked as CVE-2023-6246, in GNU Library C (glibc) affecting multiple Linux distributions.

CVE-2023-43786 & CVE-2023-43787 Vulns in libX11: All You Need To Know

Learn all about the 35-year-old vulnerabilities found by our Security Team in libX11, causing a denial-of-service and remote code execution.

CVE-2023-40547 Archives

VulnerabilityJanuary 25, 2024CVE-2023-40547: The Critical Shim Flaw Compromising Linux BootloadersRecently, a new vulnerability has been unearthed that strikes at the very core of system boot processes,...

CVE-2023-40547: The Critical Shim Flaw Compromising Linux Bootloaders

Identified with a CVSS score of 8.3, CVE-2023-40547 exposes a remote code execution vulnerability within Shim.

CVE-2023-43786 & CVE-2023-43787 Vulns in libX11: All You Need To Know

Learn all about the 35-year-old vulnerabilities found by our Security Team in libX11, causing a denial-of-service and remote code execution.

Linux Kernel CVE-2023-6546 - Unveiling A Critical Vulnerability

This is a custom exploit which targets Ubuntu 18.04+20.04 LTS/Centos 8/RHEL 8 to attain root privileges via arbitrary kernel code

CVE-2023-6546 Archives

VulnerabilityJanuary 16, 2024CVE-2023-6546 PoC Exploit: A Gateway to Linux System TakeoverA cybersecurity researcher, Nassim Asrir has released the details, and a proof-of-concept (PoC) exploit for a...

CVE-2023-6546/ZDI-24-020 — Linux LPE · Issue #18719 · rapid7/metasploit-framework

Summary Linux Kernel GSM Multiplexing Race Condition Local Privilege Escalation Vulnerability (CVE-2023-6546), by @Nassim-Asrir Basic example https://github.com/Nassim-Asrir/ZDI-24-020 $ gcc exploit.c -o exploit -lpthread $ ./exploit [+]...