惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
WordPress大学
WordPress大学
宝玉的分享
宝玉的分享
人人都是产品经理
人人都是产品经理
博客园 - 聂微东
IT之家
IT之家
V
V2EX
Jina AI
Jina AI
V
Visual Studio Blog
有赞技术团队
有赞技术团队
博客园 - 司徒正美
博客园 - 叶小钗
The Cloudflare Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
小众软件
小众软件
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
博客园 - 三生石上(FineUI控件)
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Google DeepMind News
Google DeepMind News
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
腾讯CDC
Google Online Security Blog
Google Online Security Blog
博客园 - 【当耐特】
Apple Machine Learning Research
Apple Machine Learning Research
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
N
News and Events Feed by Topic
N
News and Events Feed by Topic
The Last Watchdog
The Last Watchdog
W
WeLiveSecurity
月光博客
月光博客
Security Archives - TechRepublic
Security Archives - TechRepublic
Webroot Blog
Webroot Blog
SecWiki News
SecWiki News
博客园_首页
罗磊的独立博客
量子位
Latest news
Latest news
I
Intezer
V
Vulnerabilities – Threatpost
A
Arctic Wolf
Last Week in AI
Last Week in AI
Recent Commits to openclaw:main
Recent Commits to openclaw:main
S
SegmentFault 最新的问题
S
Security Affairs
阮一峰的网络日志
阮一峰的网络日志
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
酷 壳 – CoolShell
酷 壳 – CoolShell
P
Palo Alto Networks Blog
C
CXSECURITY Database RSS Feed - CXSecurity.com
N
News | PayPal Newsroom

Ubuntu blog

Tracing a memory leak bug in PID 1 and contributing an upstream fix: a Linux support story | Ubuntu MAAS installation: bare metal provisioning is easier than ever | Ubuntu Januscape vulnerability CVE-2026-53359 mitigations available | Ubuntu Managing Ubuntu on bare metal at scale Ubuntu Server: a platform made for enterprise scale | Ubuntu Building an open source chain of trust: new research uncovers key blockers and ways forward | Ubuntu Beyond safety and security: Why automotive open source demands dependability  | Ubuntu DirtyClone Linux kernel local privilege escalation vulnerability fixes available | Ubuntu pedit COW kernel local privilege escalation vulnerability mitigations | Ubuntu Canonical becomes Gold Sponsor of Trifecta Tech Foundation | Ubuntu Challenges designers face in open source (and how to fix them) | Ubuntu Hunting a 16-year-old SQLite bug with TLA+: is dqlite affected? | Ubuntu Anbox Cloud on C4A metal: Android, at scale, without friction | Ubuntu Canonical announces live kernel patching for Arm64 | Ubuntu How to use RISC-V custom instructions with Ubuntu | Ubuntu Ubuntu Summit 26.04: connected by open source | Ubuntu So you need to add microcontrollers to your fleet: now what? | Ubuntu Validating real-world skills through Canonical Academy | Ubuntu Virtualized Android comes to Anbox Cloud | Ubuntu Template: Streamlining open source design contributions | Ubuntu Beyond Mythos: responding to a new threat landscape | Ubuntu A look into Ubuntu Core 26: Building a local AI inference appliance in a virtual machine | Ubuntu A decade of Ubuntu on IBM Z and IBM LinuxONE | Ubuntu AI at the edge: simplifying infrastructure with Cisco and Canonical | Ubuntu The next era of telco clouds: get open infrastructure choice with Sylva and Canonical Kubernetes | Ubuntu What is RDMA over Converged Ethernet (RoCE)? | Ubuntu Beyond tokens per watt – using Ubuntu 26.04 LTS for AI | Ubuntu A look into Ubuntu Core 26: Deploying AI models on Renesas RZ/V series for production | Ubuntu RISC-V profiles – why is RVA23 significant? | Ubuntu AI with AMD ROCm on Ubuntu: your questions answered | Ubuntu Ubuntu and Ubuntu Pro on Azure Cobalt 200 VMs | Ubuntu What is InfiniBand? | Ubuntu How Canonical Support solves hard Linux performance bugs  – even in 12-year old code | Ubuntu Securing AI agent workflows on Ubuntu with the new NVIDIA OpenShell snap | Ubuntu Canonical announces optimized Ubuntu images for TPU virtual machines by Google Cloud | Ubuntu VMware hypervisor deployment using MAAS | Ubuntu Migrating from Apache Spark 3 to Spark 4 | Ubuntu Introducing Workshop: launch sandboxed development environments on Ubuntu with a single command | Ubuntu Run agentic workloads on Arm and Ubuntu | Ubuntu Decoding design: How design and engineering thrive together in open source | Ubuntu Developing web apps with local LLM inference | Ubuntu Canonical announces fully Managed Kubeflow AI operations platform on the Microsoft Azure Marketplace | Ubuntu A look into Ubuntu Core 26: Cloud-powered edge computing with AWS IoT Greengrass and Azure IoT Edge | Ubuntu CVE-2026-46333 (ssh-keysign-pwn) Linux kernel vulnerability mitigations | Ubuntu Finding the blind spot: How Canonical hunts logic flaws with AI | Ubuntu Fragnesia Linux kernel local privilege escalation vulnerability mitigations | Ubuntu Rethinking BYOD security: protecting data without trusting devices | Ubuntu Dirty Frag Linux kernel local privilege escalation vulnerability mitigations | Ubuntu Three weeks to go: A sneak peek of the Ubuntu Summit 26.04 experience | Ubuntu How to use Ubuntu on Windows | Ubuntu Fixes available for CVE-2026-31431 (Copy Fail) Linux Kernel Local Privilege Escalation Vulnerability | Ubuntu Run NVIDIA Nemotron 3 Nano Omni locally in a single command | Ubuntu Why Web Engineering is great | Ubuntu Ubuntu 16.04 LTS has reached the end of standard Expanded Security Maintenance with Ubuntu Pro. Here are your options. | Ubuntu Understanding disaggregated GenAI model serving with llm-d | Ubuntu From Jammy to Resolute: how Ubuntu’s toolchains have evolved | Ubuntu Hybrid search and reranking: a deeper look at RAG | Ubuntu Canonical expands Ubuntu support to next-generation MediaTek Genio 520 and 720 platforms | Ubuntu Intentional leadership at Canonical | Ubuntu Ubuntu Pro comes to Nutanix bare-metal Kubernetes | Ubuntu RISC-V 101 – what is it and what does it mean for Canonical? | Ubuntu Ubuntu Summit 26.04 is coming: Save the date and share your story! | Ubuntu How to manage Ubuntu fleets using on-premises Active Directory and ADSys | Ubuntu Simplify bare metal operations for sovereign clouds | Ubuntu How to Harden Ubuntu SSH: From static keys to cloud identity | Ubuntu The “scanner report has to be green” trap | Ubuntu Modern Linux identity management: from local auth to the cloud with Ubuntu | Ubuntu Canonical welcomes NVIDIA’s donation of the GPU DRA driver to CNCF | Ubuntu Hot code burns: the supply chain case for letting your containers cool before you ship | Ubuntu
PinTheft Linux kernel vulnerability mitigation | Ubuntu
Luci Stanesc · 2026-05-21 · via Ubuntu blog

A local privilege escalation (LPE) security vulnerability in the Linux kernel, codename “PinTheft,” was publicly disclosed on May 19, 2026. The vulnerability was fixed in the mainline Linux kernel tree. A proof-of-concept exploit was published along with public disclosure. This has been assigned the CVE ID CVE-2026-43494; other discovering teams may have given this issue other names. Ubuntu installations are only impacted if they use RDS (Reliable Datagram Sockets), a protocol generally used for high-performance computing (HPC). The default Ubuntu configuration disables the automatic loading of the module affected by this vulnerability. Linux kernel package updates that fix the vulnerability are available.

The vulnerability is a reference count bug that allows poisoning the page cache with malicious contents, similar to Copy Fail (CVE-2026-31431) or Dirty COW (CVE-2016-5195).

The vulnerability has been assigned a CVSS 3.1 score of 7.8, corresponding to a High severity. Prior to the CVSS score being published, Canonical had assessed the vulnerability identically, with a CVSS 3.1 score of 7.8. The Ubuntu Priority assigned is Medium, the local privilege escalation to root from unprivileged users is balanced against the default configuration of Ubuntu being safe against this issue. Ubuntu uses a /etc/modprobe.d/blacklist-rare-network.conf configuration file that disables rarely used network protocols, including the affected RDS.

Impact

The vulnerability allows an attacker to replace the in-memory contents of arbitrary files. The disk contents are not affected, but programs that read a file, make changes, and write the data back may make the changes persistent.

The published proof of concept exploit rewrites a setuid executable with a very short program that grants root privileges to an unprivileged local user with very high reliability.

 The impact of the vulnerability is unclear in containerized environments. It’s possible that an attacker in a container cannot use this to escape the container themselves, but could corrupt data for other containers or the main host, and if the raw storage for files is shared, could choose their targets.

Affected releases

Linux kernel security updates are available for all affected releases.

The default configuration of all Ubuntu releases is not affected, either because the relevant kernels do not have the issue, or because the issue is mitigated in the shipped configuration.

Ubuntu kernel images for 16.04 LTS and earlier do not have the issue.

Ubuntu kernel images on Focal Fossa (20.04 LTS) and later are affected. Ubuntu Bionic Beaver (18.04 LTS) only has the vulnerable code on the HWE kernel versions (5.4).

In Ubuntu, the vulnerability is distributed through the Linux kernel image packages. Prior to the Linux kernel security update being made available, the default Ubuntu configuration was not affected because it disables the vulnerable kernel module from automatically loading. This default mitigation impacts programs that use RDS networking. Users that need this functionality would have to explicitly load the rds module, a configuration that would allow this vulnerability to be exploited.

ReleasePackage NameFixed Version
Trusty Tahr (14.04 LTS)linuxNot affected
Xenial Xerus (16.04 LTS)linuxNot affected
Bionic Beaver (18.04 LTS)linuxLinux 4.15 – not affected
Linux 5.4 (HWE) – mitigated in default configuration. Fixed version: 5.4.0-231.251~18.04.1
Focal Fossa (20.04 LTS)linuxMitigated in default configuration

Fixed version:
– Linux 5.4: 5.4.0-231.251
– Linux 5.15 (HWE): 5.15.0-181.191~20.04.1

Jammy Jellyfish (22.04 LTS)linuxMitigated in default configuration

Fixed version:
 – Linux 5.15: 5.15.0-181.191
 – Linux 6.8 (HWE): 6.8.0-124.124~22.04.1

Noble Numbat (24.04 LTS)linuxMitigated in default configuration

Fixed version:
– Linux 6.8: 6.8.0-124.124
 – Linux 6.17 (HWE): 6.17.0-35.35~24.04.1

Questing Quokka (25.10)linuxMitigated in default configuration

Fixed version: 6.17.0-35.35

Resolute Raccoon (26.04 LTS)linuxMitigated in default configuration

Fixed version: 7.0.0-22.22

How to check if you are impacted

If you can update the Linux kernel

We always recommend that you apply security updates when available. A fix for this vulnerability is available as a Linux kernel update, even if default configurations are not impacted.

On your system, run the following command to get the version of the currently running kernel and compare the listed version to the corresponding table above.

uname -r

The list of installed kernel packages can be obtained using the following command:

dpkg -l 'linux-image*' | grep ^ii

If you cannot update the Linux kernel

These instructions are only applicable if you cannot update the Linux kernel version that fixes this vulnerability.

Confirm that the rds module is not currently loaded:

lsmod | grep -qE '^rds ' && echo "Module is loaded (vulnerable)" || echo "Module is NOT loaded"

Ensure that the automatic loading of the module is disabled:

grep -rqE '^alias net-pf-21 off' /etc/modprobe.d/ && echo "Automatic loading disabled (NOT vulnerable)" || echo "Automatic loading possible (vulnerable)"

Ensure that the module is not loaded at boot time:

grep -rqE '^rds' /etc/modules-load.d/ /usr/lib/modules-load.d/ && echo "Module is loaded at boot time (vulnerable)" || echo "Module is not loaded at boot time (NOT vulnerable)"

Security updates

We recommend you upgrade all packages:

sudo apt update && sudo apt upgrade

If this is not possible and the Linux kernel is installed via a meta package, its update can be targeted directly:

sudo apt update
dpkg-query -W -f '${source:Package}\t${binary:Package}\n' | awk '$1 ~ "^linux-meta" { print $2 }' | xargs sudo apt install --only-upgrade

Once the security updates for the Linux kernel are installed, a reboot is required:

sudo reboot

The unattended-upgrades feature is enabled by default for Ubuntu 16.04 LTS onwards. This service:  

  • Applies new security updates every 24 hours automatically.
  • If you have this enabled, the patches above will be automatically applied within 24 hours of being available, but a reboot is still required.

Manual mitigation

Update: Linux kernel security updates that fix the vulnerability are now available. The mitigations described in this section are no longer needed and should only be applied if the Linux kernel cannot be updated. If you have previously configured the mitigations, please follow the instructions in the ‘Disabling the mitigation’ section below.

No manual mitigation is necessary on default Ubuntu systems. If you previously enabled RDS on your systems, you may disable it from automatically loading again via:

rmmod rds
echo "alias net-pf-21 off" | sudo tee /etc/modprobe.d/blacklist-rds.conf

Disabling the mitigation

Once kernel updates are available and installed, the mitigation can be removed if you must run RDS applications:

sudo rm /etc/modprobe.d/blacklist-rds.conf

We recommend that you do not disable this mitigation unless you must run RDS. Note that, in order to enable RDS, it would be necessary to also disable the default configuration that prevents rarely used network protocols from being utilized.