nftables, very popular networking part of linux most often used paired to systemd linux, has terrible bughttps://arstechnica.com/security/2026/06/a-single-errant-character-in-the-linux-kernel-allows-attacker-to-gain-root/Researchers have analyzed a high-severity vulnerability in Linux that's able to escalate untrusted users to root by exploiting a bug you don't often see: a single errant character inside the kernel. >The vulnerability, tracked as CVE-2026-23111, is located in nf_tables, a subsystem of the Linux kernel that provides packet filtering capabilities. It's used to manage firewall rules and replaces older subsystems such as iptables, ip6tables, arptables, and ebtables.The presence of a single mis-issued exclamation point in code implementing nf_tables introduced a use-after-free, a class of vulnerability that corrupts memory by placing malicious code at memory addresses that haven't been properly freed of their previous contents. CVE-2026-23111 >can be exploited by an unprivileged user or process to elevate system rights to root. The exploit works by disrupting the deletion of verdicts -- a determination within the nf_tables framework that determines if a packet matches a rule calling for a certain action to be performed. This process can use what are known as catchall elements, which act as a wildcard in the event a lookup doesn't match any other element in the set.When a verdict map is deleted from memory, catchall elements are deactivated and a chain's reference counter is decremented. When errors occur the deletion can be reversed and the counter incremented. CVE-2026-53111 allows for that process to be altered. As a result, the exploit can decrement the variable an arbitrary number of times and then delete and free the chain when some objects still point to it.
>>536739098Rust would have prevented this
>>536739098>>536740185im trans btw
>>536740223>systemdMore like sucks my d.
>>536739098Yeah cool but how does it work? I remember every nerd cocksucker getting their knickers twisted up over some printer vulnerability that required you to activate some certain obscure feature that nobody actually uses manually just for a l33t hax0r to theoretically be able to view open ports or some shit, possibly, because nobody ever demonstrated the exploit in action.
>>536740640It's a local privilege escalation. You need to already have user access to the Linux server. So it's not a big issue for most people. Just a regular security update
>>536740855In my understanding of OP's gay rant, it doesn't necessarily elevate that person to root for anything but whatever it is doing to already cleared fragments of shit in the RAM cache so I'm assuming that it's absolutely useless.
>>536742715In the abstract, it's a memory corruption exploit. The attacker is able to write data into memory that he shouldn't normally be able to. He can then cause nftables to crash in such a way that it jumps to that data for next instruction. Since that data is controlled by the user but running with privileges of nftables (root) the attacker can execute code with root privileges.It has little to do with nftables itself, it's a more of a C issue.And yes Rust doesn't have such problems, the tranny is correct
