When a verdict map is deleted from reminiscence, catchall components are deactivated and a series’s reference counter is decremented. When errors happen the deletion will be reversed and the counter incremented. CVE-2026-53111 permits for that course of to be altered. Consequently, the exploit can decrement the variable an arbitrary variety of occasions after which delete and free the chain when some objects nonetheless level to it.
“On this weblog publish, we’ve got seen how one incorrect exclamation mark launched a use-after-free vulnerability which will be exploited by an unprivileged person on Debian and Ubuntu to escalate privileges to root,” researchers from safety agency Exodus Intelligence wrote Monday. “Though the exploit triggers the use-after-free vulnerability a number of occasions to leak the kernel base tackle, leak heap addresses, and hijack the management circulation, the soundness checks resulted in a stability of >99% on an idle system.”
The vulnerability was fastened within the kernel in February and subsequently again ported to main Linux distributions. Safety agency FuzzingLabs demonstrated a proof of idea exploit in April. Exodus Intelligence, which found the bug, included its personal PoC exploit in Monday’s publish. It labored on Debian and Ubuntu.
CVE-2026-53111 is one in all no less than three potent elevation-of-privilege vulnerabilities to hit Linux in latest weeks. The vulnerabilities are critical, as a result of, when chained to a separate exploit, they can be utilized to evade safety defenses baked into the OS.
![How creators and entrepreneurs are utilizing AI to hurry up & succeed [data]](https://blog.aimactgrow.com/wp-content/uploads/2025/06/Untitled20design-Apr-07-2023-08-24-35-4586-PM-120x86.png)
