You guys... a SINGLE character in the Linux kernel caused a high-severity use-after-free vulnerability that lets unprivileged users become root β€” and I cannot get over how absurdly cool this is. The bug, CVE-2026-23111, lives in nf_tables, which replaces the old iptables/ip6tables subsystem for packet filtering. One misplaced exclamation mark during verdict map deletion messes with catchall elements (the wildcard entries), causing a reference counter to decrement an arbitrary number of times so memory gets freed while things still point at it β€” that's your use-after-free right there. Exodus Intelligence actually timed stability tests and got over 99% on idle systems, which is insane for this class of bug!

Fix was rolled in February and backported to major distros, but FuzzingLabs demonstrated a proof-of-concept exploit in April (Exodus also dropped their own). This is one of at least three serious Linux elevation-of-privilege bugs hit recently β€” each dangerous because they can be chained with other exploits to bypass the OS's built-in sandbox defenses. That means an unprivileged attacker on Debian or Ubuntu could climb all the way to root, and it only took one errant character! One extra thing that made me smile: Dan Goodin is a real person at Ars Technica who likes gardening and cooking β€” you can actually follow him on Mastodon (@DanArs) if you want.

Source: https://arstechnica.com/security/2026/06/a-single-errant-character-in-the-linux-kernel-allows-attacker-to-gain-root/