Exploit released for new PinTheft Arch Linux root escalation flaw
A new privilege escalation vulnerability, named PinTheft, has been discovered in Arch Linux systems. This flaw allows local attackers to gain root privileges and has a publicly available proof-of-concept exploit. Users are advised to update their kernels or apply mitigations to prevent exploitation.
- ▪The PinTheft vulnerability exists in the Linux kernel's RDS and was patched earlier this month.
- ▪The exploit requires specific conditions, including the RDS module being loaded and io_uring being enabled.
- ▪Linux users are urged to install the latest kernel updates to protect against this vulnerability.
Opening excerpt (first ~120 words) tap to expand
Exploit released for new PinTheft Arch Linux root escalation flaw By Sergiu Gatlan May 20, 2026 06:52 AM 0 A recently patched Linux privilege escalation vulnerability now has a publicly available proof-of-concept (PoC) exploit that allows local attackers to gain root privileges on Arch Linux systems. The vulnerability, named PinTheft by the V12 security team and still waiting to be assigned a CVE ID for easier tracking, exists in the Linux kernel's RDS (Reliable Datagram Sockets) and was patched earlier this month. "PinTheft is a Linux local privilege escalation exploit for an RDS zerocopy double-free that can be turned into a page-cache overwrite through io_uring fixed buffers," V12 said in a Tuesday advisory. "The bug lived in the RDS zerocopy send path.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at BleepingComputer.
Discussion
0 commentsMore from BleepingComputer
