#kernel
mathstodon.xyz · ⭐️ 8/10 · 2026-07-02
Since Linux 6.9, the cryptsetup luksSuspend command no longer wipes disk-encryption keys from memory during suspend, leaving them accessible in RAM. This regression undermines the security of LUKS-encrypted devices because an attacker with physical access to a suspended system could extract the master key from memory and decrypt the disk without needing the passphrase. The issue affects Linux kernels from 6.9 onward, but not all distributions are impacted because luksSuspend is not part of the official cryptsetup specification; it originated as a Debian extension.
research.jfrog.com · ⭐️ 8/10 · 2026-06-28
Security researchers at JFrog disclosed a new Linux kernel local privilege escalation vulnerability named DirtyClone (CVE-2026-43503), which allows unprivileged local users to gain root access by exploiting a flaw in socket buffer cloning that loses the SKBFLSHAREDFRAG flag. This vulnerability is critical because it affects widely-used Linux distributions with default unprivileged user namespaces, such as Debian, Ubuntu, and Fedora, and can be exploited without leaving kernel logs or audit traces, making it especially dangerous for multi-tenant cloud environments and Kubernetes clusters. The vulnerability was patched in Linux kernel v7.1-rc5 on May 21, 2026; mitigations include disabling unprivileged user namespaces via kernel.unprivilegedusernsclone=0 or blocking the esp4, esp6, and rxrpc kernel modules.