Security Vulnerabilities 
malware linux
malware linux IronWorm steals credentials and uses them to spread beyond the original victim, turning developer access into a supply chain risk. . A new campaign targeting npm has evolved past simple credential theft. Researchers identified IronWorm, a self-spreading threat. It harvests high-value Linux development secrets—SSH keys, cloud tokens, package publishing credentials. One compromised workstation becomes a launchpad for downstream supply chain attacks. This is not a get-in-and-get-out operation....
Jun 08, 2026
Network Securitysystem security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 0 articles for you...
210
security advisorycriticaldebianUbuntu: Chrome High Severity CVE-2025-38235 Escalation Risk MSG_OOB
Let’s talk about CVE-2025-38236 . If you’ve been following the Linux kernel's security track record, you already know how hard developers work to keep it solid. But every now and then, something slips through the cracks—and this time, it’s a big one. This vulnerability, disclosed by Jann Horn of Google’s Project Zero , allows an attacker to bridge the gap between user-level code running inside Chrome’s renderer sandbox and full-blown kernel-level control. That’s not just breaking out of one of the most hardened sandboxes out there—it’s obliterating it. . This critical flaw revolves around a rarely used feature called MSG_OOB . It's tied to UNIX domain sockets and, let’s be honest, probably doesn’t ring a bell for most Linux admins. That’s the problem, though—obscure functionality with poor visibility tends to become fertile ground for vulnerabilities. Before we dive into patches and mitigations, let’s walk through what this vulnerability is, why it’s dangerous, and how you can lock down your systems. The Obscure MSG_OOB : What Does It Even Do? Most Linux admins and developers interact with UNIX domain sockets regularly, but functions like MSG_OOB don’t normally enter the conversation. This feature—introduced back in Linux kernel 5.15—is meant to send “out-of-band” data through a socket. Think of it as a way to send one byte outside the normal data flow. Why one byte? Legacy compatibility. You’ll find it used in some edge cases, like Oracle products, but it’s otherwise forgotten in the shadows of kernel functionalities. The issue is that MSG_OOB was never implemented with modern applications in mind. In theory, it does what it’s supposed to: a single byte of out-of-band data is sent via send() and processed separately by recv() . But on closer inspection, the way this feature interacts with kernel structures—specifically with socket buffers and linked lists—creates dangerous inconsistencies. CVE-2025-38236: A Crippling UAF Bug Here’s where things go sideways. Horn’s write-up breaks it down , but the takeaway is this: there's a use-after-free (UAF) condition. Specifically, when the kernel processes out-of-band messages, it uses a data structure ( oob_skb ) to hold a reference to the socket buffer storing said message. The problem occurs when you start manipulating these buffers. Carefully crafted sequences of send() and recv() calls, which are normally valid, can force the kernel to reuse memory that was never properly cleaned up. Attackers love UAF bugs for obvious reasons. They can reclaim freed memory, poison it with malicious payloads, and trick the kernel into operating on those payloads as if they’re valid data. Combine this with a misconfigured sandbox, and you’ve got a clean path to kernel exploitation. Why Should You Be Concerned About CVE-2025-38236? From an attacker’s perspective, this vulnerability is a dream scenario. It requires no obscure hardware or special tools—just a browser (Chrome) and a target (Ubuntu, Debian, or any Linux system running kernel 6.9 or higher). Once they get past Chrome’s renderer sandbox, they’ve essentially bypassed one of the strongest security boundaries in desktop computing. Chrome’s renderer sandbox is supposed to be bulletproof. It protects users when a malicious website tries to execute arbitrary code. But even strong walls fall apart if they expose weak hinges—and in this case, those hinges are the MSG_OOB feature. Its availability inside the Chrome sandbox effectively handed attackers an overlooked pathway to escalate privileges. Who’s Affected by CVE-2025-38236? If you fit one or more of the following criteria, you are at risk of CVE-2025-38236 exploits: Linux 6.9 and Up: If you’re running Linux kernel 6.9 or later, you’re vulnerable right out of the box. Older kernels aren’t technically affected unless patches backported the feature. Chrome Users on Linux: If Chrome is running on your system, this bug gives malware running inside the renderer enough leverage to target kernel-level memory. Debian-based distributions, specifically Debian Trixie on x86-64 systems, appear to demonstrate the vulnerability clearly. General Desktop Linux Users: While the attack vector for server environments might differ, anyone relying on Linux desktops, particularly for browsing, is at serious risk. What Can You Do to Protect Against CVE-2025-38236? If the possibility of kernel-level control doesn’t already have your attention, then here’s what you need to focus on immediately: Patch, Patch, Patch: The fix is already upstream. As of kernel version 6.9.8 , the memory management bug in MSG_OOB has been patched. That’s your best defense. If you can't deploy the latest kernel straight away, consider temporary mitigations. Disable MSG_OOB: If you’re compiling a custom kernel, disable MSG_OOB entirely by setting CONFIG_AF_UNIX_OOB=n . This was never a particularly useful feature to begin with, and disabling it won’t hurt most environments. Apply System Call Filters: Use seccomp where applicable to limit what system calls untrusted processes (like Chrome’s renderer) can execute. Focus on filtering calls like send() and recv() when they include the MSG_OOB flag. Longer-Term Security Strategies This vulnerability also raises questions about kernel design and sandbox strategies. Obscure features, even those rarely used in practice, risk accumulating technical debt. CVE-2025-38236 is a textbook example of how attackers can exploit overlooked functionality, turning niche-use cases into systemic flaws. Audit Configurations: Review your kernel configurations and disable any features unnecessary for your workload. Sometimes, less is more—less attack surface, less headache. Limit Kernel Exposure: Sandboxing is critical, but it’s only as strong as the kernel it’s isolating you from. Make sure your kernel attack surface is as small as possible by usingminimalist distributions that strip away unneeded features. Closing Thoughts on Combating CVE-2025-38236 If you spend enough time in Linux security, you understand one thing: there’s no such thing as “bulletproof.” Strong security, whether it’s in Chrome’s renderer sandbox or the Linux kernel itself, starts with minimizing complexity and reducing exposure to unnecessary risk. CVE-2025-38236 reminds us that no system operates in isolation. A poorly-understood feature like MSG_OOB , intended for niche use cases, can quietly undermine critical security boundaries when exposed in the wrong context. Malware authors are always watching for these gaps in the armor. For admins, the lesson is clear: stay vigilant, stay updated , and don’t be afraid to strip functionality you don’t need. Linux kernel security is everyone’s responsibility. Every unused feature you disable, every suspicious process you isolate—it all adds up to make your systems just a little more difficult to exploit. And sometimes, that’s enough to stop the next CVE. Stay sharp. . Exploring the critical MSG_OOB exploit affecting Linux systems, how it works, and security measures for protection.. Linux Kernel Bug, CVE-2025-38236, Privilege Escalation, Security Measures. . Brittany Day
Aug 12, 2025
•
Security Vulnerabilities
210
security practicesLinux securitysystem protectionEffective Techniques to Reduce Kernel Bugs in Linux Operating Systems
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs. Understanding and mitigating the vulnerabilities in the Linux kernel is essential in safeguarding your systems against exploits leading to compromise. Let's examine why kernel vulnerabilities are such a severe threat and mitigation strategies for protecting against them. . Why Are Linux Kernel Bugs Such A Severe Threat? How Can I Secure My System Against Them? The kernel is in a unique spot in the system, where even ordinary bugs can be transformed into vulnerabilities if exploited cleverly. Linux kernel developer Jonathan Corbet states, "In the kernel, just about any bug, if you're clever enough, can be exploitable to compromise the system." This statement raises important questions about the level of security that can be achieved in Linux systems and the measures required to protect them effectively. To address these concerns, Corbet suggests using long-term stable (LTS) kernel releases, which receive regular patches and fixes for identified vulnerabilities. He advises Linux admins and infosec professionals to ensure that their distributions run LTS kernel releases, as they provide a certain level of assurance against known threats. However, this approach has a caveat, as Corbet warns that LTS releases will no longer be supported for as long as they used to be. This change has long-term consequences, as it accelerates the phasing out of older kernel versions and emphasizes the need for regular updates to current versions. It is critical to highlight the Linux kernel developer community's immense efforts to maintain the kernel's security and stability . Corbet mentions the increase in first-time contributors, which indicates a vibrant and forward-moving community. However, he points out the critical issue of burnout among maintainers and long-time developers. Without adequate support, the risk of frustrated developers, deteriorating codequality, and increased security problems becomes a looming concern. Given these implications, companies must treat Linux work as a top priority and provide the necessary resources to support the community. Nearly all businesses depend on Linux. Ignoring this fact would be detrimental, as it could lead to compromised systems, data breaches , and financial losses. Regularly updating to the latest LTS kernel release and actively supporting the Linux developer community can go a long way toward maintaining system security. Our Final Thoughts on Protecting Against Linux Kernel Bugs This article aims to provide valuable insights into the challenges of keeping Linux systems safe from kernel bugs. The importance of proactive measures such as using LTS releases, supporting the developer community, and staying updated with the latest security patches must be emphasized. By critically analyzing the implications presented in this article, security practitioners can better understand the impact on their practices and make informed decisions to safeguard their Linux environments. . Protect your Linux system from kernel vulnerabilities with regular updates, minimal installations, security modules, and active monitoring for potential threats. Kernel Bug Management, System Protection Strategies, Linux Kernel Security. . Dave Wreski
May 18, 2024
•
Security Vulnerabilities
210
security issueinformation leaklocal privilege escalationLocal Privilege Escalation Threats: 15-Year-Old Linux Bugs and Risks
Researchers have discovered three vulnerabilities capable of granting attackers root privileges on Linux systems if they are able to gain access through other methods. These bugs, which affect the iSCSI kernel subsystem, have existed for more than 15 years. . Similarly, The Zero Day Initiative (ZDI) researchers uncovered another decade and a half old Linux vulnerability affecting ISC BIND servers configured to use GSS-TSIG features. The discovery of old but active bugs underscores the need for open-source maintainers to monitor external modules to ensure they observe the best security practices, according to the ZDI. . Legacy Linux flaws enable local rights escalation and information exposure; vital for developers to remedy vulnerabilities.. Linux Privilege Escalation, Open Source Vulnerability, Kernel Bug, Information Leak Risk. . Brittany Day
Mar 23, 2021
•
Security Vulnerabilities
83
security advisorycriticaldata lossLinux 5.1 Critical Advisory: Data Loss Risk from FSTRIM on LVM and dm-crypt
As a forewarning to those using LVM, dm-crypt, and Samsung solid-state drives, this combination in some manner(s) may lead to data corruption if using the Linux 5.1 kernel. . Linux FSTRIM/Discard is being too aggressive leading to data loss on certain setups, which at this point seem to be isolated to those using LVM and dm-crypt. The device mapper bug in Linux 5.1 is causing for blocks to be discarded wrongly or too much and that can lead to "massive data loss" issues. The link for this article located at Phoronix is no longer available. . The FSTRIM utility in Linux could significantly threaten data integrity for users of Logical Volume Management, dm-crypt, or Samsung SSDs. Linux Kernel, Data Loss Bug, Overly Aggressive FSTRIM, LVM, dm-crypt. . LinuxSecurity.com Team
May 25, 2019
•
Hacks/Cracks
77
security researchvulnerabilitysoftware flawGoogle Researchers Expose 20 Kernel Bugs in Linux and Windows Systems
Two security researchers at search engine giant Google have discovered 20 kernel bugs, about half remaining unpatched, affecting Windows, Linux and the popular VMware virtualization software over the last several years. Google engineers, Julien Tinnes and Tavis Ormandy said kernel security must improve. They shared their kernel security research recently at the CanSecWest Applied Security Conference. They say they hope their data motivates operating system developers to reduce the kernel attack surface.. The kernel is the underlying code base of an operating system where processes, resources and memory allocation is handled. While attacks against kernel flaws are few in number because they take an increased sophistication to pull off, they can be serious because a successful attack could give cybercriminals complete access to a system and all its resources. The link for this article located at Search Security is no longer available. . Recent discoveries reveal critical kernel weaknesses in Windows, Linux, and VMware, prompting programmers to enhance kernel defense mechanisms.. Kernel Bugs, Linux Flaws, OS Security Threats, Software Vulnerability. . LinuxSecurity.com Team
Mar 31, 2010
•
Server Security
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More