CVE-2026-23297

A flaw was found in the Linux kernel's nfsd component. A local user could exploit this vulnerability due to a missing putcred call in the nfsdnlthreadssetdoit function. This oversight leads to a memory leak of struct cred objects, which can result in a denial of service by exhausting available...

EUVD-2024-53211

Malicious code in bioql PyPI...

UBUNTU-CVE-2024-56563

In the Linux kernel, the following vulnerability has been resolved: ceph: fix cred leak in cephmdscheckaccess getcurrentcred increments the reference counter, but the putcred call was missing...

io_uring Same Type Object Reuse Priv Esc

This module exploits a bug in iouring leading to an additional putcred that can be exploited to hijack credentials of other processes. We spawn SUID programs to get the free'd cred object reallocated by a privileged process and abuse them to create a SUID root binary ourselves that'll pop a shell...

io_uring Same Type Object Reuse Privilege Escalation Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'iouring Same Type Object Reuse Priv Esc', 'Description' = %q This module exploits a bug in iouring leading to an additional putcred that can be...