Exploit released for new PinTheft Arch Linux root escalation flaw

Key Points:

• A new privilege escalation vulnerability, dubbed PinTheft, has been discovered in the Linux kernel's RDS module, allowing local attackers to gain root privileges on Arch Linux systems.
• The vulnerability requires specific conditions for exploitation, including the RDS module being loaded, io_uring API enabled, and a readable SUID-root binary. This limits the attack surface primarily to Arch Linux.
• It is recommended that users immediately install the latest kernel updates to mitigate this vulnerability. For those unable to patch right away, disabling the RDS module can help prevent exploitation.

Technical Details: The PinTheft vulnerability involves a double-free error in the RDS zerocopy send path that can be exploited through a PoC exploit released by V12 security team. The flaw allows attackers to manipulate page-cache and potentially gain root access.

MITRE ATT&CK Techniques:

• None mentioned

IOCs Mentioned:

• None mentioned