Bonum Certa Men Certa

The Slop-Amplified Fear of Privilege Escalation (Local, Not Remote) in Linux, the Kernel

posted by Roy Schestowitz on May 12, 2026

Don't panic over new Linux exploits: How to check if your PC is affected in under 5 minutes

This article will not belittle security, but it will put things in some much-needed perspective.

Lately there were a couple of bugs found (one prematurely talked about due to carelessness and lack of coordination with self-serving opportunists who profit from a sense of risk) in Linux - the kernel, proper, but not 'core' parts - and both of them got branded, which in the more distant past (pre-IBM) Red Hat complained about. It asserted that logos and catchy names meant lots of media hype would follow, irrespective of the real severity or objective underlying risk/s. One of the brands can cover two separate bugs (but interconnected). To quote one site: "Dirty Frag is a vulnerability chain combining two page-cache write primitives in the Linux kernel: one in the xfrm-ESP (IPsec) subsystem..." (link omitted due to sensationalism)

I used IPsec for a number of years but have not had it installed for over half a decade. As noted in IRC earlier today, there is more impact for some than for others. In many use cases (for servers, desktops, gadgets), this is not relevant. A week ago it already 'leaked' that AFS was impacted and "AFS had a lot of file ACL commands to let any user create an AFS ACL and put 4 group project members in..."

How many people still use AFS and how easy is it to access AFS-linked code?

Quoting the Linux Mint forums: "I guess I'm just wondering *exactly* how vulnerable the normal user is to this exploit? Not saying it's not important, but what is the probability that a single user workstation can be affected by this? The mitigation is fairly simple, so that's a relief."

So now there is a patch and there will be many more patches anyway. Many more. Linux gets patched all the time. How many people should be frantic about it and reboot ASAP? As someone in the forums put it: "Also, please note, to be affected by this vulnerability, you need a malicious local user capable to access your computer. That quite a theoretical possibility for most of us."

We are not downplaying those bugs, but we feel like one of them (the first) was creating lots of hype because it was allegedly a slop-attributed one (allegedly; we cannot know for sure and it is not wise to guess); we were all along being privately practical about this and rebooted when the patch became available. To be clear, local privilege escalation bugs will never be a huge deal like authentication bypass over SSH.

The pair of bugs (above) are not as critical as the media wants us to believe. The first is not 10.0 (rating for severity), not even 9.0. It is probably OK to apply that and reboot, but on many systems it is not imperative. As I explained earlier today to a peer, it very unlikely that a new PM (Perl Module) in Debian will contain an exploit for this (which can moreover be potently planted, then subsequently leveraged). It's also unlikely that any of the local users on our systems will get all nasty (or that Rianne will decide to become root; which she can regardless). And so in "realworld" terms, we prefer to put it in perspective and combat some of the media hype, which is heavy on brands and buzzwords (a lot talks about "AI").

If remote exploitation is very unlikely, and if the local users are trusted (or have physical access to the system), what is the complete risk model?

If someone trusted ends up putting bad/malicious files on the system (and it is not possible to run them without root), either maliciously or ignorantly, then the true damage is contained. In our case, we need not worry about the upstream doing so because we don't use Microsoft NPM or something like that; that's because the system is managed via Debian repos and we don't use some bloated CMS crapwares (they often rely on PHP crapware or user-side uploaders for various users, which we lack; that's how malicious files often get planted/placed onto systems).

"I have not been able to cut through the hype to find the nature of that particular patch," an associate said.

For nearly a week now people wait to find out what this was all about. Uncertainly contributed to the panic.

Weeks ago Anthropic (evil company that coerces institutions into doing marketing for it) said a model was too dangerous to release. Then it leaked. And nothing happened.

The same goes for this latest bug, which has a brand and a logo (Tux, the Linux mascot having just turned 30, holding a grenade).

Did this live up to the hype? It relates to kernel subsystems like VPN (which not many people use at all) and for most people, with typical use cases, this does not pose a risk. They don't have "evil maid" accounts and they use only simple software. Their VPN - if any - does not live in the kernel or hijacks the network stack.

Since a lot of today's news sites are weak on research and some became slopfarms (just parroting those poorly-researched utterances about "Linux") we are meant to assume this is no better and no worse than Microsoft intentionally putting back doors in everything, even encryption.

Other Recent Techrights' Posts

Jim Zemlin/Linux Foundation Selling Anthropic Slop After Getting Bribed for Slop Marketing ('Linux' Foundation is a Pay-to-Say For-Profit Marketing Company That Buys and Manipulates the Media Based on False Pretences)
Look what they've done to Steven Vaughan-Nichols (SJVN)
The Corrupt Lecture the Non-Corrupt - Part XX - EPO Management's Unified (One) Voice or Policy is, Doing Cocaine is OK When You're a Friend and/or Family of President Campinos
The management needs to resign to save the Office
 
Gitlab is in Trouble and Its Shares Have Collapsed
Down almost 80% since it began [...] The real issue has nothing to do with slop, it is a lack/loss of customers and erosion of the company's theoretical "value"
Microsoft: Mass Layoffs Are "Offers" (Like "Job Offers"), Culling Experienced and Highly-Paid Staff is "Softer Workforce-reduction Strategy"
Media sites that play along with those lies don't do journalism, they're in the PR industry
Under IBM, Mass Layoffs at Red Hat No Better Than Oracle Under Larry Ellison (Treating Workers Like Disposables - Even Enemies - Overnight)
under IBM the respect for the worker (or peer) does not exist
The Slop-Amplified Fear of Privilege Escalation (Local, Not Remote) in Linux, the Kernel
we are meant to assume this is no better and no worse than Microsoft intentionally putting back doors in everything, even encryption
GitLab the Latest Company to Do Mass Layoffs and Use Slop as the Go-to Excuse (GitLab Users Should Worry Too)
This round of layoffs (disguised as something else) has nothing to do with slop ("hey hi"). It's about commercial problems.
Technology Not Meant to Last
A society apathetic towards declining production (or manufacturing) standards will end up ripped off
statCounter Cannot 'See' Chinese Operating Systems That Gain Many Millions of Users Per Month
There is no way for statCounter to recognise or show the market share of HarmonyOS
SLAPP Censorship - Part 74 Out of 200: The Basis of My Lawsuit Against Alex Graveley, Who Helps Garrett Stack the Docket in Another Continent
claim against the Serial Strangler from Microsoft
Update on Slop About "Linux"
"Linux" is a term many people are interested it, so it's not shocking that slopfarms target it
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, May 11, 2026
IRC logs for Monday, May 11, 2026
GAFAM (Microsoft) "Cloud Computing" Means Another Country's Military Accesses All Your Data
reminder that confidentiality and Clown Computing are complete opposites
Another Discrimination Lawsuit Against IBM and Workers Say IBM Culls Older Workers (Just Like Microsoft)
If IBM fails to retain some of the smartest people, then what is the future of IBM?
Gemini Links 12/05/2026: Android Nostalgia and Switching to Guix
Links for the day
Links 11/05/2026: Another Oracle Setback and Mass Layoffs in Iran
Links for the day
Gemini Links 11/05/2026: Older Can Be Faster and Textmode Workflow
Links for the day
Links 11/05/2026: The Solicitors Regulation Authority (SRA) Admits It Only Reacts When It's Too Late (Damage Already Done), Ombudsman’s Animal Cruelty HK Report
Links for the day
If It Takes You a Second to Serve (or Receive) a Page, That's Definitely Too Slow
For speeds at milliseconds (e.g. for pages to fully load in a tenth of a second) the pages must be ready to be sent as soon as they're requested
It's Not About Speed, It is About Patience and Adherence to Truth, Principles, Scientific Integrity
attacks on us only ever made us stronger - a lesson that our adversaries have learned the hard way
Cyber Show Does it Like Techrights: Static and Gemini Protocol as 'First-Class Citizen'
HTML and GemText (over Gemini Protocol) would be rendered in tandem
Libya's Share on the Web: 5.2% GNU/Linux
GNU/Linux has hit an all-time high there
SLAPP Censorship - Part 73 Out of 200: Microsoft's Graveley and Garrett Remain Closely Connected in May 2026 ("Tag-Teaming" Against Bloggers in Another Continent)
The phrase "judge a person by their friends" seems applicable here
Codecs and Software Patents - Part VI - The European Patent Office, Nokia, Microsoft, Sisvel, and More
Whatever Nokia used to be, it's certainly not an ally and a lot of the turmoil at the EPO is the fault of companies like Nokia
Discussions About When the Axe Falls at IBM/Kyndryl (11,000 Layoffs Estimated)
"Kyndryl restructuring should reduce overhead functions and reduce the number of managers that lack technical knowledge"
A World After Microsoft (and GAFAM) and After GitHub Shuts Down
the only growth area is debt
Fake News, Propaganda, and Misinformation: Microsoft Investing Money It Does Not Have in "Hey Hi" (for "Entertainment Purposes" Only)
This will not end well
Today the Whole European Patent Office (EPO) is on Strike and Next Monday an Even Bigger Strike
the media refuses to cover these and is thus complicit
The Corrupt Lecture the Non-Corrupt - Part IXX - EPO Management Speaks of Reputation and Integrity While Putting Cocaine Addicts in Management
If the EPO values its "reputation", then it needs to start by ousting the management
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, May 10, 2026
IRC logs for Sunday, May 10, 2026
Links 11/05/2026: Security Breaches, Politics, and Energy Crunch
Links for the day
Gemini Links 10/05/2026: "Accidental Cameras" and "Addictive" Interfaces in Social Control Media
Links for the day
Codecs and Software Patents - Part V - A Reminder That GAFAM and the European Patent Office (Which Serves American Monopolists) Do Considerable Harm to the Commons and Culture
some 'breaking' developments
Gemini Links 10/05/2026: Inkscape, Guix, and Alhena 5.5.8
Links for the day
The "Alicante Mafia" at the European Patent Office (EPO) Experiments With New Methods for Crushing Industrial Actions
Open letter to VP1 and the COO [...] What does this tell us about the status quo at the European Patent Office, Europe's second-largest institution?
The Corrupt Lecture the Non-Corrupt - Part XVIII - "The European Patent Office (EPO) has a zero-tolerance policy for fraud" (except when managers do it)
The guidebook of the EPO says fraud is not to be tolerated, but who enforces or revisits such "Red Lines"?
Links 10/05/2026: Hantavirus Brings Back 'Contact Tracing' Surveillance, "Staple Food Prices Soar in Iran"
Links for the day
Microsoft XBox Staff Know They're in Trouble, They Try to Unionise Ahead of Mass Layoffs
As the slang goes, it's going to be a "bloodbath"
Links 10/05/2026: Fake Suicide Notes and New EU Restrictions on Slop
Links for the day
SLAPP Censorship - Part 72 Out of 200: Microsoft's Graveley and Garrett Signed Documents That Hold Them Accountable to Truth and Liable for Lies
Such collaborations are unsavoury and apparently unprofessional, too
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, May 09, 2026
IRC logs for Saturday, May 09, 2026
Gemini Links 10/05/2026: Travelling to Van and "Dark Mode" as Passing Fad
Links for the day