this post was submitted on 11 Jul 2026
70 points (96.1% liked)

Linux

14269 readers
493 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 3 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] far_university1990@reddthat.com 18 points 1 day ago (2 children)

Is this year of local privilege escalation?

[–] 8uurg@lemmy.world 11 points 1 day ago (1 children)

Privilege detection can be detected (i.e. by having a certain application run as root), if you have a piece of software try out a bunch of things (fuzzer, or more recently an LLM-in-a-loop) until this detection is triggered - evidence of actual success, even when things like LLMs are prone to 'hallucinations' (or lies) - you've got evidence of an exploit.

We have reached a point where this methodology is applied to a bunch of codebases, with some technological advances making it more capable and faster, hence the larger number of exploits being found.

[–] far_university1990@reddthat.com 3 points 16 hours ago (1 children)

I know, but why is all just lpe? Or just lpe that reported?

[–] 8uurg@lemmy.world 1 points 12 minutes ago

I have seen others too, I think that the difference lies in that privilege escalation is just more critical and hence prominent.

[–] psud@aussie.zone 8 points 1 day ago* (last edited 1 day ago)

Yes. AI bug searches are proving very fruitful. Linux is going to be so much more secure in future

What's going to be exciting is when AI can read binaries as well as it reads code, then we get the same quantity of bugs but for windows and Apple and all the phones

Fun thing with this bug is that sandboxes and containers can't save you — any process that can execute local code can run this exploit and get root.