Well shit. I wonder if all Linux systems are affected, the testing in the repo doesn't cover Arch for instance. For now I'd assume the answer is yes.
this post was submitted on 07 May 2026
192 points (98.0% liked)
Linux
65189 readers
527 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 7 years ago
MODERATORS
Its a kernel exploit, so probably. But I just checked my arch installs,and I don't have any of the kernel modules loaded. ~~Loading requires root anyway, so I think this may be fairly limited in reality?~~
Edit: seems the modules get loaded automatically :(
They'll get loaded, even without root
don't see 'em loaded here, either. trixie (dietpi) server, aurora (f44) desktop
load more comments
(5 replies)
_
Funny that just after Microsoft commits suicide with Winders 11, Linux "exploits" start popping up like Whack-A-Moles. Makes one wonder if they were inserted by MS engineers.
load more comments
(1 replies)
What's up with all these vulnerabilities?
Kind of worried to be honest, two in like a week? Pretty scary.
I'm very dumb about Linux technical stuff but I feel like root access is way too easy to be accessed.
Is there any way to make it harder? I mean let's say similar to Android, you need to unlock the boot loader first, flash a recovery and flash Magisk or something, that's a good layer before root access.
At least for Linux Desktop, maybe make it so we can get root access only via a bootable USB with a correct password? Just for sporadic system changes.
Is there anything like that?
There is an LLM called mythos from Anthropic that is very good at finding vulnerabilities.
Drinking the kool-aid, are we?
I’m telling you what is in the news. I’m sorry you are in denial. The vulnerability was uncovered by an AI tool and we can expect a lot more of them to be found. So, in answering the original question, “that’s what’s up with all the vulnerabilities.”
https://www.theverge.com/ai-artificial-intelligence/908114/anthropic-project-glasswing-cybersecurity
Nope, not in denial. You just read the inital, overhyped, marketing coverage. Maybe do some research before repeating dumb, uninformed headlines. Here's an article that can better inform you.
Maybe you didn’t read it, but the article expresses that LLMs are being used to find vulnerabilities in software.
The only real argument it makes that Mythos isn’t special is that other LLMs and human security researchers can also find vulnerabilities. This is true, but I find it funny because in the same section they note that it found 271 vulnerabilities in Firefox. I don’t think this article is the gotcha that you think it is.
You strike me as just another Lemmy drone that downvoted and hates everything AI. And the energy and negativity with which you’re attacking me when all I was doing was answering a comment about why so many vulnerabilities are being found these days with an actual true statement is just weird man. Save your AI anger for someone else.
Except that it is? There's nothing particularly special about mythos and it's not "too dangerous" to release. LLMs make it easier for people to find potential vulnerabilities, true. But they cannot actually confirm that they're real wothout an actual person verifying it. Lots of reports are bogus.
Do I hate AI? Of course I do. It literally has nothing positive unless you're an ai company's ceo. It's being sold at a heavily subsidized price that is literally unmaintainable. All models will have to use token based pricing and that's wgen you'll see what it actually costs (spoiler alert, it's a fuckton of money). This awfyl technology is also why a lot of tech is getting increasingly expensive.
Not to mention that for these models to exist, all of these companies stole unfathomable amounts of data and caused chaos in the job market. Aaron Swartz's life was turned into hell for much less.
You're literally defending a product that's enshitifying your life. It's absolutely moronic.
load more comments
(4 replies)
load more comments
(16 replies)