Just one character could be enough for hackers to hijack your Linux kernel

A logic inversion bug in the Linux kernel (CVE‑2026‑23111) allowed local escalation of privilege
Major distributions affected, including Debian, Ubuntu and RHEL; patches deployed unevenly
The discovery adds to the rise of recent Linux LPEs as maintainers face an overload of AI-driven bug reports

A single stray character present in the Linux kernel created a logic inversion bug that allowed privilege escalation, leading to a (theoretical) complete takeover of the device.

The bug was discovered in early 2025 by security researcher Oliver Sieber of Exodus Intelligence, who later demonstrated a fully working local root exploit, and is now tracked as CVE-2026-23111 and receives a severity score of 7.8/10 (high).

According to TheHackerNewsThe vulnerability is related to the upstream Linux kernel, which means it can affect many distributions that shipped a vulnerable kernel version. Specifically, Debian (Bookworm and Trixie, and in some cases Bullseye), Ubuntu (22.04 LTS, 24.04 LTS, and 25.10), and Red Hat Enterprise Linux 10 (RHEL 10) have been confirmed to have been affected – with SUSE and Amazon Linux also being tracked or affected in general.

Several kernel flaws discovered

The caveat here is that a system is only exposed if it has a vulnerable kernel version (before the patch), nf_tables enabled, and unprivileged user namespaces enabled.

In the weeks and months following the disclosure, some retail executives proposed a fix. Ubuntu, for example, now has patches for 22.04, 24.04 and 25.10, while Debian has fixed Bookworm and Trixie. There is also a 6.1 backport for Bullseye LTS. Red Hat, SUSE and Amazon Linux don’t seem to have fixed it yet.

It’s been an eventful few weeks for the Linux kernel, as researchers discovered several local root vulnerabilities. Copy Fail, Dirty Frag, Fragnesia, DirtyDecrypt, are just some of the major vulnerabilities discovered and fixed in recent times.

At the same time, Linux Torvalds, the father of Linux, said the project’s security mailing list had become “almost entirely unmanageable” because of researchers using AI to find bugs, sending duplicate reports, essentially via DDoS, to those working to fix them.