A single character could be enough to let hackers crack your Linux kernel

Logic inversion flaw in the Linux kernel (CVE-2026-23111) enabled local privilege escalation
Affected major distributions including Debian, Ubuntu and RHEL; resolves rollout unevenly
Discovery adds to surge in recent Linux LPEs as maintainers grapple with AI-driven bug report overload

A single stray character sitting in the Linux kernel created a logical inversion flaw that allowed privilege escalation, leading to a (theoretically) full device takeover.

The flaw was discovered in early 2025 by security researcher Oliver Sieber of Exodus Intelligence, who later demonstrated a fully working local root exploit and is now tracked as CVE-2026-23111 and given a severity score of 7.8/10 (high).

According to TheHackerNewsthe vulnerability is linked to the upstream Linux kernel, meaning it could affect many distributions that shipped a vulnerable kernel build. Specifically, Debian (Bookworm and Trixie, and in some cases Bullseye), Ubuntu (22.04 LTS, 24.04 LTS and 25.10) and Red Hat Enterprise Linux 10 (RHEL 10) were confirmed to be affected – with SUSE and Amazon Linux also being tracked or generally affected.

Several kernel bugs discovered

The caveat here is that a system is only exposed if it has a vulnerable kernel version (before the patch), nf_tables is enabled, and unprivileged usernames are enabled.

In the weeks and months after publication, some distro maintainers came forward with a fix. For example, Ubuntu now has fixes for 22.04, 24.04 and 25.10, while Debian fixed Bookworm and Trixie. There is also a 6.1 backport for Bullseye LTS. Red Hat, SUSE and Amazon Linux don’t seem to have fixed it yet.

It’s been an eventful few weeks for the Linux kernel as researchers discovered several local root vulnerabilities. Copy Fail, Dirty Frag, Fragnesia, DirtyDecrypt, are just some of the major vulnerabilities that were discovered and fixed in recent times.

At the same time, Linux all-father Linux Torvalds said the project’s security mailing list has become “almost completely unmanageable” due to researchers using AI to find bugs, submitting duplicate reports, essentially DDoSing those working to actually address them.