this post was submitted on 05 Jul 2026
9 points (84.6% liked)

cybersecurity

6301 readers
39 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Enjoy!

founded 3 years ago
MODERATORS
 

CVE-2026-43456 is a local privilege escalation vulnerability in the Linux kernel caused by a flaw in the bonding driver that can lead to use-after-free conditions during interface teardown and state transitions. Under the right conditions, a local attacker can leverage the race to obtain root privileges.

top 3 comments
sorted by: hot top controversial new old
[–] poinck@lemmy.world 7 points 2 days ago* (last edited 2 days ago) (1 children)

This is already been fixed in Debian stable with linux-6.12.86-1:

https://security-tracker.debian.org/tracker/CVE-2026-43456

[–] UnLocoPoco@lemmy.world 5 points 2 days ago

Yup just a PSA to get patched asap

[–] tribut@infosec.pub 1 points 2 days ago

Except it does not actually appear on CISA's KEV list?

https://www.cisa.gov/known-exploited-vulnerabilities-catalog