Researchers disclosed a public proof-of-concept for PinTheft, a recently patched Linux local privilege-escalation flaw in the kernel's RDS zerocopy send path that can yield root on Arch Linux systems. The bug has not yet received a CVE ID. Exploitation requires the RDS module to be loaded, io_uring enabled, and other specific conditions; Arch is reportedly the only common distro tested with RDS enabled by default.
Why it matters: Public exploit code raises the risk of real-world abuse on exposed systems, especially where patching lags. Defenders should prioritize kernel updates or disable/unload the RDS modules as a mitigation.
Sergiu Gatlan
2026.05.20
100% relevant
This article establishes a distinct story about the PinTheft Linux kernel privilege-escalation flaw and the release of exploit code, not the same underlying event as the tracked Drupal, SonicWall, Grafana, CISA GitHub, or Ukraine infostealer stories.
← Back to all stories