Skip to main content

A serious Linux privilege-escalation bug has been in the wild for nine years

There’s a Linux vulnerability in the wild that’s apparently been residing in just about every Linux version for the last nine years, and Linux users will want to install a patch as soon as possible.

The exploit is titled CVE-2016-5195, and it’s a privilege-escalation bug as opposed to a code-execution vulnerability, as Ars Technica reports. That makes it theoretically less serious, but nevertheless, researchers aren’t taking it lightly. In part, it’s considered a serious threat because it resides in a Linux kernel section that’s used by almost all Linux distributions. And the bug is apparently being actively used by malicious parties in the real world.

Recommended Videos

According to Dan Rosenberg, senior researcher at Azimuth Security, “It’s probably the most serious Linux local privilege escalation ever. The nature of the vulnerability lends itself to extremely reliable exploitation. This vulnerability has been present for nine years, which is an extremely long period of time.” As of right now, Linux distributions are in various stages of receiving patches, after an official patch was developed by the official Linux kernel maintainers.

The exploit in question is one that can allow an attacker to gain greater levels of control over a targeted machine. For example, a user with otherwise limited access to a web-hosting provider’s server can use the exploit to gain deeper shell access, and then leverage that access to attack other users of the server or even server admins. Privilege-escalation vulnerabilities can also be combined with other exploits, such as SQL injection bugs, to run malicious code that they would normally be unable to execute.

Linux developer Phil Oester was the first to discover the bug, as indicated on a site that provides more information on the exploit. For now, you’ll want to check in with the maintainers of your particular Linux distribution and see if a patch is available. If it is, then you’ll want to apply it immediately to avoid seeing your Linux system suffer an attack.

Mark Coppock
Mark Coppock is a Freelance Writer at Digital Trends covering primarily laptop and other computing technologies. He has…
A coding blunder just ruined a moment of joy for lottery winners
Eurojackpot lottery slips.

Imagine the joy of being notified of a huge lottery win. What would be the first thing you’d do? Get the champagne in? Book a fancy vacation? Call your boss and tell him where to go?

And then imagine being informed that the notification had, in fact, been sent in error. Well, you can always send the booze back and cancel the holiday, but trying to convince your boss that you were just joking ... well, that may be a bigger challenge.

Read more
This TP-Link Wi-Fi 6 router is 45% off in early Prime Day deal
The TP-Link AX1800 Archer AX21 Wi-FI 6 Router on a white background.

If you're planning to buy a new router to improve your home's Wi-Fi network, the good news is that you don't have to wait for Prime Day 2025 to take advantage of huge discounts on router deals from Amazon. Here's an excellent offer — the TP-Link Archer AX21 with an eye-catching 45% discount, which drops its price from $100 to just $55. The $45 in savings will only be available for a limited time though, so you better act fast and proceed with your purchase immediately as this early Prime Day deal may disappear at any moment.

Buy Now

Read more
Watch these AI humanoid robots play soccer like Mbappé … sort of
Humanoid robots playing soccer.

Watching these humanoid robots battle it out on the soccer field, you quickly realize that Kylian Mbappé and his fellow professionals really have little to worry about. At least, for now.

The footage (top) was captured last week in Beijing at the RoBoLeague World Robot Soccer League, China's first-ever three-on-three humanoid robot soccer league.

Read more