PinTheft This is the name of a new privilege escalation vulnerability in Linux that already has a working public exploit and is generating concern among administrators and cybersecurity experts. The flaw affects the Reliable Datagram Sockets (RDS) subsystem of the kernel and allows a local attacker to gain root privileges on vulnerable systems.
The problem has been identified by the V12 research team and, although it does not yet have an official CVE identifier, A patch is already available to fix it.The researchers explain that the exploit takes advantage of a double memory release vulnerability within the RDS “zerocopy” path, combining it with io_uring to overwrite the system page cache. According to the experts, The greatest risk is currently concentrated in Arch Linux, since this distribution loads by default the RDS module necessary to exploit the vulnerability.
PinTheft and the growing problem of privilege escalation in Linux
The emergence of PinTheft adds to a series of recent local privilege escalation vulnerabilities that have affected the Linux kernel in recent months. Cases such as Dirty Frag, Fragnesia o Copy Fail They had already demonstrated that these types of flaws can quickly become real threats when PoC code is published and made accessible to the community.
In the specific case of PinTheft, exploitation requires several specific conditions: the RDS module must be loaded, io_uring must be enabled, and an accessible SUID binary must exist on the system. This significantly reduces the attack surface compared to other similar vulnerabilities, although experts warn that Arch Linux meets several of these requirements by default.
Researchers recommend immediately updating the kernel to a patched version. For those unable to apply the patch immediately, a temporary workaround has also been proposed: disabling and blocking the loading of RDS modules using modprobe.
The publication of working exploits for Linux vulnerabilities is increasing the pressure on administrators and security teams, especially in multi-user environments, shared servers, or critical infrastructures where a local escalation can quickly turn into a total system compromise.