Kernel-Security on HackingPassion.com : root@HackingPassion.com-[~]

OpenBSD Let Attackers Log In With an Empty Password for 27 Years

Wed, 17 Jun 2026 12:55:58 +0200

A 27-year-old flaw in OpenBSD let attackers bypass its PPP login with nothing more than an empty username and an empty password. Hand a vulnerable system a blank name and a blank password, and its own login check treated that as a perfect match and let the connection in.

The problem sits in the part of OpenBSD that handles PPP, the protocol behind many DSL and fiber connections, usually carried through PPPoE. When two machines set up that kind of link, one side can ask the other to prove who it is. One of the older ways to do that is PAP, the Password Authentication Protocol. One machine sends a name and a password, the other checks them against what it has stored, and if they match the link comes up.

ssh-keysign-pwn Lets Any Linux User Steal SSH Keys and Password Hashes Without Root

Sat, 16 May 2026 11:50:16 +0200

ssh-keysign-pwn is a newly disclosed Linux kernel vulnerability that gives any unprivileged local user direct access to the SSH host private keys of a server and every password hash stored on the system. It was reported on May 14, 2026, and a working exploit was on GitHub within hours of the patch landing.

The bug lives in a piece of kernel code called __ptrace_may_access(). This is the security check the kernel runs every time one program wants to look inside another program: reading its memory, accessing its open files. The kernel runs this check and asks: is this target process marked as safe to inspect, and does the caller have the right to do this? If either answer is no, access is denied. That is how it is supposed to work.

Dirty Frag Gives Root Access on Every Major Linux Distribution

Fri, 08 May 2026 10:24:54 +0200

A new Linux zero-day called Dirty Frag gives any local user full root access on every major Linux distribution, and right now no distribution has a patched kernel available. The researcher planned to give distributions until May 12 to prepare. Someone leaked the exploit five days early, and it went public before a single distribution had a fix ready.

Hyunwoo Kim (@v4bel) found both vulnerabilities and quietly reported them to the Linux kernel security team at the end of April, including working exploits and patches. The plan was to give Linux distributions until May 12 to prepare fixes before anything went public. On May 7, he told the group of distribution maintainers about it and set that five-day hold in motion. That same day, someone else published the exploit online. The agreement was clear: if that happened, everything would go public immediately. Kim released the full details within hours. Two CVEs have since been assigned: CVE-2026-43284 for the IPsec variant, which now has a patch in the kernel mainline, and CVE-2026-43500 for the RxRPC variant, which has no patch anywhere yet. How the exploit got out early is still unknown. The patch for the IPsec bug had been sitting on a public kernel mailing list since April 30, so someone paying close attention to kernel development could have spotted it there. Or someone inside the distribution group leaked it. Nobody knows.

Copy Fail CVE-2026-31431: Nine Years of Root Access Hidden in the Linux Kernel

Thu, 30 Apr 2026 13:13:08 +0200

Since 2017, every major Linux distribution has been shipping a flaw that hands root access to any local user. The exploit is a 732-byte Python script that uses only what comes built into Python by default. It works on Ubuntu, Amazon Linux, RHEL, and SUSE without a single modification, leaves nothing on disk, and bypasses almost every file integrity monitoring tool in existence, because the file it corrupts is never actually written to.