Breaking
New York Times defends journalist after Israel threatens to sueNew Zealand firms have grown more cautious about investment in recent years, NZIER report findsBangladesh tests its India ties by seeking China's aid for Teesta RiverMahmoud Khalil asks court to halt deportation, citing new evidenceNew York Times defends journalist after Israel threatens to sueNew Zealand firms have grown more cautious about investment in recent years, NZIER report findsBangladesh tests its India ties by seeking China's aid for Teesta RiverMahmoud Khalil asks court to halt deportation, citing new evidence
Vesper
ENESFRTR
Log inSign up
Charts
Articles:SportsHealthHistoryTech
Markets
EUR/USD1.1630 0.02%GBP/USD1.3337 0.16%USD/JPY158.65 0.06%USD/CHF0.7865 0.02%AUD/USD0.7155 0.08%USD/CAD1.3748 0.06%USD/CNY6.8229 0.18%USD/INR96.01 0.04%USD/BRL5.0187 0.27%USD/ZAR16.65 0.08%USD/TRY45.56 0.03%Gold$4,541.20BTC$78,375 2.68%ETH$2,193 2.71%SOL$87.44 4.19%
Tech

Linux kernel hit by a second severe vulnerability in two weeks; production patches now rolling out

Ars Technica3 d ago
ShareXWhatsAppTelegramLinkedIn
A server rack illuminated by blue LED lights inside a data centre
Photo: panumas nikhomkhai / Pexels

Linux administrators have been pushed into action again by a second severe kernel vulnerability inside two weeks. According to Ars Technica, production-version patches are now rolling out and system administrators are calling for prompt installation.

The new vulnerability is tracked as CVE-2026-3471 and allows remote code execution at the TCP stack level. An attacker can obtain root access on the target system. It is being described as one of the most critical kernel vulnerabilities of the last decade. Its CVSSv3 score is 9.8/10.

It follows CVE-2026-3201, recorded two weeks ago, which allowed a local privilege escalation through abuse of kgss. The two vulnerabilities are independent and appear in different modules: the first in the file system, the second in the network stack.

According to sources, CVE-2026-3471 was disclosed privately to the Linux kernel maintainers three weeks ago. The researcher who reported it is Mateusz Jurczyk of Google Project Zero. The merging of patches into the main forks was completed this week and the canonical releases (6.14.5, 6.16.2, 6.17.1) have been published.

Affected versions include everything after 5.10 LTS. That covers RHEL 9, Ubuntu 22.04 LTS, Debian 12 and other major distributions. Red Hat has announced patches across its product family; Canonical (Ubuntu) and Debian's security teams have moved packages into their repositories.

Linux kernel lead developer Greg Kroah-Hartman wrote on the kernel mailing list: "Seeing two serious vulnerabilities back-to-back is unusual; we'll look into it." That may open a fresh debate in the kernel development community on how vulnerabilities are found and reported.

Earlier this year the Linux Foundation launched a security research programme called the Lockdown Project, intended to find vulnerabilities faster. The programme will scale up in autumn 2026 with an additional $8 million in funding. Google and AWS are among the main backers.

Security researcher Maddie Stone told the BBC: "The Linux kernel has seen a doubling of CVE numbers in the last four years. That is not necessarily a bad development; it means more researchers are looking at the kernel code. But moving to automated patch distribution is now becoming mandatory."

Major cloud providers have issued policy updates to ensure that customer machines are automatically patched. AWS recommended that EC2 customers schedule a reboot within 24 hours. Google Cloud reminded users that its automatic patcher is on by default. Microsoft Azure has scheduled maintenance windows for the weekend.

The Linux kernel runs the overwhelming majority of server software around the world: Gartner data put internet infrastructure at about 96% Linux. Kernel vulnerabilities therefore directly affect cloud services and millions of consumer devices including Android phones. Patch distribution is now actively in progress; tracking security teams say there is no evidence yet of widespread exploitation in the wild.

This article is an AI-curated summary based on Ars Technica. The illustration is a stock photo by panumas nikhomkhai from Pexels.