Latest Linux Vulnerabilities Administrators Should Watch¶
Introduction¶
This article tracks recent high-severity Linux vulnerabilities that system administrators, DevOps engineers, and platform engineers should be aware of. It focuses on vulnerabilities that have confirmed patches, meaningful real-world impact, and clear remediation steps.
Each entry links to a dedicated article with full technical detail, affected versions, and patching instructions.
This page is updated as new significant vulnerabilities are confirmed from reliable sources.
Current High-Priority Vulnerabilities¶
CVE-2026-31431 — Linux Kernel Cryptographic Subsystem (Copy Fail)¶
| Field | Detail |
|---|---|
| Component | Linux kernel — algif_aead module |
| Severity | High (CVSS 7.8) |
| Impact | Local privilege escalation to root |
| Kernels affected | v4.x and later (since 2017) |
| CISA KEV | Yes — added May 1, 2026 |
| Patch available | Yes |
| Reboot required | Yes |
A use-after-free vulnerability in the kernel's AF_ALG socket interface allows a local unprivileged user to escalate privileges to root. This vulnerability was added to the CISA Known Exploited Vulnerabilities catalog, indicating confirmed active exploitation.
Immediate action: Patch the kernel on all affected systems. A temporary workaround exists via a kernel boot parameter.
Full article: CVE-2026-31431 Linux Kernel Privilege Escalation
CVE-2026-46333 — Linux Kernel ptrace Subsystem (Exit-Race)¶
| Field | Detail |
|---|---|
| Component | Linux kernel — ptrace subsystem (__ptrace_may_access()) |
| Severity | Critical |
| Impact | Local privilege escalation, /etc/shadow and SSH key disclosure |
| Kernels affected | v4.10-rc1 and later (since November 2016) |
| Patch available | Yes (upstream May 14, 2026) |
| Reboot required | Yes |
A race condition in the kernel ptrace path allows a local attacker to escalate to root and read sensitive credential files including /etc/shadow and SSH host private keys. Distribution patches are rolling out across RHEL, Debian, Ubuntu, and Fedora.
Immediate action: Apply the kernel patch as soon as it is available for your distribution. Monitor for distribution-specific advisories.
Full article: CVE-2026-46333 Linux Kernel ptrace Race Condition
CVE-2026-48095 — 7-Zip NTFS Heap Buffer Overflow¶
| Field | Detail |
|---|---|
| Component | 7-Zip NTFS archive parser |
| Affected version | 7-Zip 26.00 |
| Severity | High |
| Impact | Arbitrary code execution via crafted archive |
| Patch available | Yes — 7-Zip 26.01 |
| Reboot required | No |
A heap buffer overflow in 7-Zip's NTFS image handler can be triggered by a crafted archive file. Because multiple archive formats route to the NTFS parser, files with .7z, .zip, or .rar extensions can trigger this vulnerability.
Immediate action: Upgrade 7-Zip to version 26.01 or later.
Full article: 7-Zip Linux Vulnerabilities — What Administrators Should Know
CVE-2025-11001 and CVE-2025-11002 — 7-Zip Directory Traversal¶
| Field | Detail |
|---|---|
| Component | 7-Zip ZIP archive parser |
| Affected versions | Prior to 7-Zip 25.00 |
| Severity | High (CVSS 7.0) |
| Impact | Arbitrary file write via directory traversal |
| Patch available | Yes — 7-Zip 25.00+ |
| Reboot required | No |
Two directory traversal vulnerabilities in 7-Zip's ZIP handling allowed crafted archives to write files outside the intended extraction directory. Active exploitation was observed in the wild.
Full article: 7-Zip Linux Vulnerabilities — What Administrators Should Know
CVE-2024-11477 — 7-Zip Zstandard Decompression Integer Underflow¶
| Field | Detail |
|---|---|
| Component | 7-Zip Zstandard decompression |
| Affected versions | Prior to 7-Zip 24.07 |
| Severity | High (CVSS 7.8) |
| Impact | Remote code execution via crafted archive |
| Patch available | Yes — 7-Zip 24.07+ |
| Reboot required | No |
An integer underflow before a memory write in the Zstandard decompression implementation could allow remote code execution when processing a malicious archive.
Full article: 7-Zip Linux Vulnerabilities — What Administrators Should Know
How to Stay Current¶
Check for pending security updates — RHEL/Fedora/Rocky/AlmaLinux¶
sudo dnf updateinfo list security
Check for pending security updates — Ubuntu/Debian¶
sudo apt update
sudo apt list --upgradable
Check your running kernel version¶
uname -r
Check your OS release¶
cat /etc/os-release
Severity Reference¶
| CVSS Range | Label | Action |
|---|---|---|
| 9.0 – 10.0 | Critical | Patch immediately |
| 7.0 – 8.9 | High | Patch within 24–72 hours |
| 4.0 – 6.9 | Medium | Patch within standard maintenance window |
| 0.1 – 3.9 | Low | Patch at next opportunity |
Common Mistakes to Avoid¶
- Waiting for a perfect maintenance window for Critical or High kernel CVEs. Schedule an urgent patching window.
- Assuming containers are isolated from kernel vulnerabilities. Local privilege escalation in the kernel can affect containerised workloads on the same host.
- Not rebooting after a kernel patch. The new kernel only takes effect after a full reboot. Running
uname -rwill confirm whether the updated kernel is active. - Assuming package managers automatically apply kernel security patches. Always verify with
dnf updateinfoorapt list --upgradable.
Related Guides¶
- CVE-2026-31431 Linux Kernel Privilege Escalation
- CVE-2026-46333 Linux Kernel ptrace Race Condition
- 7-Zip Linux Vulnerabilities
- Linux Patch Management Security
- DNF Security Updates