<\/div>\n

A researcher has disclosed details of an unpatched Linux vulnerability, initially labeled as critical, that allows remote code execution.<\/h2>\n\n\n\n

The popular cybersecurity researcher Simone Margaritelli (@evilsocket<\/a>) disclosed technical details of an unpatched vulnerability impacting Linux systems.<\/p>\n\n\n\n

On September 23, Margaritelli announced plans to disclose an unauthenticated remote code execution (RCE) vulnerability affecting all GNU\/Linux systems within two weeks. The flaw was rated as critical and received a CVSS score of 9.9. Margaritelli expressed disappointment with the responsible disclosure process, explaining that despite his disclosure, no CVE had been assigned, and, to make matters worse, no one was working to address the issue.<\/p>\n\n\n\n

“Devs are still arguing about whether or not some of the issues have a security impact. I’ve spent the last 3 weeks of my sabbatical working full time on this research, reporting, coordination and so on with the sole purpose of helping and pretty much only got patronized because the devs just can’t accept that their code is crap – responsible disclosure: no more.” said the expert.<\/em><\/p>\n\n\n\n

\n

* Unauthenticated RCE vs all GNU\/Linux systems (plus others) disclosed 3 weeks ago.
* Full disclosure happening in less than 2 weeks (as agreed with devs).
* Still no CVE assigned (there should be at least 3, possibly 4, ideally 6).
* Still no working fix.
* Canonical, RedHat and\u2026 pic.twitter.com\/N2d1rm2VeR<\/a><\/p>— Simone Margaritelli (@evilsocket) September 23, 2024<\/a><\/blockquote>