New PinTheft Vulnerability Exposes Arch Linux to Root Escalation Attacks

New PinTheft Vulnerability Exposes Arch Linux to Root Escalation Attacks

First seen 20 May 2026, 18:17 UTC BleepingcomputerCybersecuritynewsSecurityaffairs.CoGbhackersgithub.com 84% similarity 70.5

Article Content

Browse articles
ThreatCluster

A newly discovered Linux privilege escalation vulnerability, named PinTheft, allows local attackers to gain root access on Arch Linux systems by exploiting a flaw in the RDS subsystem. The vulnerability, identified by the V12 security team, involves a zerocopy double-free bug that can be exploited through a proof-of-concept (PoC) exploit released on May 20, 2026. This flaw requires specific conditions, including the RDS module being enabled, io_uring API support, and a readable SUID-root binary, limiting its attack surface. Users of Arch Linux are particularly at risk, as the RDS module is enabled by default on this distribution. Security experts recommend immediate kernel updates to mitigate the risk. The release of this exploit follows a trend of recent Linux local privilege escalation vulnerabilities, with several others disclosed in the past weeks. The Cybersecurity and Infrastructure Security Agency (CISA) has also issued warnings regarding similar vulnerabilities being actively exploited. Organizations are urged to patch their systems promptly to prevent potential attacks.

Key Points: • PinTheft allows local attackers to escalate privileges to root on Arch Linux systems. • The vulnerability exploits a flaw in the RDS subsystem and requires specific conditions to be met. • Immediate kernel updates are recommended for Arch Linux users to mitigate the risk.

ThreatCluster AI

Timeline

2026-05-01
CISA adds Copy Fail to exploited vulnerabilities list
CISA reported that the Copy Fail vulnerability was actively exploited, urging agencies to secure Linux systems.
Bleepingcomputer
2026-05-20
PinTheft PoC exploit released
A proof-of-concept exploit for the PinTheft vulnerability was made public, allowing root access on Arch Linux.
Cybersecuritynews
2026-05-20
V12 security team discovers PinTheft
The V12 security team identified the PinTheft vulnerability in the RDS subsystem of the Linux kernel.
Securityaffairs.Co

Community

Browse all →