CVE-2026-23111: One Typo Gives Full Root Access on Linux

A single misplaced exclamation mark in the Linux kernel's nf_tables subsystem is all it took to create CVE-2026-23111 — a high-severity use-after-free vulnerability that lets any unprivileged local user escalate to root and escape containers. Working exploits are already public and have been demonstrated on Ubuntu 24.04 LTS, Debian, and RHEL 10. In this video, we break down exactly how the bug works, why user namespaces are the attack path, and what you need to do right now to protect your systems. We also cover the massive wave of core service patches this week — Samba, OpenSSL, Apache, BIND DNS, and Kubernetes — and give a quick update on the Gogs zero-day that is still unpatched after ten weeks of vendor silence. CHAPTERS: 00:00 — The Typo That Broke Linux 00:52 — How the nf_tables Exploit Works 02:02 — User Namespaces: The Attack Path 03:02 — Mitigation and the LPE Surge 04:05 — Core Service Updates: Samba, OpenSSL, Apache 05:35 — Gogs Zero-Day Update and Outro PATCH COMMANDS: Ubuntu / Debian: sudo apt update and sudo apt dist-upgrade sudo reboot RHEL / AlmaLinux / Rocky Linux: sudo dnf clean metadata and sudo dnf upgrade sudo reboot Restrict unprivileged user namespaces (interim mitigation): sudo sysctl -w kernel.unprivileged_userns_clone=0 echo "kernel.unprivileged_userns_clone=0" | sudo tee /etc/sysctl.d/99-cve-2026-23111.conf OFFICIAL ADVISORIES: NVD CVE-2026-23111: https://nvd.nist.gov/vuln/detail/CVE-... Exodus Intelligence Technical Writeup: https://blog.exodusintel.com/2026/06/... Ubuntu USN-8426-1: https://ubuntu.com/security/notices/U... Upstream kernel fix: https://git.kernel.org/pub/scm/linux/... Gogs migration guide (Gitea): https://docs.gitea.com/installation/m... LINKS: Weekly newsletter: https://tondoeslinux.com/subscribe CISA KEV Catalog: https://www.cisa.gov/known-exploited-... Subscribe for weekly Linux security roundups, deep dives, and tutorials. #LinuxSecurity #Linux #CVE #LinuxKernel #CyberSecurity #Ubuntu #Debian #RHEL #nftables #PrivilegeEscalation #TonDoesLinux #SysAdmin #DevOps #OpenSource #Samba #OpenSSL ======================================================= "Please like, comment, and subscribe to receive more videos of this kind." https://goo.gl/a9JwXB Subscribe to the weekly newsletter: https://tondoeslinux.com/subscribe Use VidIQ for your channel: https://vidiq.com/TonDoesLinux Use the best VPN: https://surfshark.club/friend/FN3Sduq4 Learn Linux:    • Learn Linux Desktop   Learn Arch:    • Learn Arch Linux 2019   Website: www.tondoeslinux.com Like my Facebook page:   / tondoeslinux   See me on Twitter   / tondoes   #tondoeslinux #linuxtutorial #linux #apple #tech #shorts