<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Linux on CuraSec</title><link>https://curasec.metacog.co.kr/tags/linux/</link><description>Recent content in Linux on CuraSec</description><generator>Hugo</generator><language>en-us</language><lastBuildDate>Sun, 12 Jul 2026 11:56:34 +0000</lastBuildDate><atom:link href="https://curasec.metacog.co.kr/tags/linux/index.xml" rel="self" type="application/rss+xml"/><item><title>CVE-2026-3888: Snap LPE Flaw Allows Local Root Escalation</title><link>https://curasec.metacog.co.kr/insights/2026-07-12-cve-2026-3888-important-snap-flaw-enables-local-privilege-es/</link><pubDate>Sun, 12 Jul 2026 11:56:34 +0000</pubDate><guid>https://curasec.metacog.co.kr/insights/2026-07-12-cve-2026-3888-important-snap-flaw-enables-local-privilege-es/</guid><description>&lt;ul>
&lt;li>&lt;strong>Engineer — Plan:&lt;/strong> A public PoC exists for this local privilege escalation in snapd, but EPSS is near zero and it&amp;rsquo;s not KEV-listed, suggesting no active exploitation yet. Patch snapd to the fixed version on Linux systems running Snap packages, prioritizing multi-tenant or shared-access environments where local users are less trusted.&lt;/li>
&lt;li>&lt;strong>SOC/IR — Learn:&lt;/strong> LPE vulnerabilities with a public PoC are worth noting as a post-compromise escalation path, but there&amp;rsquo;s no active exploitation campaign or detection-specific IOCs here — patching is the engineer&amp;rsquo;s call.&lt;/li>
&lt;li>&lt;strong>Leader — Skip&lt;/strong>&lt;/li>
&lt;li>&lt;strong>Signals:&lt;/strong> CVE-2026-3888 — CISA KEV: not listed, EPSS 0.00, public PoC on GitHub&lt;/li>
&lt;/ul></description></item><item><title>GNU IFUNC mechanism enabled XZ Utils backdoor CVE-2024-3094</title><link>https://curasec.metacog.co.kr/insights/2026-07-12-gnu-ifunc-is-the-real-culprit-behind-cve-2024-3094/</link><pubDate>Sun, 12 Jul 2026 11:56:34 +0000</pubDate><guid>https://curasec.metacog.co.kr/insights/2026-07-12-gnu-ifunc-is-the-real-culprit-behind-cve-2024-3094/</guid><description>&lt;ul>
&lt;li>&lt;strong>Engineer — Learn:&lt;/strong> This analysis reframes the XZ Utils backdoor as enabled by GNU IFUNC&amp;rsquo;s ability to redirect function pointers at load time — a systemic linker-level risk worth understanding when auditing build toolchains and open-source dependencies, though no new patch action is required beyond what was already addressed in 2024.&lt;/li>
&lt;li>&lt;strong>SOC/IR — Learn:&lt;/strong> Provides deeper technical context on the XZ backdoor mechanism but surfaces no new IOCs or detection opportunities beyond those established in 2024; useful background for triage judgment on future supply-chain incidents.&lt;/li>
&lt;li>&lt;strong>Leader — Skip&lt;/strong>&lt;/li>
&lt;li>&lt;strong>Signals:&lt;/strong> CVE-2024-3094 — CISA KEV: not listed, EPSS 0.86, public PoC on GitHub&lt;/li>
&lt;/ul></description></item></channel></rss>