Details About a Critical 9.9 Vulnerability That Affects All GNU/Linux Systems are About to be Released

A highly critical vulnerability affecting GNU/Linux systems, rated 9.9 on the Common Vulnerability Scoring System (CVSS), is set to be publicly revealed by security researcher Simone Margaritelli. This unauthenticated remote code execution (RCE) flaw, which may also affect other systems, has been present for over a decade. Despite Margaritelli's disclosure to developers three weeks ago, no patch or fix has been released.

Margaritelli plans to disclose full technical details, including a proof-of-concept exploit, by September 30. The vulnerability is notable for its low exploitation complexity, making it particularly dangerous. Security experts, such as Sonatype CTO Brian Fox, have highlighted the massive potential impact, as many core systems, from Wi-Fi routers to critical infrastructure, rely on Linux.

Though the bug has not yet received a formal CVE, Margaritelli believes multiple CVEs should be assigned. Canonical and RedHat have both confirmed the 9.9 severity of the flaw. With the upcoming disclosure, security teams are urged to prepare for possible exploits, as the scope and severity of this vulnerability could lead to widespread consequences.