OpenSSH “regreSSHion” RCE with root privileges (CVE-2024-6387). The vulnerability was discovered by Qualys. An unauthenticated remote attacker can execute arbitrary code as root. It sounds creepy. 
This vulnerability is a regression of the CVE-2006-5051. For it, by the way, there are no signs of exploitation in the wild or exploits.
The regression happened in October 2020, starting with OpenSSH version 8.5p1 “glibc-based Linux systems” in default configuration are vulnerable, OpenBSD is not vulnerable There are 14 million potentially vulnerable hosts on the Internet Qualys promise not to publish the exploit, but third-party researchers can write it based on the detailed write-up
Vulnerable versions:
OpenSSH < 4.4p1 8.5p1 <= OpenSSH < 9.8p1
Invulnerable versions:
4.4p1 <= OpenSSH < 8.5p1 OpenSSH >= 9.8p1
Upd. Attacking a 32-bit system with ASLR in laboratory conditions took 6-8 hours. Apparently the process is not so easy. 
Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.
А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.