About Elevation of Privilege – Linux Kernel (CVE-2025-38001) vulnerability. It affects the Linux HFSC network scheduler module. An authenticated attacker can exploit this flaw to gain root privileges.

⚙️ This vulnerability is from the June Linux Patch Wednesday. In the Vulristics report, it was no different from 354 other Linux Kernel vulnerabilities: the NVD provides a lengthy description that doesn’t clearly indicate the real-world impact of exploitation, and there is no CVSS vector. Classic. 🙄

🛠 About a month after the updates were released in Linux distributions, on July 11, a write-up and a public exploit for this vulnerability were published. In a demo video, a local attacker downloads and executes a binary,after which he obtains a root shell and reads the contents of /etc/shadow. The release of this exploit barely attracted attention on specialized media platforms. 🤷‍♂️

👾 So far, there are no reports of this flaw being exploited in the wild.

На русском