CentOS 9 Linux Kernel Vulnerability Enables Local Privilege Escalation to Root
A critical use-after-free (UAF) vulnerability in the Linux kernel’s sch_cake queuing discipline (Qdisc) has been discovered in CentOS 9, allowing local attackers to escalate privileges to root. The flaw, tracked in the cake_enqueue function of the CAKE Qdisc, occurs when the function incorrectly returns NET_XMIT_SUCCESS after dropping packets due to buffer limits.
This misreporting misleads parent classful Qdiscs like HFSC, causing improper state management. When packets are later dequeued, the flaw triggers a UAF condition, enabling attackers to execute arbitrary code in kernel context. Successful exploitation results in local privilege escalation (LPE), granting full system control.
The vulnerability affects CentOS 9 systems running the affected kernel version. A proof-of-concept (PoC) exploit has been released, increasing the risk of active exploitation. Organizations using CentOS 9 are advised to apply patches or mitigations promptly to prevent potential compromise.
Source: https://www.linkedin.com/feed/update/urn:li:activity:7425368966493249536
The CentOS Project cybersecurity rating report: https://www.rankiteo.com/company/the-centos-project
"id": "THE1770352406",
"linkid": "the-centos-project",
"type": "Vulnerability",
"date": "2/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Technology/Software',
'name': 'CentOS',
'type': 'Operating System'}],
'attack_vector': 'Local',
'description': 'A critical use-after-free (UAF) vulnerability in the Linux '
'kernel’s sch_cake queuing discipline (Qdisc) has been '
'discovered in CentOS 9, allowing local attackers to escalate '
'privileges to root. The flaw, tracked in the cake_enqueue '
'function of the CAKE Qdisc, occurs when the function '
'incorrectly returns NET_XMIT_SUCCESS after dropping packets '
'due to buffer limits. This misreporting misleads parent '
'classful Qdiscs like HFSC, causing improper state management. '
'When packets are later dequeued, the flaw triggers a UAF '
'condition, enabling attackers to execute arbitrary code in '
'kernel context. Successful exploitation results in local '
'privilege escalation (LPE), granting full system control.',
'impact': {'operational_impact': 'Full system control via local privilege '
'escalation',
'systems_affected': 'CentOS 9 systems running the affected kernel '
'version'},
'post_incident_analysis': {'corrective_actions': 'Patch the affected kernel '
'version',
'root_causes': 'Use-after-free (UAF) vulnerability '
'in the cake_enqueue function of '
'the CAKE Qdisc due to incorrect '
'return value (NET_XMIT_SUCCESS) '
'after dropping packets'},
'recommendations': 'Organizations using CentOS 9 are advised to apply patches '
'or mitigations promptly to prevent potential compromise.',
'references': [{'source': 'Proof-of-Concept (PoC) exploit'}],
'response': {'containment_measures': 'Apply patches or mitigations',
'remediation_measures': 'Patch the affected kernel version'},
'title': 'CentOS 9 Linux Kernel Vulnerability Enables Local Privilege '
'Escalation to Root',
'type': 'Vulnerability Exploitation',
'vulnerability_exploited': 'CVE (not specified)'}