Exploit released for new PinTheft Arch Linux root escalation flaw

Key Points:

• A new Linux privilege escalation vulnerability called PinTheft affects the RDS (Reliable Datagram Sockets) module and allows local attackers to gain root access on Arch Linux systems; a public proof-of-concept (PoC) exploit has been released by the V12 security team.
• The vulnerability involves a double-free bug in the RDS zerocopy send path that can be exploited via io_uring fixed buffers to overwrite the page cache, but successful exploitation requires the RDS module, io_uring enabled, a readable SUID-root binary, and x86_64 architecture, limiting the attack surface mainly to Arch Linux.
• Users are advised to update their Linux kernels promptly to mitigate the risk, or alternatively disable the RDS module using provided commands to block exploitation attempts until patches can be applied.
• This disclosure follows a recent surge in Linux local privilege escalation vulnerabilities, including DirtyDecrypt, DirtyCBC, and Copy Fail, some of which have active exploits in the wild and have prompted CISA to mandate urgent patching of affected systems.
• The RDS module is enabled by default only on Arch Linux among common distributions, making Arch users particularly vulnerable to this newly disclosed exploit.