Expand Your Understanding.
Get Started
SubscribeLogin
Israel-Hamas Conflict
Artificial Intelligence
Social Media
Natural Disasters
Donald Trump
Lula Da Silva
IPL
Infrastructure
Soccer
Senate
Republican Party
Education
Nintendo
Published loading...Updated

Linux 'io_uring' security blindspot allows stealthy rootkit attacks

  • ARMO researchers demonstrated a new proof-of-concept rootkit on Linux systems.
  • This rootkit exploits the io_uring Linux kernel interface introduced in 2019.
  • The io_uring interface handles operations including file and network actions.
  • Google's 2023 testing found 60% of bypass submissions exploited io_uring.
  • Named Curing, the rootkit evades detection by many common Linux runtime security tools.
Insights by Ground AI
Does this summary seem wrong?

14 Articles

All
Left
Center
1
Right
BleepingComputerBleepingComputer
Center

Linux 'io_uring' security blindspot allows stealthy rootkit attacks

A significant security gap in Linux runtime security caused by the 'io_uring' interface allows rootkits to operate undetected on systems while bypassing advanced Enterprise security software. [...]

Read Full Article
winfuture.dewinfuture.de

Linux: Critical Vulnerability Discovered in Kernel API

A vulnerability has been lurking in the Linux kernel since 2019. Thus, the kernel function io_uring can be used to bypass all existing security controls - for full root access. Even early security features are powerless. (Continue reading)

Read Full Article
CSO OnlineCSO Online

Proof-of-concept bypass shows weakness in Linux security tools, claims Israeli vendor

An Israeli vendor was able to evade several leading Linux runtime security tools using a new proof-of-concept (PoC) rootkit that it claims reveals the limitations of many products in this space.  The work of cloud and Kubernetes security company Armo, the PoC is called ‘Curing’, a portmanteau word that combines the idea of a ‘cure’ with the io_uring Linux kernel interface that the company used in its bypass PoC. Using Curing, Armo found it was p…

Read Full Article
Malware Analysis, News and IndicatorsMalware Analysis, News and Indicators

Clandestine rootkit compromise possible with Linux io_uring interface issue

Clandestine rootkit compromise possible with Linux io_uring interface issue Rootkit compromise on Linux systems could remain undetected through the exploitation of a security issue impacting the Linux kernel interface io…

Read Full Article
Techzine EuropeTechzine Europe

Linux vulnerability exploit bypasses security services

ARMO researchers reveal critical vulnerability in Linux security solutions that allows attackers to perform malicious activities undetected via io_uring.

Read Full Article
Global Security Mag OnlineGlobal Security Mag Online
Reposted by
Global Security Mag OnlineGlobal Security Mag Online

Vigilance.fr - Linux kernel : buffer overflow via HFS+, analyzed on 25/02/25 – Global Security Mag Online

An attacker can trigger a buffer overflow of the Linux kernel, via HFS+, in order to trigger a denial of service, and possibly to run code. View online: https://vigilance.fr/vulnerability/...

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 100% of the sources are Center
100% Center
Factuality

To view factuality data please Upgrade to Premium

Ownership

To view ownership data please Upgrade to Vantage

BetaNews broke the news in on Thursday, April 24, 2025.
Sources are mostly out of (0)

Similar News Topics

Linux

Linux

Security

Security

Technology

Technology

News
For You
SearchBlindspotLocal