When a verdict map is removed from memory, general elements are disabled and the reference counter of a chain is decremented. When errors occur, the deletion can be reversed and the counter incremented. CVE-2026-53111 allows modifying that process. As a result, the exploit can decrement the variable an arbitrary number of times and then delete and free the string when some objects still point to it.
“In this blog post, we have seen how an incorrect exclamation point introduced a use-after-free vulnerability that can be exploited by an unprivileged user on Debian and Ubuntu to escalate privileges to root,” researchers at security firm Exodus Intelligence. wrote on Monday. “Although the exploit triggered the use-after-free vulnerability multiple times to leak the kernel base address, leak heap addresses, and hijack control flow, stability testing resulted in >99% stability on a dead system.”
The vulnerability was fixed in the core in February. Security company FuzzingLabs proven a proof of concept exploit in April. Exodus Intelligence, which discovered the bug, included its own PoC exploit in Monday’s post. It worked on Debian and Ubuntu.
CVE-2026-53111 is one of at least three Powerful elevation of privilege vulnerabilities have hit Linux in recent weeks. The vulnerabilities are serious because, when chained to a separate exploit, they can be used to bypass security defenses built into the operating system.
