One-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now Public

Security researchers have published a detailed, working exploit for a Linux kernel use-after-free that lets an unprivileged local user escalate to root and break out of a container. The flaw, CVE-2026-23111, sits in the kernel's nf_tables packet-filtering code and was patched upstream on February 5, 2026. Exodus Intelligence released its full technical walkthrough on June 8, and it is not even

The article reports on CVE-2026-23111, a one-character use-after-free bug in the Linux kernel’s nf_tables packet-filtering code that allows an unprivileged local user to escalate to root and escape containers; it was patched upstream in early February 2026, and a fully detailed exploit was later published by Exodus Intelligence. This is a host-level vulnerability affecting Linux systems broadly, not specific to AI, but it directly impacts the integrity and isolation of any AI workloads, agents, or models running on affected Linux hosts or within containers. From a CyberSE.AI perspective, this represents an AI supply chain risk because compromised kernel and container isolation can let attackers pivot from low-privilege AI workloads or agents to full system control, tamper with models, data, and logs, or exfiltrate secrets. Organizations should ensure timely kernel patching across all AI infrastructure, update SBOMs and asset inventories to track vulnerable kernel versions, and enforce hardening of container runtimes so that AI services are not treated as strong isolation boundaries in the presence of kernel-level privilege escalation flaws.