7/6/2026 at 9:01:26 PM
> LPE: On distributions such as RHEL, /dev/kvm is world-writable (0666), so an unprivileged user can also use this vulnerability as a reliable LPE to gain root.Why on Linux device files are accessible by untrusted applications?
by codedokode
7/6/2026 at 9:13:20 PM
Not all device files, only /dev/kvm. I assume the logic was "with /dev/kvm access the user can ...allocate memory and execute code, which they already can, so why not allow it?". Could also make rootless isolation easierby tryauuum
7/6/2026 at 9:54:25 PM
Very many "devices" aren't at all device-like.by colechristensen
7/6/2026 at 9:18:51 PM
???That's been the case forever: /dev/null, /dev/zero, /dev/stdin, ...
by cyberax