See every side of every news story
Get Started
SubscribeLogin
Israel-Hamas Conflict
Pope Francis
Vatican
NFL
South America
Volodymyr Zelenskyy
Donald Trump
Vladimir Putin
Social Media
Natural Disasters
Catholic Church
Real Madrid
Premier League
Published loading...Updated

Linux 'io_uring' security blindspot allows stealthy rootkit attacks

  • ARMO researchers demonstrated a new proof-of-concept rootkit on Linux systems.
  • This rootkit exploits the io_uring Linux kernel interface introduced in 2019.
  • The io_uring interface handles operations including file and network actions.
  • Google's 2023 testing found 60% of bypass submissions exploited io_uring.
  • Named Curing, the rootkit evades detection by many common Linux runtime security tools.
Insights by Ground AI
Does this summary seem wrong?

13 Articles

All
Left
Center
1
Right
BleepingComputerBleepingComputer
Center

Linux 'io_uring' security blindspot allows stealthy rootkit attacks

A significant security gap in Linux runtime security caused by the 'io_uring' interface allows rootkits to operate undetected on systems while bypassing advanced Enterprise security software. [...]

Read Full Article
CSO OnlineCSO Online

Proof-of-concept bypass shows weakness in Linux security tools, claims Israeli vendor

An Israeli vendor was able to evade several leading Linux runtime security tools using a new proof-of-concept (PoC) rootkit that it claims reveals the limitations of many products in this space.  The work of cloud and Kubernetes security company Armo, the PoC is called ‘Curing’, a portmanteau word that combines the idea of a ‘cure’ with the io_uring Linux kernel interface that the company used in its bypass PoC. Using Curing, Armo found it was p…

Read Full Article
Malware Analysis, News and IndicatorsMalware Analysis, News and Indicators

Clandestine rootkit compromise possible with Linux io_uring interface issue

Clandestine rootkit compromise possible with Linux io_uring interface issue Rootkit compromise on Linux systems could remain undetected through the exploitation of a security issue impacting the Linux kernel interface io…

Read Full Article
Techzine EuropeTechzine Europe

Linux vulnerability exploit bypasses security services

ARMO researchers reveal critical vulnerability in Linux security solutions that allows attackers to perform malicious activities undetected via io_uring.

Read Full Article
Global Security Mag OnlineGlobal Security Mag Online
Reposted by
Global Security Mag OnlineGlobal Security Mag Online

Vigilance.fr - Linux kernel : buffer overflow via HFS+, analyzed on 25/02/25 – Global Security Mag Online

An attacker can trigger a buffer overflow of the Linux kernel, via HFS+, in order to trigger a denial of service, and possibly to run code. View online: https://vigilance.fr/vulnerability/...

Read Full Article
schneier.comschneier.com

New Linux Rootkit - Schneier on Security

Interesting: The company has released a working rootkit called “Curing” that uses io_uring, a feature built into the Linux kernel, to stealthily perform malicious activities without being caught by many of the detection solutions currently on the market. At the heart of the issue is the heavy reliance on monitoring system calls, which has become the go-to method for many cybersecurity vendors. The problem? Attackers can completely sidestep these…

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 100% of the sources are Center
100% Center
Factuality

To view factuality data please Upgrade to Premium

Ownership

To view ownership data please Upgrade to Vantage

BetaNews broke the news in on Thursday, April 24, 2025.
Sources are mostly out of (0)

Similar News Topics

Linux

Linux

Security

Security

Technology

Technology

You have read out of your 5 free daily articles.

Join us as a member to unlock exclusive access to diverse content.

News
For You
SearchBlindspotLocal