Control: retitle -1 LinuxCNC: Security issue in suid RTAPI component (CVE-2026-58302)
On Sun, Jun 28, 2026 at 05:46:20PM +0200, Petter Reinholdtsen wrote: > > Package: linuxcnc-uspace > Severity: important > Version: 1:2.9.0 > > According to the release announcement for version 2.9.9, there is a > security issue that need to be fixed in LinuxCNC: > > To address the last part first, it has been noted by two separate > people that a weakness in the RTAPI allows for privilege escalation as > it runs as setuid root (to give direct access to hardware). Given the > use-case for most LinuxCNC machines this is unlilely to be a problem > in most cases; most hobby users will have root access anyway. The > issue has been patched in both 2.9 and in the development branch. This got CVE-2026-58302 assigned. Regards, Salvatore _______________________________________________ Emc-developers mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/emc-developers
