​Unprivileged attackers can get root access on multiple major Linux distributions in default configurations by exploiting a newly disclosed local privilege escalation (LPE) vulnerability in the GNU C Library (glibc). Tracked as CVE-2023-6246, this security flaw was found in glibc's __vsyslog_internal() function, called by the widely-used syslog and vsyslog functions for writing messages to the system message logger. The bug is due to a heap-based buffer overflow weakness accidentally introduced ...