Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Shells Virtual Desktop
BMail.ag - Secure Email Service
Server.net
CPLicense.net
VPS Server
Buy VPN
Vultr
VMs for AI
HostDare
HostDare
ReliableSite White-Label Dedicated Hosting for Resellers
25% Recurring Discount on NVMe VPS
InterServer VPS
BMail.ag - Secure Email Service
Best VPN
High-Performance Bare Metal Server Solutions
Karvl.com
Server Mania Cloud Hosting
DataWagon Hosting
AlphaVPS Hosting
Evoxt.com
Clouvider
VPS Hosting with NVMe
Residential IPs in the US & 4G Mobile Proxies in EU & US with Unlimited Bandwidth
ReliableSite White-Label Dedicated Hosting for Resellers
Rabisu - Hosting Solutions
CloudLinux
Shells Virtual Desktop
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

CVE-2026-43499 Even works on android

It does even work on android (K90 Pro max , idk exact versions),

Why's there's new exploit on Linux kernel every other day?

Comments

  • edited July 10

    @woinokiz said:
    It does even work on android (K90 Pro max , idk exact versions),

    That's seriously crazy. A Linux exploit that works on Linux.

    Why's there's new exploit on Linux kernel every other day?

    This shit is from May and doesn't do a whole lot in most environments/on it's own.

  • plumbergplumberg Veteran, Megathread Squad

    Exploits were always there - hopefully unintentional/ non malicious intent

    Just surfaced recently thanks to AI

  • slowserversslowservers Member, Host Rep

    Lots of attack surface and lots of energy (human and AI) being spent trying to break it.

  • Use iOS. All Chinese phones contain malware, including Xiaomi.

  • forestforest Member

    @woinokiz said: It does even work on android (K90 Pro max , idk exact versions),

    Well, Android does use the Linux kernel, and this vulnerability applies to the futex() system call that is pretty universal.

    @woinokiz said: Why's there's new exploit on Linux kernel every other day?

    LLMs.

    @silicomnet said: Use iOS. All Chinese phones contain malware, including Xiaomi.

    A vulnerability is not malware, and iOS is not free of vulnerabilities either.

  • @forest said:

    @woinokiz said: It does even work on android (K90 Pro max , idk exact versions),

    Well, Android does use the Linux kernel, and this vulnerability applies to the futex() system call that is pretty universal.

    @woinokiz said: Why's there's new exploit on Linux kernel every other day?

    LLMs.

    @silicomnet said: Use iOS. All Chinese phones contain malware, including Xiaomi.

    A vulnerability is not malware, and iOS is not free of vulnerabilities either.

    No system is free of vulnerabilities, but all Chinese ones have backdoors and pre-installed malware.

  • ailiceailice Member

    You can cherry-pick kernel common from grapheneos, they patched it 1 months ago if you phone vendor have moral to given kernel source code.

    Thanked by 1rpqu
  • vinhaisvinhais Member

    @silicomnet said:
    Use iOS. All Chinese phones contain malware, including Xiaomi.

    lol

    Thanked by 1jsg
  • @silicomnet said:

    @forest said:

    @woinokiz said: It does even work on android (K90 Pro max , idk exact versions),

    Well, Android does use the Linux kernel, and this vulnerability applies to the futex() system call that is pretty universal.

    @woinokiz said: Why's there's new exploit on Linux kernel every other day?

    LLMs.

    @silicomnet said: Use iOS. All Chinese phones contain malware, including Xiaomi.

    A vulnerability is not malware, and iOS is not free of vulnerabilities either.

    No system is free of vulnerabilities, but all Chinese ones have backdoors and pre-installed malware.

    I'm certainly not saying that this never happened or won't happen in the future but as a blanket statement it's kinda questionable in my opinion. I fully agree in regards to the risk though. If you are conscious about your security you better don't use any kind of black box device at all - no matter who built them where.

  • igcttigctt Member

    @totally_not_banned said:

    @silicomnet said:

    @forest said:

    @woinokiz said: It does even work on android (K90 Pro max , idk exact versions),

    Well, Android does use the Linux kernel, and this vulnerability applies to the futex() system call that is pretty universal.

    @woinokiz said: Why's there's new exploit on Linux kernel every other day?

    LLMs.

    @silicomnet said: Use iOS. All Chinese phones contain malware, including Xiaomi.

    A vulnerability is not malware, and iOS is not free of vulnerabilities either.

    No system is free of vulnerabilities, but all Chinese ones have backdoors and pre-installed malware.

    I'm certainly not saying that this never happened or won't happen in the future but as a blanket statement it's kinda questionable in my opinion. I fully agree in regards to the risk though. If you are conscious about your security you better don't use any kind of black box device at all - no matter who built them where.

    take it easy, they put more effort on domestic affairs.

  • @silicomnet said:
    Use iOS. All Chinese phones contain malware, including Xiaomi.

    Many chinese phone user stopped update their phone and finding the method to root their phone.
    For now almost all chinese phone can't unlock Bootloader except Oneplus(But they want to close it)

  • daviddavid Member

    I unlocked my Xiaomi phone shortly after receiving it, years ago, and run LineageOS on it.

  • x1archx1arch Member
    edited July 10

    @david said:
    I unlocked my Xiaomi phone shortly after receiving it, years ago, and run LineageOS on it.

    And as a bonus get lots of problems with NFC. Oh, yes as a cherry on the cake if maintainer lost interest, you stuck with this shit on your phone, today, when CVE publish every day and goverment want know about you more and more, it's bad way, I believe. :'( I did the same, but after few months of playing with that switched to Pixel and happy with that. And now f*king xiaomi and vivo makes more and more troubles with bootloader.

    PS I don't understand why I can't install AOSP on my phone and have full functionality (like on my PC). Why google decide is my device safety for my usage or not in ultimatum form, instead just warn me. They thinking lock my wallet on cashier is better for me, this is f*king nonsense.

    Thanked by 2rpqu JohnFilch123
  • edited July 10

    @x1arch said:
    PS I don't understand why I can't install AOSP on my phone and have full functionality (like on my PC). Why google decide is my device safety for my usage or not in ultimatum form, instead just warn me.

    Because they don't care about your safety. At best they care about the reputation of their brand. What they very much care about though is lock-in and you not being able to look too closely at what they are actually doing. Nailing your phone shut is very helpful in that regard.

    As far as PCs are concerned: Expect the ability install systems at will to go away there too over the next couple years or at least prepare to run into the same problems as you did with your phone. You can install stuff but you won't really be able to do anything. The groundwork is already there and it's just a question of time.

    If you want autonomy over your devices modern technology will become more and more a no-go. In the end practically no one will stop using anything though. A handful people will complain a couple of times and from there on it's business as usual. There is zero hope for any kind of relevant push back.

    Thanked by 1x1arch
  • daviddavid Member

    @x1arch said:

    @david said:
    I unlocked my Xiaomi phone shortly after receiving it, years ago, and run LineageOS on it.

    And as a bonus get lots of problems with NFC. Oh, yes as a cherry on the cake if maintainer lost interest, you stuck with this shit on your phone, today, when CVE publish every day and goverment want know about you more and more, it's bad way, I believe. :'( I did the same, but after few months of playing with that switched to Pixel and happy with that. And now f*king xiaomi and vivo makes more and more troubles with bootloader.

    PS I don't understand why I can't install AOSP on my phone and have full functionality (like on my PC). Why google decide is my device safety for my usage or not in ultimatum form, instead just warn me. They thinking lock my wallet on cashier is better for me, this is f*king nonsense.

    I've never used NFC, so I can't speak to that. My Xiaomi phone is officially supported by LineageOS, though, and gets weekly updates. I use MicroG with it, without all the google apps.

    I do understand Xiaomi have been making it more difficult to unlock newer phones, though, which is unfortunate.

  • MannDudeMannDude Patron Provider, Veteran
    edited July 10

    @laoyou2333 said:

    @silicomnet said:
    Use iOS. All Chinese phones contain malware, including Xiaomi.

    Many chinese phone user stopped update their phone and finding the method to root their phone.
    For now almost all chinese phone can't unlock Bootloader except Oneplus(But they want to close it)

    So, I recently bought an "Honor" brand phone from a local market. I was surprised when I first booted it up, checked for system updates and the system was already "up to date". Still, to this date, it assures me it's "up to date". It's never had a software update downloaded.

    I don't have the device handy at the moment but I'm curious to see if there is a date of the latest "Magic OS" release or whatever weird Chinese OS shit it's running.

    Daily driver remains a Pixel w/ GrapheneOS but unfortunately you can only have two SIMs active at once. New phone was needed for SIM #3.

  • rpqurpqu Member
    edited July 10

    @MannDude said:

    @laoyou2333 said:

    @silicomnet said:
    Use iOS. All Chinese phones contain malware, including Xiaomi.

    Many chinese phone user stopped update their phone and finding the method to root their phone.
    For now almost all chinese phone can't unlock Bootloader except Oneplus(But they want to close it)

    Daily driver remains a Pixel w/ GrapheneOS but unfortunately you can only have two SIMs active at once. New phone was needed for SIM #3.

    Use this until you can find new phone
    image

    Thanked by 1MannDude
  • forestforest Member
    edited July 10

    It seems that priority-inheritance futexes are responsible for quite a number of these serious vulnerabilities, and CVE-2026-43499 is just the latest. If anyone wants a kernel module to disable those types of futexes:

    #include <linux/module.h>
    #include <linux/kprobes.h>
    #include <linux/futex.h>
    
    static long notrace deny_do_futex(u32 __user *uaddr, int op, u32 val, ktime_t *timeout, u32 __user *uaddr2, u32 val2, u32 val3)
    {
            return -ENOSYS;
    }
    
    static int deny_pi_handler(struct kprobe *kp, struct pt_regs *regs)
    {
            unsigned long op = regs_get_kernel_argument(regs, 1);
            int cmd = (int)op & FUTEX_CMD_MASK;
    
            switch (cmd) {
            case FUTEX_LOCK_PI:
    #ifdef FUTEX_LOCK_PI2
            case FUTEX_LOCK_PI2:
    #endif
            case FUTEX_TRYLOCK_PI:
            case FUTEX_UNLOCK_PI:
            case FUTEX_WAIT_REQUEUE_PI:
            case FUTEX_CMP_REQUEUE_PI:
                    instruction_pointer_set(regs, (unsigned long)deny_do_futex);
                    return 1;
            }
    
            return 0;
    }
    
    static struct kprobe kp = {
            .symbol_name = "do_futex",
            .pre_handler = deny_pi_handler,
    };
    
    static int __init deny_pi_init(void)
    {
            int ret = register_kprobe(&kp);
            if (ret < 0) {
                    pr_err("register_kprobe failed: %d\n", ret);
                    return ret;
            }
            return 0;
    }
    
    static void __exit deny_pi_exit(void)
    {
            unregister_kprobe(&kp);
    }
    
    module_init(deny_pi_init);
    module_exit(deny_pi_exit);
    MODULE_LICENSE("GPL");
    

    Of course, the best solution is to compile your own kernel with CONFIG_FUTEX_PI=n, but this will accomplish the same thing.

  • @laoyou2333 said:

    @silicomnet said:
    Use iOS. All Chinese phones contain malware, including Xiaomi.

    Many chinese phone user stopped update their phone and finding the method to root their phone.
    For now almost all chinese phone can't unlock Bootloader except Oneplus(But they want to close it)

    You can officially unlock the Redmi phones (Indian versions).

  • x1archx1arch Member

    @itachikonoha said:

    @laoyou2333 said:

    @silicomnet said:
    Use iOS. All Chinese phones contain malware, including Xiaomi.

    Many chinese phone user stopped update their phone and finding the method to root their phone.
    For now almost all chinese phone can't unlock Bootloader except Oneplus(But they want to close it)

    You can officially unlock the Redmi phones (Indian versions).

    Yes, but, now it is one device per year for whole world and what happens if you will newer get a SMS? Earlier, after three attempts it locked for 72 hours. And it happened, not because something wrong with the number, but because of laptop. I have faced with it in the past, unlock app just not requested sms from my laptop, but decreased attempt, after a few locks I tried from my wife's laptop and it worked 😵‍💫

  • x1archx1arch Member

    @rpqu said:

    @MannDude said:

    @laoyou2333 said:

    @silicomnet said:
    Use iOS. All Chinese phones contain malware, including Xiaomi.

    Many chinese phone user stopped update their phone and finding the method to root their phone.
    For now almost all chinese phone can't unlock Bootloader except Oneplus(But they want to close it)

    Daily driver remains a Pixel w/ GrapheneOS but unfortunately you can only have two SIMs active at once. New phone was needed for SIM #3.

    Use this until you can find new phone
    image

    This shit not works, I mean you still have only two active sim cards at the time, if it works for you, much easier to use esim on a pixel or something like 9esim, which allow upload a few profiles to one physical sim card and switch it by the app on your phone***.

    Or you could just move your number to VoIP provider and connect it via internet.

  • atklatkl Member
    edited July 10

    Recently someone was talking about such thing "eUICCs" in the forum.
    Probably you can activate only 2 numbers at the time but still seems interesting.

    Haven't tested it yet but planning in the future

    Info i found on a blog
    https://frank-ruan.com/2025/04/12/removable-euicc-follow-up/

  • woinokizwoinokiz Member

    @x1arch said:

    @itachikonoha said:

    @laoyou2333 said:

    @silicomnet said:
    Use iOS. All Chinese phones contain malware, including Xiaomi.

    Many chinese phone user stopped update their phone and finding the method to root their phone.
    For now almost all chinese phone can't unlock Bootloader except Oneplus(But they want to close it)

    You can officially unlock the Redmi phones (Indian versions).

    Yes, but, now it is one device per year for whole world and what happens if you will newer get a SMS? Earlier, after three attempts it locked for 72 hours. And it happened, not because something wrong with the number, but because of laptop. I have faced with it in the past, unlock app just not requested sms from my laptop, but decreased attempt, after a few locks I tried from my wife's laptop and it worked 😵‍💫

    You can unlock all xiaomi phones , you'll just need to waste months trying to get permission, then 72 hours after adding account , I did root one last week

    Thanked by 1x1arch
  • x1archx1arch Member

    @woinokiz said:

    @x1arch said:

    @itachikonoha said:

    @laoyou2333 said:

    @silicomnet said:
    Use iOS. All Chinese phones contain malware, including Xiaomi.

    Many chinese phone user stopped update their phone and finding the method to root their phone.
    For now almost all chinese phone can't unlock Bootloader except Oneplus(But they want to close it)

    You can officially unlock the Redmi phones (Indian versions).

    Yes, but, now it is one device per year for whole world and what happens if you will newer get a SMS? Earlier, after three attempts it locked for 72 hours. And it happened, not because something wrong with the number, but because of laptop. I have faced with it in the past, unlock app just not requested sms from my laptop, but decreased attempt, after a few locks I tried from my wife's laptop and it worked 😵‍💫

    You can unlock all xiaomi phones , you'll just need to waste months trying to get permission, then 72 hours after adding account , I did root one last week

    Yeah, that's what about all customers dreaming when decide to buy a smartphone. 👍

  • WilliamWilliam Member

    yea i see why i use an iPhone.

  • x1archx1arch Member
    edited July 10

    @William said:
    yea i see why i use an iPhone.

    The same shit, Pegasus and Jailbreak sent you hello 👋. And additional cherry - apple scan your data to decide are you a good boy or not. 😬 If they decide you not good enough, then

    Thanked by 1William
  • WilliamWilliam Member

    Apple did not give Croatia any of my data - even if they could - just because fuck you

    AMERICA

  • @laoyou2333 said: For now almost all chinese phone can't unlock Bootloader

    Xiaomi / Redmi / POCO allows you to unlock the bootloader, although with some steps.
    I'm not mentioning smaller brands which essentially allow to do wtf you want.
    So except Huawei and BBK brands, you can unlock most Chinese phones relatively easy.

Sign In or Register to comment.