Cybersecurity News and Headlines
  • All Technology
  • AI
  • Autonomy
  • B2B Growth
  • Big Data
  • BioTech
  • ClimateTech
  • Consumer Tech
  • Crypto
  • Cybersecurity
  • DevOps
  • Digital Marketing
  • Ecommerce
  • EdTech
  • Enterprise
  • FinTech
  • GovTech
  • Hardware
  • HealthTech
  • HRTech
  • LegalTech
  • Nanotech
  • PropTech
  • Quantum
  • Robotics
  • SaaS
  • SpaceTech
AllNewsDealsSocialBlogsVideosPodcastsDigests

Cybersecurity Pulse

EMAIL DIGESTS

Daily

Every morning

Weekly

Sunday recap

NewsDealsSocialBlogsVideosPodcasts
CybersecurityNewsLinux Battery Utility Vulnerability Allows Authentication Bypass and System Tampering
Linux Battery Utility Vulnerability Allows Authentication Bypass and System Tampering
Cybersecurity

Linux Battery Utility Vulnerability Allows Authentication Bypass and System Tampering

•January 8, 2026
0
GBHackers On Security
GBHackers On Security•Jan 8, 2026

Companies Mentioned

SUSE

SUSE

SUSE

Why It Matters

The exploit compromises the integrity of power‑management policies on Linux laptops, potentially exposing privileged environments to unauthorized configuration changes and denial‑of‑service attacks. Prompt patching is essential for enterprises that rely on strict security boundaries for local users.

Key Takeaways

  • •TLP 1.9.0 daemon allows local auth bypass
  • •Exploit uses Polkit “unix‑process” PID race condition
  • •Updated TLP 1.9.1 fixes with system bus name
  • •Predictable cookie values enabled profile hold hijacking
  • •Unlimited holds could cause denial‑of‑service

Pulse Analysis

Power‑management utilities like TLP are integral to extending battery life on Linux laptops, yet they operate with elevated privileges to adjust hardware settings. Because these daemons interact with Polkit—a central authority for granting administrative actions—any weakness in their authorization flow can become a high‑value attack surface. The recent discovery highlights how legacy Polkit subjects, such as the “unix‑process” identifier, can be subverted when a process’s PID is recycled, allowing an unprivileged user to masquerade as a more trusted entity.

The core of CVE‑2025‑67859 is a race condition: the TLP daemon validates a request by checking the caller’s PID, but Polkit evaluates the PID after it may have been reassigned to a privileged process. This timing gap grants the attacker the ability to change active power profiles and modify daemon logs without credentials, effectively bypassing authentication. Additional flaws—predictable cookie values for HoldProfile/ReleaseProfile calls and an unrestricted number of simultaneous holds—expanded the attack surface, enabling profile‑hold hijacking and potential resource‑exhaustion denial‑of‑service. While these secondary issues are rated lower, they illustrate the cascading risk of inadequate input validation in system services.

Upstream responded quickly, issuing TLP 1.9.1 in early January 2026. The patch replaces the vulnerable PID‑based check with a robust D‑Bus “system bus name” subject, tying authorisation to the actual client connection. It also randomises cookie identifiers and caps concurrent holds at sixteen, mitigating both predictability and exhaustion threats. Administrators should prioritize updating to the patched version via distribution repositories and enforce strict D‑Bus access controls. The episode serves as a reminder that even well‑maintained open‑source components require continuous security audits, especially when they bridge user space and kernel‑level power management functions.

Linux Battery Utility Vulnerability Allows Authentication Bypass and System Tampering

Read Original Article
0

Comments

Want to join the conversation?

Loading comments...