# Disclosure agreement This issue will most likely be made publicly eventually. If you need to write contents that should not be disclosed ever, write it in an _internal note_. # Summary https://github.com/v12-security/pocs/tree/main/pintheft: > PinTheft is a Linux local privilege escalation exploit for an RDS zerocopy double-free that can be turned into a page-cache overwrite through `io_uring` fixed buffers. # To Do - [x] Set milestone to the upcoming release - We can fine-tune this later once we have assessed severity. - [x] Fill the _Summary_, _Impact_, and _Availability_ sections, so that: - We can assess the severity of this issue. - Our technical writers have the information they need to write release notes. - [x] Assess the severity of this issue according to our [Security issue response policy](https://tails.net/contribute/security_policy/) - [x] Have the severity assessment confirmed by another Tails Team member - [ ] Track the next steps, according to our [Security issue response policy](https://tails.net/contribute/security_policy/) - The next steps depend on the severity of this issue. - For example: track when this issue can be disclosed, in a way that will survive this issue being closed and the corresponding MR being merged. - [ ] [Decide](https://tails.net/contribute/working_together/roles/release_manager/#emergency-release) whether we will do an emergency release or document mitigation measures # Impact (What happens if an attacker successfully exploits this security issue. Focus on what this means _practically_ for a user's safety.) # Availability None: we block loading `rds`. Details: https://gitlab.tails.boum.org/tails/tails/-/work_items/21613#note_284452 # Details (How exactly can an attacker exploit this security issue.) # Possible fixes (Ideas about how we could fix this security issue.) # Related documentation - [Security issue response policy](https://tails.net/contribute/security_policy/)