io_uring Articles

Linux io_uring Proof-of-Concept Rootkit Bypasses System Call-Based Threat Detection Tools

2025-10-29 by boardor

Shake Network Technology NewsClick the right to follow for the latest technology news! Cybersecurity researchers recently demonstrated a proof-of-concept (PoC) Rootkit named “Curing” that utilizes the Linux asynchronous I/O mechanism io_uring to bypass traditional system call monitoring. 01 Significant Blind Spots in Security Tools ARMO stated that this leads to “significant blind spots in Linux … Read more

Exposing Linux Security Blind Spots: The io_uring Mechanism Can Bypass Mainstream Detection Tools

2025-10-29 by boardor

Shake Network Technology NewsClick the right to follow for the latest technology news!The ARMO research team recently disclosed significant flaws in Linux runtime security tools, confirming that the io_uring interface allows rootkits (kernel-level malware) to bypass conventional monitoring solutions.Tests show that mainstream tools, including Falco, Tetragon and even Microsoft Defender for Endpoint, are unable to … Read more

Exposing Linux Security Blind Spots: io_uring Mechanism Can Bypass Mainstream Detection Tools

2025-10-24 by boardor

The ARMO research team recently revealed significant flaws in Linux runtime security tools, confirming that the io_uring interface allows rootkits (kernel-level malware) to bypass conventional monitoring solutions.Tests show that mainstream tools, including Falco, Tetragon, and even Microsoft Defender for Endpoint, are unable to detect attacks utilizing this mechanism. 01 Technical Principles “This mechanism allows user-space … Read more

New Discovery: Linux Rootkit Curing Can Bypass Modern Security Tools, Hiding Within the io_uring Interface

2025-10-22 by boardor

Recently, researchers have discovered a brand new Linux rootkit—Curing—that can successfully bypass existing security tools through the io_uring interface in the Linux kernel, rendering it invisible in the system and even evading detection by modern enterprise-level security software. The io_uring interface was introduced in the Linux 5.1 version to enhance I/O operation performance, aiming to … Read more

Linux io_uring Proof-of-Concept Rootkit Bypasses System Call-Based Threat Detection Tools

2025-10-22 by boardor

Recently, cybersecurity researchers demonstrated a proof-of-concept (PoC) Rootkit named “Curing” that utilizes the Linux asynchronous I/O mechanism io_uring to bypass traditional system call monitoring. 01 Significant Blind Spots in Security Tools ARMO stated that this leads to “significant blind spots in Linux runtime security tools.” In a report shared with The Hacker News, the company … Read more

Linux ‘io_uring’ Security Blind Spot Allows Stealthy Rootkit Attacks

2025-10-18 by boardor

Compiled by: Code Guardian A significant security gap in Linux runtime security caused by ‘io_uring’ can allow rootkits to operate undetected on systems while bypassing advanced enterprise security software. This vulnerability was discovered by security researchers at ARMO, who also developed a proof-of-concept rootkit named ‘Curing’ to demonstrate the practicality and feasibility of evading detection … Read more

Crash Recovery for User-Space Block Drivers

2025-05-05 by boardor

Follow to see more great articles like this~ Crash recovery for user-space block drivers By Jonathan Corbet August 29, 2022 DeepL assisted translation https://lwn.net/Articles/906097/ During the 6.0 merge window, the kernel incorporated a new user-space block driver mechanism into the kernel. This subsystem, known as “ublk,” uses io_uring to communicate with user-space drivers, achieving impressive … Read more