Researchers Demonstrate Curing Rootkit Exploiting Linux io_uring Mechanism
CybersecurityHackingLinuxRootkits
Cybersecurity researchers have demonstrated a proof-of-concept (PoC) rootkit named Curing that exploits a Linux asynchronous I/O mechanism called io_uring to bypass traditional system call monitoring. This creates a "large blind spot in Linux runtime security tools," according to ARMO. The io_uring mechanism allows a user application to perform various actions without using system calls.