The Linux operating system kernel has been patched against yet another flaw that leaves servers in some shared Web hosting environments susceptible to hijacking.

The vulnerability, formally cataloged as CVE-2014-3153, is located in the futex subsystem of Linux, according to an advisory published Thursday by Debian, a distributor of the open source OS. The flaw allows untrusted users with unprivileged system access to escalate their control. From there, they can crash the system or do other nefarious things, including possibly executing malicious code.

"Pinkie Pie discovered an issue in the futex subsystem that allows a local user to gain ring 0 control via the futex syscall," the advisory stated. "An unprivileged user could use this flaw to crash the kernel (resulting in denial of service) or for privilege escalation."

Enter chkrootkit

The vulnerability came to light two days after the surfacing of another critical vulnerability threatening open source users. A flaw in chkrootkit, aka Check Rootkit, allows attackers with local access to gain root control by planting malicious code inside the /tmp directory. Server administrators use chkrootkit to detect rootkits on their systems. More details about the vulnerability are here.

Ars readers may remember that Pinkie Pie is the moniker of the then-teenage ethical hacker who in 2012 pierced the vaunted security sandbox of the Google Chrome browser . A full autopsy published afterward underscored the complexity of the hack, showing it exploited six separate bugs to bypass the Chrome fortress . The feat was impressive for any exploit developer, but especially so for a teen working alone.

The futex privilege escalation bug resembles a separate Linux flaw fixed last month. It resided in the n_tty_write function controlling the Linux pseudo tty device. References to the futex flaw and fix couldn't immediately be located on kernel.org, the distributor of Linux, or on websites of other developers. Readers are invited to provide links in comments.