"A highly dangerous privilege escalation vulnerability, which
can allow an attacker to execute arbitrary code as root from any
GUI application, has been patched in the Linux kernel.
"The flaw was discovered by Rafal Wojtczuk, principal researcher
at Invisible Things Lab (ITL), a security research company based in
"According to Joanna Rutkowska, founder of ITL, the bug was
discovered while Mr. Wojtczuk was working on GUI virtualization in
Qubes OS, an operating system developed by the company, in which
every application runs in a separate virtual machine."