Skip to main content

Researchers Say the Worst Climate Future is Less Likely. But the Best One is Also Slipping Away

1 month 2 weeks ago
Citing new research, the Associated Press reports that "modest gains in the fight to curb climate change have dialed back the most catastrophic of future heating." That's the good news. But the same research "also confirmed that there's no chance to limit warming to the international goal set in 2015." Researchers' new list of seven plausible carbon pollution scenarios for the future are pushing aside two staples of climate policy: the extremes on either end. The extremes have become less probable in the past several years because of how we power our world. Carbon dioxide, released from the burning of gas, oil and coal, is chiefly responsible for warming. Increasing use of green energies, like solar, wind and geothermal, which don't emit carbon dioxide, have lowered top end carbon pollution projections. However, because those changes haven't been fast enough, the bottom end projections have risen. The Paris climate agreement in 2015 set a goal of limiting warming to 1.5 degrees Celsius (2.7 degrees Fahrenheit) since pre-industrial times, or the mid-1800s, giving rise to the mantra "1.5 to stay alive," but now scientists say that even their best case scenario still shoots past that signature temperature mark. On the other end, those same new scenarios no longer include the coal-heavy future that would lead to 4.5 degrees Celsius (8.1 degrees Fahrenheit) of warming by 2100, a scary scenario that many scientific studies used in their future projections. The new proposed worst case scenario has an end-of-the-century warming of about 3.5 degrees Celsius (6.3 degrees Fahrenheit), a full degree (1.8 degrees Fahrenheit) less than the old scenario, while the updated best case future is a couple tenths of a degree Celsius (0.36 degrees Fahrenheit) warmer than previously theorized, squeezing past the Paris goal, said climate scientist Detlef Van Vuuren of Utrecht University, lead author of a recent study laying out future scenarios. "There is kind of a narrowing of the futures. It cannot be as bad as we thought, but it cannot be as good as we hoped," said Johan Rockström, director of the Potsdam Institute for Climate Impact Research in Germany. The scenarios include a "middle" one where by the end of the century the world warms 3 degrees Celsius (5.4 degrees Fahrenheit) above pre-industrial times, which is roughly the path society is currently on, scientists said... Because carbon pollution keeps rising globally and stays in the atmosphere for about century, the best case scenario is for warming to shoot past the 1.5 degree mark, peak at 1.7 degrees Celsius (3.1 degrees Fahrenheit) for maybe as long as 70 years, and eventually somehow come back down below 1.5 degrees if a technology can be designed to remove massive amounts of carbon from the air, said nine of the 10 scientists interviewed for this article. The world is warming at a pace of a tenth of a degree Celsius (nearly 0.2 degrees Fahrenheit) every five years, they said.

Read more of this story at Slashdot.

EditorDavid

Linux Kernel Flaw Lets Unprivileged Users Access Root-Only Files, Execute Arbitrary Commands as Root

1 month 2 weeks ago
Qualys's Threat Research Unit (TRU) has discovered and published a logic flaw in Linux kernel "that permits an unprivileged local user to disclose sensitive files and execute arbitrary commands as root on default installations of several major distributions." Friday their blog pointed out "The bug has resided in mainline Linux since November 2016 (v4.10-rc1)." "Upstream patches and distribution updates are already available." Working exploits are circulating publicly, and administrators should apply vendor kernel updates without delay. During ongoing research into Linux kernel privilege boundaries, TRU identified a narrow window in which a privileged process that is dropping its credentials remains reachable through ptrace-family operations even though its dumpable flag should have closed that path. By pairing this window with the pidfd_getfd() syscall (added in v5.6-rc1, January 2020), an attacker can capture open file descriptors and authenticated inter-process channels from a dying privileged process and re-use them under their own uid. The primitive is reliable and turns any local shell into a path to root or to sensitive credential material [including host private keys under /etc/ssh ] CVE-2026-46333 is local-only, but the impact is severe... Any unprivileged shell on a vulnerable host is enough to read /etc/shadow, exfiltrate SSH host private keys, or execute arbitrary commands as root through hijacked dbus connections to systemd. In practice, the distinction between an unprivileged foothold and full host compromise collapses: a phished developer account, a constrained CI runner, a low-privilege service account, or a shared multi-tenant host all become direct paths to root. With the vulnerable code shipping in mainline kernels since v4.10-rc1 (November 2016), the historical exposure spans nine years of enterprise fleets, cloud images, and container hosts. Qualys followed responsible disclosure throughout. Qualys reported the vulnerability privately to the upstream Linux kernel security contact on 2026-05-11. Over the following three days the kernel security team developed and reviewed the fix, CVE-2026-46333 was assigned, and the patch was committed publicly on 2026-05-14. We then engaged the linux-distros mailing list, the standard pre-disclosure channel for downstream coordination. A short time later, an independent exploit derived from the public kernel commit appeared.... Qualys is releasing the complete advisory today because the underlying technique is novel, the public picture is now incomplete and uneven, and independent researchers have already achieved local root and published exploit material. Doing so gives defenders, detection engineers, and downstream maintainers a single authoritative reference for the flaw, the race against do_exit(), the role of pidfd_getfd(), and the four exploitation case studies.

Read more of this story at Slashdot.

EditorDavid