A double-free memory corruption bug could allow attackers to gain root access on Ubuntu systems. The bug was accidentally spotted by GitHub security researcher Kevin Backhouse while testing an exploit demo for another AccountsService bug. AccountsService is a D-Bus service that helps manipulate and query information attached to the user accounts available on a device. Backhouse found that AccountsService incorrectly handled memory during some language setting operations, a flaw that local attackers could abuse to escalate privileges to root on vulnerable devices. This privilege escalation flaw was fixed by Canonical in November when AccountsService versions 0.6.55-0ubuntu12~20.04.5, 0.7-0.4-0.”]