Cve-2026-46333

vulnerabilities 2026-05-16
ssh-keysign-pwn (CVE-2026-46333): Six-Year-Old Linux Kernel Race Hands Unprivileged Users SSH Host Keys and /etc/shadow
Qualys disclosed a six-year-old logic flaw in __ptrace_may_access that lets any local user race ssh-keysign and chage out of their host keys and shadow file. Public PoC works out of the box on Debian, Ubuntu, Arch, and the EL9/EL10 families. Patch or set kernel.yama.ptrace_scope=2 now.
linux-kernel cve-2026-46333 ptrace pidfd_getfd ssh local-privilege-escalation qualys

ssh-keysign-pwn (CVE-2026-46333): Six-Year-Old Linux Kernel Race Hands Unprivileged Users SSH Host Keys and /etc/shadow