Linux-Kernel
ssh-keysign-pwn (CVE-2026-46333): Six-Year-Old Linux Kernel Race Hands Unprivileged Users SSH Host Keys and /etc/shadow
Qualys disclosed a six-year-old logic flaw in __ptrace_may_access that lets any local user race ssh-keysign and chage out of their host keys and shadow file. Public PoC works out of the box on Debian, Ubuntu, Arch, and the EL9/EL10 families. Patch or set kernel.yama.ptrace_scope=2 now.
Dirty Frag: Chained Linux Kernel Bugs Hand Out Root, One Half Still Unpatched
Dirty Frag chains an xfrm-ESP page-cache write (CVE-2026-43284) with an unpatched RxRPC page-cache write (CVE-2026-43500) for reliable root on most Linux distros. Embargo blew up early — public PoC is out, RxRPC fix is not.
Copy Fail (CVE-2026-31431): A 732-Byte Python Script Roots Every Major Linux Distro Since 2017
A nine-year-old logic bug in the kernel's algif_aead crypto interface lets an unprivileged user plant four bytes anywhere in the page cache — including inside a setuid binary's cached pages. Root in seconds, no on-disk artifacts, breaks containers.
CVE-2026-31414: Linux Kernel Netfilter Conntrack Flaw Enables Container Escape Privilege Escalation
A use-after-free in Linux kernel netfilter connection tracking allows local privilege escalation from container workloads — patch your nodes now.
CVE-2026-23442: Remote Kernel Panic via SRv6 NULL Pointer Dereference Threatens IPv6 Infrastructure
A CVSS 8.2 flaw in the Linux kernel's SRv6 implementation lets remote attackers crash systems with crafted IPv6 packets. Patches are out—update now.