Local file exposure #vulnerability in linux kernels (CVE-2026-46333):
-
Local file exposure #vulnerability in linux kernels (CVE-2026-46333):
GitHub - 0xdeadbeefnetwork/ssh-keysign-pwn: Steal SSH host private keys and /etc/shadow via the ptrace_may_access mm-NULL bypass + pidfd_getfd. Pre-31e62c2ebbfd kernels.
Steal SSH host private keys and /etc/shadow via the ptrace_may_access mm-NULL bypass + pidfd_getfd. Pre-31e62c2ebbfd kernels. - 0xdeadbeefnetwork/ssh-keysign-pwn
GitHub (github.com)
Apparently this issue was already identified in 2020 but wasn't fixed back then.
Mitigation:
- runtime:
sudo sysctl -w kernel.yama.ptrace_scope=2
- To make the migiration persistent:
echo "kernel.yama.ptrace_scope=2" | sudo tee /etc/sysctl.d/01-harden-ptrace.confWARNING: This migation may break existing functionality. Test before deploying.
WARNING 2: While this mitigation does block the currently existing PoC, it may not prevent other attack vectors exploiting this vulnerability.
-
Local file exposure #vulnerability in linux kernels (CVE-2026-46333):
GitHub - 0xdeadbeefnetwork/ssh-keysign-pwn: Steal SSH host private keys and /etc/shadow via the ptrace_may_access mm-NULL bypass + pidfd_getfd. Pre-31e62c2ebbfd kernels.
Steal SSH host private keys and /etc/shadow via the ptrace_may_access mm-NULL bypass + pidfd_getfd. Pre-31e62c2ebbfd kernels. - 0xdeadbeefnetwork/ssh-keysign-pwn
GitHub (github.com)
Apparently this issue was already identified in 2020 but wasn't fixed back then.
Mitigation:
- runtime:
sudo sysctl -w kernel.yama.ptrace_scope=2
- To make the migiration persistent:
echo "kernel.yama.ptrace_scope=2" | sudo tee /etc/sysctl.d/01-harden-ptrace.confWARNING: This migation may break existing functionality. Test before deploying.
WARNING 2: While this mitigation does block the currently existing PoC, it may not prevent other attack vectors exploiting this vulnerability.
kernel.yama.ptrace_scope = 2: Only admin can use ptrace, as it required CAP_SYS_PTRACE capability.
-
Local file exposure #vulnerability in linux kernels (CVE-2026-46333):
GitHub - 0xdeadbeefnetwork/ssh-keysign-pwn: Steal SSH host private keys and /etc/shadow via the ptrace_may_access mm-NULL bypass + pidfd_getfd. Pre-31e62c2ebbfd kernels.
Steal SSH host private keys and /etc/shadow via the ptrace_may_access mm-NULL bypass + pidfd_getfd. Pre-31e62c2ebbfd kernels. - 0xdeadbeefnetwork/ssh-keysign-pwn
GitHub (github.com)
Apparently this issue was already identified in 2020 but wasn't fixed back then.
Mitigation:
- runtime:
sudo sysctl -w kernel.yama.ptrace_scope=2
- To make the migiration persistent:
echo "kernel.yama.ptrace_scope=2" | sudo tee /etc/sysctl.d/01-harden-ptrace.confWARNING: This migation may break existing functionality. Test before deploying.
WARNING 2: While this mitigation does block the currently existing PoC, it may not prevent other attack vectors exploiting this vulnerability.
#Debian has released kernel update that fixes this vulnerability.
Debian stable (trixie) kernel update: https://lists.debian.org/debian-security-announce/2026/msg00185.html
Debian oldstable (bookworm) kernel update: https://lists.debian.org/debian-security-announce/2026/msg00186.html
-
#Debian has released kernel update that fixes this vulnerability.
Debian stable (trixie) kernel update: https://lists.debian.org/debian-security-announce/2026/msg00185.html
Debian oldstable (bookworm) kernel update: https://lists.debian.org/debian-security-announce/2026/msg00186.html
@harrysintonen That must have dropped in the last four hours or so. Thanks! Updating now.
-
D drajt@fosstodon.org shared this topic
