<![CDATA[Local file exposure #vulnerability in linux kernels (CVE-2026-46333):]]>Local file exposure in linux kernels (CVE-2026-46333):

Link Preview Image
GitHub - 0xdeadbeefnetwork/ssh-keysign-pwn: Steal SSH host private keys and /etc/shadow via the ptrace_may_access mm-NULL bypass + pidfd_getfd. Pre-31e62c2ebbfd kernels.

Steal SSH host private keys and /etc/shadow via the ptrace_may_access mm-NULL bypass + pidfd_getfd. Pre-31e62c2ebbfd kernels. - 0xdeadbeefnetwork/ssh-keysign-pwn

favicon

GitHub (github.com)

Apparently this issue was already identified in 2020 but wasn't fixed back then.

Mitigation:
- runtime:
sudo sysctl -w kernel.yama.ptrace_scope=2
- To make the migiration persistent:
echo "kernel.yama.ptrace_scope=2" | sudo tee /etc/sysctl.d/01-harden-ptrace.conf

WARNING: This migation may break existing functionality. Test before deploying.

WARNING 2: While this mitigation does block the currently existing PoC, it may not prevent other attack vectors exploiting this vulnerability.

]]>https://board.circlewithadot.net/topic/f189da7d-1fb7-4a6b-91f2-77199f1a678f/local-file-exposure-vulnerability-in-linux-kernels-cve-2026-46333RSS for NodeMon, 25 May 2026 15:41:45 GMTFri, 15 May 2026 08:27:06 GMT60<![CDATA[Reply to Local file exposure #vulnerability in linux kernels (CVE-2026-46333): on Fri, 15 May 2026 19:19:51 GMT]]>@harrysintonen That must have dropped in the last four hours or so. Thanks! Updating now.

]]>https://board.circlewithadot.net/post/https://fosstodon.org/users/knasman/statuses/116580207237335253https://board.circlewithadot.net/post/https://fosstodon.org/users/knasman/statuses/116580207237335253Fri, 15 May 2026 19:19:51 GMT<![CDATA[Reply to Local file exposure #vulnerability in linux kernels (CVE-2026-46333): on Fri, 15 May 2026 18:57:54 GMT]]> has released kernel update that fixes this vulnerability.

Debian stable (trixie) kernel update: https://lists.debian.org/debian-security-announce/2026/msg00185.html

Debian oldstable (bookworm) kernel update: https://lists.debian.org/debian-security-announce/2026/msg00186.html

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/harrysintonen/statuses/116580120971058461https://board.circlewithadot.net/post/https://infosec.exchange/users/harrysintonen/statuses/116580120971058461Fri, 15 May 2026 18:57:54 GMT<![CDATA[Reply to Local file exposure #vulnerability in linux kernels (CVE-2026-46333): on Fri, 15 May 2026 08:29:42 GMT]]>kernel.yama.ptrace_scope = 2: Only admin can use ptrace, as it required CAP_SYS_PTRACE capability.

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/harrysintonen/statuses/116577650780691530https://board.circlewithadot.net/post/https://infosec.exchange/users/harrysintonen/statuses/116577650780691530Fri, 15 May 2026 08:29:42 GMT