AI description
CVE-2026-46333, publicly known as "ssh-keysign-pwn," is a local information disclosure vulnerability found in the Linux kernel. The flaw resides within the `__ptrace_may_access()` function, which is part of the kernel's `ptrace` access-check logic. This vulnerability arises during the process exit sequence of privileged programs. Specifically, a brief window exists where the kernel releases a process's memory before closing its file descriptors. An unprivileged local user can exploit this timing window to intercept and read sensitive files that were opened by the privileged process, such as SSH host private keys or the contents of `/etc/shadow`.
- Description
- In the Linux kernel, the following vulnerability has been resolved: ptrace: slightly saner 'get_dumpable()' logic The 'dumpability' of a task is fundamentally about the memory image of the task - the concept comes from whether it can core dump or not - and makes no sense when you don't have an associated mm. And almost all users do in fact use it only for the case where the task has a mm pointer. But we have one odd special case: ptrace_may_access() uses 'dumpable' to check various other things entirely independently of the MM (typically explicitly using flags like PTRACE_MODE_READ_FSCREDS). Including for threads that no longer have a VM (and maybe never did, like most kernel threads). It's not what this flag was designed for, but it is what it is. The ptrace code does check that the uid/gid matches, so you do have to be uid-0 to see kernel thread details, but this means that the traditional "drop capabilities" model doesn't make any difference for this all. Make it all make a *bit* more sense by saying that if you don't have a MM pointer, we'll use a cached "last dumpability" flag if the thread ever had a MM (it will be zero for kernel threads since it is never set), and require a proper CAP_SYS_PTRACE capability to override.
- Source
- 416baaa9-dc9f-4396-8d5f-8c081fb06d67
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 5.5
- Impact score
- 3.6
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-269
- Hype score
- Not currently trending
Top 5 Trending CVEs: 1 - CVE-2020-17103 2 - CVE-2026-8507 3 - CVE-2026-3854 4 - CVE-2026-46333 5 - CVE-2025-54957 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
20 May 2026
70 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
AI Discovers CVE-2026-46333 Linux Kernel Vulnerability #devopsish https://t.co/8ElwqTsKFi https://t.co/itQsFI8TS9
@ChrisShort
19 May 2026
148 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Linux kernel ptrace exit race ("ssh-keysign-pwn") CVE: CVE-2026-46333 PT ID: PT-2026-41298 Vendor: Linux Product: Linux CVSS: n/a Credits: n/a Description: A local privilege escalation flaw in the Linux kernel caused by a race condition in the ptrace access check during process
@ptdbugs
18 May 2026
224 Impressions
1 Retweet
1 Like
1 Bookmark
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2026-41089 2 - CVE-2023-38606 3 - CVE-2020-17103 4 - CVE-2026-46333 5 - CVE-2026-20182 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
18 May 2026
159 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Linux Kernel ptrace Exit-race / ssh-keysign-pwn Vulnerability (CVE-2026-46333) https://t.co/uDfkrTWygo #patchmanagement
@eyalestrin
17 May 2026
127 Impressions
0 Retweets
0 Likes
2 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2026-42945 2 - CVE-2026-46333 3 - CVE-2020-17103 4 - CVE-2026-41089 5 - CVE-2026-42897 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
17 May 2026
116 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
またLinux kernelの脆弱性ですか。CVE-2026-46333 ssh-keysign-pwn https://t.co/tRPsEh33tU
@ssa_noarch
17 May 2026
133 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
NVD - CVE-2026-46333 ["ssh-keysign-pwn"] Direct: https://t.co/P915QjZ8fJ https://t.co/rkf0YJZLZP
@NewMaxxSSD
16 May 2026
73 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ช่องโหว่ใหม่ linux มาอีกแล้ววววว cve-2026-46333 เปิดช่องให้ local process อ่านไฟล์อะไรก็ได้ในเครื่อง... ไม่แย่เท่าช่องโหว
@icez
16 May 2026
302 Impressions
0 Retweets
1 Like
2 Bookmarks
1 Reply
0 Quotes
ssh-keysign-pwn (CVE-2026-46333): Kernel ptrace Race Leaks Root Secrets https://t.co/FdEHVYAi6U
@jedisct1
16 May 2026
1224 Impressions
1 Retweet
9 Likes
4 Bookmarks
0 Replies
0 Quotes
CVE-2026-46333 analyse de ssh-keysign-pwn : https://t.co/qQZzrO7kpD
@cloudappai
16 May 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Neue Linux Kernel Schwachstelle ssh-keysign-pwn (CVE-2026-46333) https://t.co/N3CYLtTlbV
@etguenni
16 May 2026
253 Impressions
1 Retweet
0 Likes
1 Bookmark
0 Replies
0 Quotes
[긴급] 리눅스 커널, ptrace ssh-keysign-pwn 레이스컨디션 취약점(CVE-2026-46333) (출처 : Virus My.. | 블로그) https://t.co/n5sbirlp2p
@virusmyths
16 May 2026
109 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes