ssh-keysign-pwn Update:
https://sketchesfromahomelab.com/articles/2026/05/25/ssh-keysign-pwn/
#RHEL has released kernel updates that fix ssh-keysign-pwn. More info at https://access.redhat.com/security/cve/cve-2026-46333
#cve #cve_2026_46333 #linux #local_privilege_escalation #security #ssh_keysign_pwn
UPDATE - I've updated my entry on the status of Ubuntu and CVE-2026-46333. The official Ubuntu security bulletin presents conflicting information, which also conflicts with Canonical's own Luci Stanescu about the subject.
My recommendation: set `kernel.yama.ptrace_scope` to at least 2 anyway unless you *need* unprivileged users to have ptrace access. Better to be safe than sorry.
CVE-2026-46333 ssh-keysign-pwn - links to analysis, mitigations, and fixes:
https://sketchesfromahomelab.com/articles/2026/05/25/ssh-keysign-pwn/
Linux Kernel 7.0.8 is released with patches to fix the ssh-keysign-pwn (CVE-2026-46333) root exploit flaw. Update your Linux system today.
More details here: https://ostechnix.com/linux-kernel-7-0-8-ssh-keysign-pwn-root-exploit-fix/
#Linux #Kernel708 #ssh_keysign_pwn #CVE_2026_46333 #Rootexploit #Security #Kernelpatch
Local file exposure #vulnerability in linux kernels (CVE-2026-46333):
https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn
Apparently this issue was already identified in 2020 but wasn't fixed back then.
Mitigation:
- runtime:
sudo sysctl -w kernel.yama.ptrace_scope=2
- To make the mitigation persistent:
echo "kernel.yama.ptrace_scope=2" | sudo tee /etc/sysctl.d/01-harden-ptrace.conf
WARNING: This mitigation may break existing functionality. Test before deploying.
WARNING 2: While this mitigation does block the currently existing PoC, it may not prevent other attack vectors exploiting this vulnerability.
Steal SSH host private keys and /etc/shadow via the ptrace_may_access mm-NULL bypass + pidfd_getfd. Pre-31e62c2ebbfd kernels. - 0xdeadbeefnetwork/ssh-keysign-pwn
[aj]
OSTechNix
Harry Sintonen