EVERYONE GETS AN LPE
Windows:
#BlueHammer (#CVE_2026_33825)
#RedSun (#CVE_2026_41091)
#UnDefend (#CVE_2026_45498)
#WindowsInstaller (#CVE_2026_27910):
Linux:
#CopyFail (#CVE_2026_31431)
#SSHKeysignPwn (#CVE_2026_46333)
FreeBSD:
#FatGid (#CVE_2026_45250)
#ExecveBug (#CVE_2026_7270)
#Ubuntu still doesn't have a patch or even a security notice for #sshkeysignpwn ...
How is this everyone else has been patched for days!
#Debian had a fix Friday morning...#DomumSocial is running on Debian, but in my day job I'm stuck with Ubuntu.
If you're also stuck with Ubuntu there is a mitigation:
`sudo sysctl -w kernel.yama.ptrace_scope=3`
I've tested this against the know exploit code at https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn
This will disable the vulnerable ptrace call until the next reboot
Seeking confirmation of my theory I was able to find:
https://almalinux.org/blog/2026-05-15-ssh-keysign-pwn-cve-2026-46333/
you can also set "yama.ptrace_scope" to "2" which will only allow root to use ptrace (and will also allow resetting it w/o reboot). The link above has more explanations and directions for setting it persistently across reboot for now.
This will break `strace` and `gdb`!
Steal SSH host private keys and /etc/shadow via the ptrace_may_access mm-NULL bypass + pidfd_getfd. Pre-31e62c2ebbfd kernels. - 0xdeadbeefnetwork/ssh-keysign-pwn
Ohne neue Linux-Root-Lücke wegen der das RZ die Häflte der Server abstellt, ist es inzwischen ja sonst auch gar kein richtiges Wochenende mehr.
"Logic bug in the Linux kernel's __ptrace_may_access() function"
👇
https://www.openwall.com/lists/oss-security/2026/05/15/2
Newest Linux kernel vulnerability mitigation:
# echo 2 > /proc/sys/kernel/yama/ptrace_scope
# echo 'kernel.yama.ptrace_scope=2' > /etc/sysctl.d/ssh-keysign-pwn.conf
On all deb systems you can install linux-vulnerability-mitigation from https://people.debian.org/~daniel/linux-vulnerability-mitigation/
Source: https://forgejo.debian.net/linux/linux-vulnerability-mitigation/src/branch/main/mitigations
#Linux #debian #Ubuntu #kernel #security #mitigation #sshkeysignpwn
Je me demande pourquoi toutes ces failles Linux sortent maintenant ?
https://www.phoronix.com/news/Linux-ssh-keysign-pwn
#linux #sécurité #faille #faillesécurité #dirty_frag #fragnesia #sshkeysignpwn
⚠️ 🤪 🔥 
Nouvelle vuln kernel Linux aujourd'hui : ssh-keysign-pwn 🔑
Pas une LPE cette fois, mais lecture de fichiers root en user non-privilégié :
• Clés privées SSH host (ecdsa/ed25519/rsa)
• /etc/shadow → crack offline
Le bug : ptrace_may_access() saute le check dumpable quand mm=NULL. Race window entre exit_mm() et exit_files(). Flaggé par Jann Horn en 2020... corrigé en 2026. 6 ans.
Confirmé sur : Debian 13, Ubuntu 22/24/26, Arch, CentOS, RPi OS. Pas de prérequis CONFIG spécifique donc cela semblerait bien plus universel que Fragnesia.
Patch mergé dans mainline par Linus aujourd'hui (31e62c2ebbfd), pas encore dans les kernels stables.
Pas de CVE assigné à ce stade.
👇
https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn
"Six-Year-Old Linux Kernel Flaw Lets Unprivileged Users Read Root-Owned Files
"
⬇️
https://9to5linux.com/six-year-old-linux-kernel-flaw-lets-unprivileged-users-read-root-owned-files
Steal SSH host private keys and /etc/shadow via the ptrace_may_access mm-NULL bypass + pidfd_getfd. Pre-31e62c2ebbfd kernels. - 0xdeadbeefnetwork/ssh-keysign-pwn
Hacker Memes
Jon
Tobias Zeumer
NOC Evolix / AS197696
Jérémy Lecour
decio
Frehi
FLF