ssh-keysign-pwn Update:
https://sketchesfromahomelab.com/articles/2026/05/25/ssh-keysign-pwn/
#RHEL has released kernel updates that fix ssh-keysign-pwn. More info at https://access.redhat.com/security/cve/cve-2026-46333
#cve #cve_2026_46333 #linux #local_privilege_escalation #security #ssh_keysign_pwn
UPDATE - I've updated my entry on the status of Ubuntu and CVE-2026-46333. The official Ubuntu security bulletin presents conflicting information, which also conflicts with Canonical's own Luci Stanescu about the subject.
My recommendation: set `kernel.yama.ptrace_scope` to at least 2 anyway unless you *need* unprivileged users to have ptrace access. Better to be safe than sorry.
CVE-2026-46333 ssh-keysign-pwn - links to analysis, mitigations, and fixes:
https://sketchesfromahomelab.com/articles/2026/05/25/ssh-keysign-pwn/
Linux Kernel 7.0.8 is released with patches to fix the ssh-keysign-pwn (CVE-2026-46333) root exploit flaw. Update your Linux system today.
More details here: https://ostechnix.com/linux-kernel-7-0-8-ssh-keysign-pwn-root-exploit-fix/
#Linux #Kernel708 #ssh_keysign_pwn #CVE_2026_46333 #Rootexploit #Security #Kernelpatch
[aj]
OSTechNix