CVE-2026-46333

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.8 Linux kernel versions prior to 6.18.31 Linux kernel versions prior to 6.12.89 Linux kernel versions prior to 6.6.139 Linux kernel versions prior to 6.1.173 Linux kernel versions prior to 5.15.207 Linux kernel versions prior to 5.10.256

Description An improper privilege management issue exists in the Linux kernel ptrace path, specifically within the get dumpable() and ptrace may access() functions. The flaw stems from the logic used to determine the dumpability of a task; the system incorrectly handled cases where a task lacked an associated memory management (mm) pointer, such as kernel threads. This allows an unprivileged local user to bypass traditional capability models and potentially steal privileged file descriptors during process shutdown via a race condition. Successful exploitation can lead to local root privilege escalation and the disclosure of sensitive information, including SSH host private keys and password hashes from /etc/shadow. Exploitation may target binaries such as chage, ssh-keysign, pkexec, and accounts-daemon, and requires the Reliable Datagram Sockets (RDS) module to be loaded, io ring to be enabled, a readable SUID-root binary, and x86 64 support.

Recommendations Update the kernel to version 7.0.8 or newer. Update the kernel to version 6.18.31 or newer. Update the kernel to version 6.12.89 or newer. Update the kernel to version 6.6.139 or newer. Update the kernel to version 6.1.173 or newer. Update the kernel to version 5.15.207 or newer. Update the kernel to version 5.10.256 or newer. As a temporary mitigation, set sysctl kernel.yama.ptrace scope=2.