CVE-2026-46333: Linux kernel flaw turns foothold into root
Inhaltsübersicht
On May 20, Qualys disclosed CVE-2026-46333, a logic flaw in the Linux kernel that has been sitting in mainline code since November 2016. The bug lives in __ptrace_may_access(). It lets an unprivileged local user read /etc/shadow, steal SSH host private keys, or execute commands as root. Public exploits already work against default installs of Debian 13, Ubuntu 24.04, Ubuntu 26.04, Fedora 43, and Fedora 44. Patches are out.
What CVE-2026-46333 actually is
The flaw is a logic error in the kernel function that decides whether one process can attach to another using ptrace, the interface debuggers like gdb und strace rely on. It is not a memory corruption bug, not a classic race condition, and not remotely exploitable.
Here is the precise mechanism.
When a privileged process (a set-uid-root binary like ssh-keysign oder chage) shuts down, its memory descriptor is detached before its file descriptor table is closed. During that window, the kernel’s access check skips a safeguard called the dumpable flag because the check looks for the memory descriptor and finds it already NULL. An unprivileged local user exploits the window using pidfd_getfd(), a syscall added in Linux 5.6 (January 2020), to copy file descriptors out of the exiting privileged process. Those descriptors now belong to the attacker — but they still point at whatever resources the privileged process had open. That includes /etc/shadow, SSH host private keys, and authenticated D-Bus connections to systemd.
Qualys built four working exploits against default installs of Debian 13, Ubuntu 24.04, Ubuntu 26.04, Fedora 43, and Fedora 44:
chage— discloses/etc/shadowssh-keysign— discloses SSH host private keyspkexec— executes arbitrary commands as rootaccounts-daemon— executes arbitrary commands as root
Two of these escalate to root directly. The other two disclose secrets that lead to the same outcome through a different path. Stolen SSH host keys let an attacker impersonate the server. Stolen /etc/shadow hashes feed offline cracking. Stolen D-Bus channels can be replayed to command systemd.
The vulnerable code has shipped in mainline Linux since v4.10-rc1 in November 2016. That is roughly nine years of enterprise fleets, cloud images, and container hosts inheriting the flaw.
Why “local-only” underestimates the risk
The boundary between “unprivileged local user” and “host fully compromised” has been eroding for years. CVE-2026-46333 collapses it entirely. The unprivileged local shells that feed this exploit come from places security teams already know about:
- A phished developer with SSH access to a jump host
- A constrained CI/CD runner executing untrusted pull requests
- A low-privilege service account on a multi-tenant application server
- A web shell dropped via an unpatched application vulnerability
- A shared hosting environment where tenants are isolated by user account
Every one of those is an exposure problem before it is a kernel problem. CVE-2026-46333 is the second stage of a kill chain. The first stage is something your external attack surface already exposes — or already leaked.
The initial-access problem we see every day
The conversation here usually skips ahead to patching. We want to slow it down.
- Exposed SSH services on infrastructure the owner has forgotten — staging environments, decommissioned hosts still running, shadow IT spun up by individual teams
- Forgotten Linux servers that have drifted out of the patch management program, often discovered only when something on them breaks
- Development and CI/CD endpoints exposed to the internet without IP restrictions
- Container registries and Kubernetes API endpoints reachable without authentication or behind weak credentials
Credential Intelligence adds the other half of the picture. Compromised credentials surfacing on underground forums routinely include SSH passwords, sudo passwords, and personal access tokens. These grant exactly the kind of unprivileged local shell CVE-2026-46333 needs.
Combine exposed Linux infrastructure with compromised credentials and the “local-only” caveat stops being reassuring. It becomes a description of how the attack will actually unfold.
We are not claiming to have observed active exploitation of CVE-2026-46333 in our telemetry. The vulnerability is days old. What we observe continuously and at scale is the initial-access conditions that make this CVE matter.
What to do this week
Here is a quick check list starting with the obvious.
Patch the kernel. Debian, Ubuntu, Red Hat, SUSE, Fedora, AlmaLinux, and CloudLinux have shipped updates. Prioritize multi-tenant systems, shared developer infrastructure, CI/CD runners, and any host where unprivileged users have shell access. These are the systems where the gap between “compromised user” and “compromised host” matters most.
Apply the interim mitigation where patching has to wait. Set kernel.yama.ptrace_scope = 2. This requires CAP_SYS_PTRACE for ptrace attachment and blocks the public exploits at the pidfd_getfd() access check. The setting is reversible only by reboot, and it will break some workflows — gdb -p against processes the user did not launch, certain browser crash-reporter sandboxes, some container debug tooling, CRIU. Test in a representative environment first.
Rotate credentials the vulnerable kernel could have exposed. On any host that allowed untrusted local users during the exposure window, treat SSH host private keys, locally cached credentials, and material that lived in set-uid process memory as potentially disclosed. Rotate the SSH host keys. Review what administrative material may have been exposed.
Map your external Linux footprint. Which hosts are reachable from the internet, which run unpatched kernels, and which expose interactive access (SSH, admin web shells, CI runner control planes). This work pays off across every future kernel CVE, not just this one.
Check whether credentials granting access to those hosts have leaked. A patched kernel does not stop an attacker who is already logged in as a legitimate user. Credential exposure on underground sources is a leading indicator of foothold risk.
The pattern behind the patch
CVE-2026-46333 is the fourth Linux kernel privilege-escalation issue disclosed in three weeks, following Copy Fail (April 29), Dirty Frag (May 7), and Fragnesia (May 13). Each one triggered the same cycle: disclosure, patch scramble, return to business as usual.
