Privilege escalation vulnerability in Linux kernel __ptrace_may_access() disclosed after nine years

First reported

21.05.2026 10:35

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

A nine-year-old privilege escalation vulnerability in the Linux kernel, tracked as CVE-2026-46333 (CVSS 5.5), has been publicly disclosed. The flaw stems from improper privilege management in the kernel’s __ptrace_may_access() function, enabling unprivileged local users to execute arbitrary commands as root or disclose sensitive files such as /etc/shadow and SSH host keys on default installations of major distributions including Debian, Fedora, and Ubuntu. Exploitation can occur through four distinct attack vectors targeting chage, ssh-keysign, pkexec, and accounts-daemon, providing reliable local root access. A proof-of-concept exploit has been released alongside kernel fixes, and workarounds include raising kernel.yama.ptrace_scope to 2.

Timeline

21.05.2026 10:35 1 articles · 4h ago

CVE-2026-46333 Linux kernel privilege escalation vulnerability disclosed with PoC available
CVE-2026-46333, a nine-year-old Linux kernel vulnerability in __ptrace_may_access(), was disclosed with a CVSS score of 5.5. The flaw enables local unprivileged users to execute arbitrary commands as root or disclose sensitive files including /etc/shadow and SSH host keys on default installations of Debian, Fedora, and Ubuntu. A public PoC exploit was released shortly after kernel patches, with four exploitation vectors identified. Temporary mitigation via kernel.yama.ptrace_scope=2 is recommended until kernel updates can be applied.
Show sources

9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros — thehackernews.com — 21.05.2026 10:35
Open in new tab

Information Snippets

CVE-2026-46333 affects the Linux kernel’s __ptrace_may_access() function, introduced in November 2016.
First reported: 21.05.2026 10:35

1 source, 1 article
Show sources
- 9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros — thehackernews.com — 21.05.2026 10:35
The vulnerability allows local unprivileged attackers to execute arbitrary commands as root or disclose sensitive files including /etc/shadow and SSH host private keys on affected distributions.
First reported: 21.05.2026 10:35

1 source, 1 article
Show sources
- 9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros — thehackernews.com — 21.05.2026 10:35
Successful exploitation requires only local access; no authentication bypass or network exposure is necessary.
First reported: 21.05.2026 10:35

1 source, 1 article
Show sources
- 9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros — thehackernews.com — 21.05.2026 10:35
Four distinct attack vectors have been identified: chage, ssh-keysign, pkexec, and accounts-daemon.
First reported: 21.05.2026 10:35

1 source, 1 article
Show sources
- 9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros — thehackernews.com — 21.05.2026 10:35
A proof-of-concept (PoC) exploit for CVE-2026-46333 was publicly released following the kernel commit addressing the issue.
First reported: 21.05.2026 10:35

1 source, 1 article
Show sources
- 9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros — thehackernews.com — 21.05.2026 10:35
The flaw has been assigned a CVSS score of 5.5, indicating moderate severity.
First reported: 21.05.2026 10:35

1 source, 1 article
Show sources
- 9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros — thehackernews.com — 21.05.2026 10:35
Qualys researchers described the primitive as reliable, enabling any local shell to escalate privileges to root or access sensitive credentials.
First reported: 21.05.2026 10:35

1 source, 1 article
Show sources
- 9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros — thehackernews.com — 21.05.2026 10:35
Temporary mitigation includes raising kernel.yama.ptrace_scope to 2, though kernel updates are recommended for full remediation.
First reported: 21.05.2026 10:35

1 source, 1 article
Show sources
- 9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros — thehackernews.com — 21.05.2026 10:35
Administrators are advised to rotate SSH host keys and review cached credentials on systems where untrusted local users were permitted during the exposure window.
First reported: 21.05.2026 10:35

1 source, 1 article
Show sources
- 9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros — thehackernews.com — 21.05.2026 10:35
CVE-2026-46333 follows recent high-profile Linux kernel vulnerabilities including Copy Fail, Dirty Frag, and Fragnesia disclosed in the prior month.
First reported: 21.05.2026 10:35

1 source, 1 article
Show sources
- 9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros — thehackernews.com — 21.05.2026 10:35

Summary

Timeline

CVE-2026-46333 Linux kernel privilege escalation vulnerability disclosed with PoC available

Information Snippets