Linux Kernel Flaw CVE-2026-46333 Exposes Systems to Local Root Attacks via ptrace Race

A logic error buried in the Linux kernel’s process-tracing code has given unprivileged users a path to root privileges and secret data on servers running default configurations across major distributions. Researchers at Qualys uncovered the issue, tracked as CVE-2026-46333, and detailed how a narrow race during process exit bypasses safeguards meant to protect sensitive file descriptors.

The bug has persisted since November 2016. It first appeared in kernel version 4.10-rc1. That nine-year window means countless production systems carried the vulnerability without anyone noticing until now. Working exploits already circulate online. Administrators face immediate pressure to patch.

At its core the flaw sits inside __ptrace_may_access(). This function decides whether one process can inspect or manipulate another. When a task exits, the kernel detaches its memory descriptor before it closes open files. During that sliver of time the dumpable check returns early because the mm pointer sits at NULL. The code still proceeds to security_ptrace_access_check. And on systems with the default Yama LSM setting of ptrace_scope=1, that hook often grants access when the attacker acts as parent to a spawned SUID child. Simple. Dangerous.

Qualys researchers demonstrated multiple attack paths. One targets ssh-keysign, the setuid helper that reads OpenSSH host private keys during authentication. Another hits chage, which opens /etc/shadow. A third abuses pkexec or accounts-daemon to run arbitrary commands as root. The Qualys advisory walks through each with clear reproduction steps on Debian 13, Ubuntu 24.04, and recent Fedora releases.

CloudLinux saw the same pattern. Their analysis pinpointed the race inside do_exit. Between memory detachment and file table cleanup, an attacker calls pidfd_getfd, the interface added in Linux 5.6. The call duplicates descriptors still held by the dying privileged process. No special configuration required. Public proof-of-concept code on GitHub confirms it works against SSH host keys and the shadow database. CloudLinux’s blog post outlines the exact sequence and notes that older kernels without pidfd_getfd remain vulnerable to adapted attacks using ptrace_attach.

Red Hat classified the issue as Important. Their advisory describes how the permission enforcement fails during process teardown. A low-privileged local user ends up able to copy open file descriptors from privileged processes that briefly retain root-owned files or authenticated connections such as D-Bus. The window is short. Success depends on precise timing, yet the exploits succeed reliably on default installs. Red Hat’s security bulletin lists affected releases including RHEL 8, 9, and 10 along with dependent products such as OpenShift.

Ubuntu published guidance under the nickname ssh-keysign-pwn. They rate it High priority despite a CVSS base score of 5.5. The blog stresses that the race lets unprivileged callers inspect SUID or SGID processes via ptrace during exit. Exposed data includes hashed passwords and host private keys. Fixes rolled out through kernel updates based on mainline commit 36d49bba. Until those arrive, Ubuntu recommends tightening the Yama scope. Ubuntu’s blog provides the exact sysctl commands to set kernel.yama.ptrace_scope=2, which blocks most unprivileged ptrace usage while preserving some debugger functionality.

The upstream kernel patch takes a cleaner approach. It adjusts get_dumpable logic so the check makes sense even without an associated mm structure. The change caches the last known dumpability value for threads that once had memory descriptors and requires CAP_SYS_PTRACE for overrides in kernel-thread cases. Linus Torvalds’ tree accepted the fix quickly. Stable backports appeared in multiple branches.

Yet patching every fleet takes time. Many organizations run containers, virtual machines, or embedded systems where kernel updates carry risk. Temporary defenses exist. Setting ptrace_scope to 2 or 3 via sysctl limits the attack surface. Some vendors offer unique toggles. CloudLinux provides kernel.user_ptrace=0, a host-wide block that stops unprivileged ptrace entirely. Removing the setuid bit from known vulnerable helpers like ssh-keysign and chage buys breathing room, though administrators must audit other SUID binaries that open privileged files at exit.

Security teams already debate the broader implications. Local access often gets dismissed as low threat. This case challenges that view. An attacker who reaches a non-root shell through a web application flaw or compromised service account can now extract credentials that open doors elsewhere. SSH host keys enable server impersonation. Shadow file contents fuel offline password cracking. Arbitrary root execution hands over the entire machine.

Distributions responded with speed. Debian, Fedora, SUSE, AlmaLinux, and Amazon Linux all issued updates or pending-fix notices within days of disclosure. The National Vulnerability Database published the CVE on May 15, 2026, citing the oss-security mailing list thread. NVD links point to the kernel commits that close the gap.

Still, the episode reveals how subtle logic oversights survive for years. The dumpable flag concept originated with core-dump protection. Over time developers reused it for credential checks in ptrace paths. The mm==NULL case slipped through because most callers assume a live memory descriptor. One small reordering of exit steps exposed the assumption.

Enterprise operators should verify their kernels today. Run uname -r. Check for the upstream commit hash or the vendor backport. If unpatched, apply the sysctl workaround immediately and schedule maintenance windows for the kernel update. Monitor for public exploit variants that might target additional SUID binaries.

The discovery also renews focus on attack-surface reduction. Features like pidfd_getfd improve debugging and container management. They also hand attackers elegant primitives when paired with races. Hardening efforts around Yama, Landlock, and seccomp continue to evolve, yet each new interface demands fresh scrutiny of exit paths and permission checks.

Qualys emphasized a blunt message. Local does not mean low priority. The history of high-impact local privilege escalations in Linux bears that out. From Dirty COW to recent XFRM bugs, attackers chain these flaws with initial footholds to own infrastructure. This one fits the pattern. The difference lies in its longevity and the ease of exploitation on everyday servers.

Patches exist. Awareness spreads. The window for mass exploitation narrows by the hour. Yet the underlying lesson remains. Kernel code that seems peripheral can hold the keys to the kingdom. Teams that treat every local flaw as urgent will stay ahead. Those that wait may find their secrets already copied and their root shells already active.