ssh-keysign-pwn — CVE-2026-46333
A critical race condition flaw in
🔗 Exploit:
https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn
🔗 Source:
https://blog.qualys.com/vulnerabilities-threat-research/2026/05/20/cve-2026-46333-local-root-privilege-escalation-and-credential-disclosure-in-the-linux-kernel-ptrace-path
#linux #kernel #privesc #racecondition #pidfd
A critical race condition flaw in
pre-31e62c2ebbfd Linux kernels. Due to a window during process exit where the memory management structure is cleared before file descriptors are closed, an unprivileged user can use pidfd_getfd(2) to steal open file descriptors of privileged processes, enabling unauthorized reading of root-owned files.🔗 Exploit:
https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn
🔗 Source:
https://blog.qualys.com/vulnerabilities-threat-research/2026/05/20/cve-2026-46333-local-root-privilege-escalation-and-credential-disclosure-in-the-linux-kernel-ptrace-path
#linux #kernel #privesc #racecondition #pidfd
GitHub
GitHub - 0xdeadbeefnetwork/ssh-keysign-pwn: Steal SSH host private keys and /etc/shadow via the ptrace_may_access mm-NULL bypass…
Steal SSH host private keys and /etc/shadow via the ptrace_may_access mm-NULL bypass + pidfd_getfd. Pre-31e62c2ebbfd kernels. - 0xdeadbeefnetwork/ssh-keysign-pwn
2🔥10❤🔥3❤3