Summary
A six-year-old Linux kernel race condition (CVE-2026-46333) allows local attackers to steal SSH private keys and password hashes by hijacking file descriptors during process termination. The flaw affects major distributions including Ubuntu and Debian, and a public exploit is available.
Take Action:
Apply the latest Linux kernel patches ASAP to all affected systems (Ubuntu 22.04/24.04/26.04, Debian 13, Arch, CentOS 9, Raspberry Pi OS, CloudLinux 8/9/10), and rotate all SSH host keys on systems that allowed shell access to untrusted users. Until patched, restrict local shell access to trusted users only and monitor for suspicious use of pidfd_getfd or SUID binaries like ssh-keysign and chage.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)