Nine-Year-Old Linux Kernel Bug Lets Local Users Root on Major Distros

May 21, 2026 at 01:02 PM

•

1 min read

Nine-Year-Old Linux Kernel Bug Lets Local Users Root on Major Distros — Photo: The Hacker News

TL;DR Summary

Qualys disclosed CVE-2026-46333, a nine-year-old Linux kernel privilege-escalation flaw in __ptrace_may_access() that can let an unprivileged local user read /etc/shadow, access SSH private keys, and execute commands as root on Debian, Fedora, and Ubuntu; a PoC is available, patches have been released, and mitigations include updating the kernel or setting kernel.yama.ptrace_scope=2 and rotating host keys.

Topics:technology #cve-2026-46333 #debian-ubuntu-fedora #linux-kernel #local-exploit #privilege-escalation #security

Share this article

9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros The Hacker News
CVE-2026-46333: Local Root Privilege Escalation and Credential Disclosure in the Linux Kernel ptrace Path Qualys
PinTheft Linux Vulnerability Let Attackers Gain Root Access - PoC Released CyberSecurityNews
Linux kernel flaw opens root-only files to unprivileged users The Register
DirtyDecrypt: PoC Released for yet another Linux flaw Security Affairs

Reading Insights

Total Reads

Unique Readers

Time Saved

2 min

vs 3 min read

Condensed

88%

443 → 55 words

Want the full story? Read the original article

Read on The Hacker News

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights