9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros

Key Points:

• A critical Linux kernel vulnerability (CVE-2026-46333) has been uncovered after nine years, allowing unprivileged local users to access sensitive files and execute commands as root on major distributions like Debian, Fedora, and Ubuntu.
• The flaw, discovered by Qualys and rooted in the __ptrace_may_access() function since November 2016, enables attackers to disclose files such as /etc/shadow and SSH private keys, and escalate privileges via exploits targeting chage, ssh-keysign, pkexec, and accounts-daemon.
• A proof-of-concept exploit was recently released following a public kernel commit, prompting recommendations to apply the latest kernel updates or temporarily raise "kernel.yama.ptrace_scope" to 2 to mitigate risk.
• Systems exposed to the vulnerability should consider SSH host keys and cached credentials compromised, necessitating key rotation and review of administrative materials in memory of set-uid processes.
• This disclosure follows another local privilege escalation exploit called PinTheft affecting Arch Linux, which exploits a double-free vulnerability in the RDS zerocopy send path and requires specific kernel modules and configurations to succeed.