An unprivileged local user should not be able to read the SSH host private keys or /etc/shadow. CVE-2026-46333, nicknamed ssh-keysign-pwn, opens exactly that door through a race in the Linux kernel ptrace subsystem. Qualys reported it to the kernel security team on 11 May 2026, the patch landed on 14 May, and NVD published the entry on the 15th with a CVSS score of 7.1 (vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).
Where the flaw lives
The bug sits in __ptrace_may_access() and the get_dumpable() logic. When a process exits, the kernel first detaches its memory descriptor (mm) and only afterwards closes its file descriptor table. Between those two steps there is a narrow window where mm is already NULL, and the ptrace access check skips its dumpable safeguard precisely because there is no associated memory map.
That is where pidfd_getfd(2) comes in, the file descriptor cloning interface added in Linux 5.6 that lets a process copy an open descriptor from another process. During that window, an unprivileged process can call pidfd_getfd(2) against an exiting SUID binary and copy its already-open descriptors. The targets are SUID binaries that legitimately open root-owned files during their normal exit path, mainly ssh-keysign (which reads the SSH host private keys) and chage (which reads the shadow password database).
The bug is not new. It has been in mainline since November 2016 and traces back to a patch proposal by Jann Horn that was never merged. Qualys built four working exploits, covering chage, ssh-keysign, pkexec and accounts-daemon.
Who is affected and how bad it is
Any system running a kernel that ships pidfd_getfd() (Linux 5.6 and later) together with the vulnerable ptrace logic. The list of distributions with a published advisory includes Debian 13, Ubuntu 24.04 and 26.04, Fedora 43 and 44, SUSE, AlmaLinux and CloudLinux.
This is not remote code execution and it does not hand out root directly, which is why it stays at CVSS 7.1 instead of going higher. Reading SSH host keys and /etc/shadow hashes is still serious. With the host private key an attacker can impersonate the server in man-in-the-middle attacks, and with the password hashes they can crack credentials offline at their own pace. On multi-user systems, shared hosting or servers with low-trust accounts, the risk is immediate.
How to mitigate it
The right fix is to update the kernel to the patched version your distribution ships and reboot. Advisories from Debian, Ubuntu, Fedora, SUSE, AlmaLinux and CloudLinux were already available by mid-May 2026.
If you have to wait for the patch, there is a solid interim mitigation: raise kernel.yama.ptrace_scope to 2, which restricts ptrace attach to admins only. That blocks the public exploits, because their pidfd_getfd(2) path is gated by __ptrace_may_access().
sysctl -w kernel.yama.ptrace_scope=2To make it persistent, add kernel.yama.ptrace_scope = 2 to /etc/sysctl.d/. Keep in mind this can affect debuggers and tools that need ptrace between same-user processes, so test it before rolling it out to production.
This is another reminder that local privilege escalation remains fertile ground in the kernel. For a similar case, take a look at Copy Fail (CVE-2026-31431), another local root escalation in the kernel crypto module. To follow kernel releases and their patches, see the Linux kernel page.