A magnifying glass over a Linux penguin logo, highlighting a hidden flaw in the kernel code that allowed unauthorized root access for years.
A magnifying glass over a Linux penguin logo, highlighting a hidden flaw in the kernel code that allowed unauthorized root access for years.

This overlooked kernel flaw quietly enabled root access for years, useful context for a colleague managing Linux systems.

9-Year-Old Linux Flaw Lets Local Users Gain Root Story flow and key facts

A critical vulnerability in the Linux kernel, tracked as CVE-2026-46333, has been found to have existed for nearly nine years. The flaw stems from improper privilege management in the __ptrace_may_access() function, introduced in November 2016. It allows unprivileged local users to escalate privileges and execute arbitrary commands as root on default installations of major distributions including Debian, Fedora, and Ubuntu.

Cybersecurity firm Qualys, which discovered the issue, warns that the vulnerability enables attackers to access sensitive system files such as /etc/shadow and private SSH keys stored under /etc/ssh. Exploitation can occur through multiple attack vectors involving chage, ssh-keysign, pkexec, and accounts-daemon. A proof-of-concept exploit was published shortly after a public kernel commit revealed changes addressing the flaw.

Administrators are urged to apply the latest kernel updates immediately. Where immediate patching isn't possible, raising the kernel.yama.ptrace_scope value to 2 offers temporary mitigation. Systems that allowed untrusted local access during the exposure window should assume SSH host keys and cached credentials are compromised and rotate them accordingly.

Facts

  • CVE-2026-46333 is a Linux kernel vulnerability that existed for nine years, introduced in November 2016.
  • The flaw allows unprivileged local users to access /etc/shadow and SSH private keys, and execute commands as root on Debian, Fedora, and Ubuntu.
  • Qualys discovered the bug and warns of public proof-of-concept exploits; mitigation includes updating the kernel or setting kernel.yama.ptrace_scope to 2.

Canto visual news explainer. AI tools may assist production. Editorial policy