{"id":251581,"date":"2026-05-21T03:35:00","date_gmt":"2026-05-21T07:35:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/21\/9-year-old-linux-kernel-flaw-enables-root-command-execution-on-major-distros\/"},"modified":"2026-05-21T13:05:16","modified_gmt":"2026-05-21T17:05:16","slug":"9-year-old-linux-kernel-flaw-enables-root-command-execution-on-major-distros","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/21\/9-year-old-linux-kernel-flaw-enables-root-command-execution-on-major-distros\/","title":{"rendered":"9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros"},"content":{"rendered":"

9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros<\/a><\/p>\n

https:\/\/thehackernews.com\/2026\/05\/9-year-old-linux-kernel-flaw-enables.html<\/a><\/p>\n

Publish Date: 2026-05-21 03:35:00<\/a><\/p>\n

Source Domain: thehackernews.com<\/a><\/p>\n

\ue804Ravie Lakshmanan<\/span>\ue802May 21, 2026<\/span><\/span>Linux \/ Vulnerability<\/span><\/p>\n

Cybersecurity researchers have disclosed details of a vulnerability in the Linux kernel that remained undetected for nine years.<\/p>\n

The vulnerability, tracked as CVE-2026-46333 (CVSS score: 5.5), is a case of improper privilege management that could permit an unprivileged local user to disclose sensitive files and execute arbitrary commands as root on default installations of several major distributions like Debian, Fedora, and Ubuntu. It’s also codenamed ssh-keysign-pwn.<\/p>\n

According to Qualys, which discovered the flaw, the problem is rooted in the kernel’s __ptrace_may_access() function and was introduced in November 2016.<\/p>\n

“The primitive is reliable and turns any local shell into a path to root or to sensitive credential material,” Saeed Abbasi, senior manager of Threat Research Unit at Qualys, said.<\/p>\n

Successful exploitation of the flaw could permit a local attacker to disclose \/etc\/shadow and host private keys under \/etc\/ssh\/*_key, as well as execute arbitrary commands as root through four different exploits targeting chage, ssh-keysign, pkexec, and accounts-daemon.<\/p>\n

The disclosure comes as a proof-of-concept (PoC) exploit for the vulnerability was released last week, shortly after a public kernel commit emerged. CVE-2026-46333 is the latest security vulnerability disclosed in the Linux kernel after Copy Fail, Dirty Frag, and Fragnesia over the past month.<\/p>\n

It’s recommended to apply the latest kernel update released by Linux distributions. If the updates cannot be carried out immediately, temporary workarounds include raising “kernel.yama.ptrace_scope” to 2.<\/p>\n

“On hosts that have allowed untrusted local users during the exposure window, treat SSH host keys and locally cached credentials as potentially disclosed,” Qualys said. “Rotate host keys and review any administrative material that lived in the memory of set-uid processes.”<\/p>\n

\"\"<\/p>\n

The development follows the release of a PoC for a local privilege escalation…<\/p>\n

Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros https:\/\/thehackernews.com\/2026\/05\/9-year-old-linux-kernel-flaw-enables.html Publish Date: 2026-05-21…<\/p>\n","protected":false},"author":1,"featured_media":251582,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiCjgJwva2lZrAwxHWPZFiphHAhxBdWRyU4gUiAZIStkUP4JU6yej3Z1xVhUtrhaIYVu4IL5KpvOomBDHU_aLtvgHV-R9_41nUSrngG0BGBlCv2pByfkVZNKxmwA3Nf6NR7pi6XgwdUjkwFw27lm_vNR_w2Cr1An46yOM8kfIEphrSCq2aRcaKNNj9D-PiN\/s1600\/linux-exploit.gif","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,31,27],"class_list":["post-251581","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-exploit","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/251581"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=251581"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/251581\/revisions"}],"predecessor-version":[{"id":251583,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/251581\/revisions\/251583"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/251582"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=251581"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=251581"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=251581"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}