A recently discovered vulnerability (CVE‑2026‑46333) affects the Linux kernel and may allow a local, unprivileged attacker to access sensitive files and escalate privileges to root, potentially leading to full system compromise.
Severity level:
CVSS Score: 7.1/High.
Description:
CVE‑2026‑46333 is a race condition vulnerability in the Linux kernel’s _ptrace_may_access() function caused by improper handling of process state during termination. When a privileged process exits, there is a brief window where its memory context is cleared but its file descriptors remain open. An unprivileged local user can exploit this timing window using system calls such as pidfd_getfd () to access open file descriptors from privileged processes. This allows attackers to bypass security checks and access restricted resources. Exploitation can result in the disclosure of sensitive files such as /etc/shadow and SSH private keys.
Affected Versions:
Linux Kernel:
All kernel versions from November 2016 up to the release of vendor patches are affected.
Impacted Linux Distribution:
- Ubuntu.
- Debian.
- Red Hat Enterprise Linux (RHEL).
- SUSE Linux Enterprise.
- Fedora, Arch Linux and other mainstream distributions.
Impact:
Successful exploitation may allow attackers to read sensitive files and escalate privileges to root.
Resolution:
Please update the Linux kernel to the fixed version released by the distribution vendor.
Mitigations:
Where immediate patching is not possible:
- Disable or restrict untrusted local user access.
- Restrict ptrace access.
Reference:
UIT Information SecurityÂ