—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Race Condition Vulnerability in Linux Kernel

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

Linux kernel version 4.10

Overview

A vulnerability has been reported in the Linux Kernel that could allow a local attacker to access sensitive information on the targeted system.

Target Audience:

All organizations and individuals running affected versions of the Linux kernel.

Risk Assessment:

High risk of unauthorized access to sensitive data.

Impact Assessment:

Potential for sensitive information disclosure, unauthorized access.

Description

The Linux kernel is the core component of many operating systems, responsible for managing hardware resources and providing essential system services, including cryptographic operations.

This vulnerability exists in the Linux kernel due to a race condition in the __ptrace_may_access() function, where the kernel improperly skips the dumpable permission check when a process¿s memory descriptor (mm) becomes NULL during process exit.

Successful exploitation of this vulnerability could allow a local attacker to access sensitive information on the targeted system.

Solution

Apply the latest kernel updates provided by your Linux distribution or upstream maintainers:

https://git.kernel.org/stable/c/93d4ba49d18e3d7fb41a9927c2d0cca5e9dfefd6

https://git.kernel.org/stable/c/15b828a46f305ae9f05a7c16914b3ce273474205

https://git.kernel.org/stable/c/4709234fd1b95136ceb789f639b1e7ea5de1b181

https://git.kernel.org/stable/c/8f907d345bae8f4b3f004c5abc56bf2dfb851ea7

https://git.kernel.org/stable/c/6e5b51e74a40d377bcd3081dd33fbaa0e1aa7e3d

https://git.kernel.org/stable/c/2a93a4fac7b6051d3be7cd1b015fe7320cd0404d

https://git.kernel.org/stable/c/01363cb3fbd0238ffdeb09f53e9039c9edf8a730

https://git.kernel.org/stable/c/31e62c2ebbfdc3fe3dbdf5e02c92a9dc67087a3a

References

 

https://gbhackers.com/linux-ssh-keysign-pwn-flaw/

https://www.suse.com/security/cve/CVE-2026-46333.html

https://access.redhat.com/security/cve/cve-2026-46333

https://almalinux.org/blog/2026-05-15-ssh-keysign-pwn-cve-2026-46333/

https://ubuntu.com/security/CVE-2026-46333

https://security-tracker.debian.org/tracker/CVE-2026-46333

CVE Name

CVE-2026-46333

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmoN1MUACgkQ3jCgcSdc

ys9l7Q//VPC97zw32YLKVMhKl5AOFvQsE/FFIed0z+0VIOeVbzIGJicVoJ7ahEFH

DVEpCpR0rFaOoACSeDe/4N1zjIGFU7gpxdreftEUkeSkdMMcw3LfYx6nTWFkpFZz

E1nZFoRRe4jSeMLws0MZqdYetLIqWuyUG0ZSZa6osiHybK+E35r6aXiJuu5nZ3yr

Qq4tG6LYmECJlGK4HRU55qW7EpSv6GOrxzKojexfvBgWiVt5YXIcEvjq5zQemruY

ZnZE7rBmluQ3QbhpORB0H0KJc8E++TliGOsRXnOnNw0yTrxCKqpB2RvTipZ1bUk0

mLQEOzwbKnF6QiyyGpRLBFEtqFCFj9zObPUH+/o+szAYHPi9H/MIQ+TfboPFKd6o

m56sWbsiX1LAa4AeV5ipjiGMN/KIcEkbbtJceipTJCmcKNUrzt+IvjBsj4BqOaIW

7/zxlFb/7L6IJGR9Cju+BPQjKKhtKjtULOX4R+SirYFHUjdkMSfVb0aeC1yZ3vqm

exONdXescfQM/v5FLdnJCILj7/SiabQ8ZtcsGmACEYPJeqtnDtY2gnZrJYpql8ta

CJzwHGRgJs0Zsh5AinhWXBj0gHLvAsglq9jDbpIbNlP8nQIuisqN/Rwpyzfl+EDX

rlrr42HuXmaCMbAf28IlBBcLnSod1pMZ3lKLVJrzgjXDnZUAWb4=

=P8oM

—–END PGP SIGNATURE—–