#sshkeysignpwn — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #sshkeysignpwn, aggregated by home.social.
-
EVERYONE GETS AN LPE
Windows:
#BlueHammer (#CVE_2026_33825)
#RedSun (#CVE_2026_41091)
#UnDefend (#CVE_2026_45498)
#WindowsInstaller (#CVE_2026_27910):Linux:
#CopyFail (#CVE_2026_31431)
#SSHKeysignPwn (#CVE_2026_46333)FreeBSD:
#FatGid (#CVE_2026_45250)
#ExecveBug (#CVE_2026_7270) -
EVERYONE GETS AN LPE
Windows:
#BlueHammer (#CVE_2026_33825)
#RedSun (#CVE_2026_41091)
#UnDefend (#CVE_2026_45498)
#WindowsInstaller (#CVE_2026_27910):Linux:
#CopyFail (#CVE_2026_31431)
#SSHKeysignPwn (#CVE_2026_46333)FreeBSD:
#FatGid (#CVE_2026_45250)
#ExecveBug (#CVE_2026_7270) -
EVERYONE GETS AN LPE
Windows:
#BlueHammer (#CVE_2026_33825)
#RedSun (#CVE_2026_41091)
#UnDefend (#CVE_2026_45498)
#WindowsInstaller (#CVE_2026_27910):Linux:
#CopyFail (#CVE_2026_31431)
#SSHKeysignPwn (#CVE_2026_46333)FreeBSD:
#FatGid (#CVE_2026_45250)
#ExecveBug (#CVE_2026_7270) -
EVERYONE GETS AN LPE
Windows:
#BlueHammer (#CVE_2026_33825)
#RedSun (#CVE_2026_41091)
#UnDefend (#CVE_2026_45498)
#WindowsInstaller (#CVE_2026_27910):Linux:
#CopyFail (#CVE_2026_31431)
#SSHKeysignPwn (#CVE_2026_46333)FreeBSD:
#FatGid (#CVE_2026_45250)
#ExecveBug (#CVE_2026_7270) -
EVERYONE GETS AN LPE
Windows:
#BlueHammer (#CVE_2026_33825)
#RedSun (#CVE_2026_41091)
#UnDefend (#CVE_2026_45498)
#WindowsInstaller (#CVE_2026_27910):Linux:
#CopyFail (#CVE_2026_31431)
#SSHKeysignPwn (#CVE_2026_46333)FreeBSD:
#FatGid (#CVE_2026_45250)
#ExecveBug (#CVE_2026_7270) -
#Ubuntu still doesn't have a patch or even a security notice for #sshkeysignpwn ...
How is this everyone else has been patched for days!
#Debian had a fix Friday morning...#DomumSocial is running on Debian, but in my day job I'm stuck with Ubuntu.
If you're also stuck with Ubuntu there is a mitigation:
`sudo sysctl -w kernel.yama.ptrace_scope=3`
I've tested this against the know exploit code at https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn
This will disable the vulnerable ptrace call until the next reboot
Seeking confirmation of my theory I was able to find:
https://almalinux.org/blog/2026-05-15-ssh-keysign-pwn-cve-2026-46333/you can also set "yama.ptrace_scope" to "2" which will only allow root to use ptrace (and will also allow resetting it w/o reboot). The link above has more explanations and directions for setting it persistently across reboot for now.
This will break `strace` and `gdb`!
-
#Ubuntu still doesn't have a patch or even a security notice for #sshkeysignpwn ...
How is this everyone else has been patched for days!
#Debian had a fix Friday morning...#DomumSocial is running on Debian, but in my day job I'm stuck with Ubuntu.
If you're also stuck with Ubuntu there is a mitigation:
`sudo sysctl -w kernel.yama.ptrace_scope=3`
I've tested this against the know exploit code at https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn
This will disable the vulnerable ptrace call until the next reboot
Seeking confirmation of my theory I was able to find:
https://almalinux.org/blog/2026-05-15-ssh-keysign-pwn-cve-2026-46333/you can also set "yama.ptrace_scope" to "2" which will only allow root to use ptrace (and will also allow resetting it w/o reboot). The link above has more explanations and directions for setting it persistently across reboot for now.
This will break `strace` and `gdb`!
-
🚨 CVE-2026-46333 (ssh-keysign-pwn)
In the Linux kernel, the following vulnerability has been resolved:
ptrace: slightly saner 'get_dumpable()' logic
The 'dumpability' of a task is fundamentally about the memory image of
the task - the concept comes from whether it can core dump or not - and
makes no sense when you don't have an associated mm.And almost all users do in fact use it only for the case where the task
has a mm pointer.But we have one odd special case: ptrace_may_access() uses 'dumpable' to
check various other things entirely independently of the MM (typically
explicitly using flags like PTRACE_MODE_READ_FSCREDS). Including for
threads that no longer have a VM (and maybe never did, like most kernel
threads).It's not what this flag was designed for, but it is what it is.
The ptrace code does check that the uid/gid matches, so you do have to
be uid-0 to see kernel thread details, but this means that the
traditional "drop capabilities" model doesn't make any difference for
this all.Make it all make a bit more sense by saying that if you don't have a
MM pointer, we'll use a cached "last dumpability" flag if the thread
ever had a MM (it will be zero for kernel threads since it is never
set), and require a proper CAP_SYS_PTRACE capability to override.ℹ️ Additional info on ZEN SecDB https://secdb.nttzen.cloud/cve/detail/CVE-2026-46333
#nttdata #zen #secdb #infosec
#sshkeysignpwn #cve202646333 #linux #kernel -
🚨 CVE-2026-46333 (ssh-keysign-pwn)
In the Linux kernel, the following vulnerability has been resolved:
ptrace: slightly saner 'get_dumpable()' logic
The 'dumpability' of a task is fundamentally about the memory image of
the task - the concept comes from whether it can core dump or not - and
makes no sense when you don't have an associated mm.And almost all users do in fact use it only for the case where the task
has a mm pointer.But we have one odd special case: ptrace_may_access() uses 'dumpable' to
check various other things entirely independently of the MM (typically
explicitly using flags like PTRACE_MODE_READ_FSCREDS). Including for
threads that no longer have a VM (and maybe never did, like most kernel
threads).It's not what this flag was designed for, but it is what it is.
The ptrace code does check that the uid/gid matches, so you do have to
be uid-0 to see kernel thread details, but this means that the
traditional "drop capabilities" model doesn't make any difference for
this all.Make it all make a bit more sense by saying that if you don't have a
MM pointer, we'll use a cached "last dumpability" flag if the thread
ever had a MM (it will be zero for kernel threads since it is never
set), and require a proper CAP_SYS_PTRACE capability to override.ℹ️ Additional info on ZEN SecDB https://secdb.nttzen.cloud/cve/detail/CVE-2026-46333
#nttdata #zen #secdb #infosec
#sshkeysignpwn #cve202646333 #linux #kernel -
🚨 CVE-2026-46333 (ssh-keysign-pwn)
In the Linux kernel, the following vulnerability has been resolved:
ptrace: slightly saner 'get_dumpable()' logic
The 'dumpability' of a task is fundamentally about the memory image of
the task - the concept comes from whether it can core dump or not - and
makes no sense when you don't have an associated mm.And almost all users do in fact use it only for the case where the task
has a mm pointer.But we have one odd special case: ptrace_may_access() uses 'dumpable' to
check various other things entirely independently of the MM (typically
explicitly using flags like PTRACE_MODE_READ_FSCREDS). Including for
threads that no longer have a VM (and maybe never did, like most kernel
threads).It's not what this flag was designed for, but it is what it is.
The ptrace code does check that the uid/gid matches, so you do have to
be uid-0 to see kernel thread details, but this means that the
traditional "drop capabilities" model doesn't make any difference for
this all.Make it all make a bit more sense by saying that if you don't have a
MM pointer, we'll use a cached "last dumpability" flag if the thread
ever had a MM (it will be zero for kernel threads since it is never
set), and require a proper CAP_SYS_PTRACE capability to override.ℹ️ Additional info on ZEN SecDB https://secdb.nttzen.cloud/cve/detail/CVE-2026-46333
#nttdata #zen #secdb #infosec
#sshkeysignpwn #cve202646333 #linux #kernel -
Ohne neue Linux-Root-Lücke wegen der das RZ die Häflte der Server abstellt, ist es inzwischen ja sonst auch gar kein richtiges Wochenende mehr.
-
Ohne neue Linux-Root-Lücke wegen der das RZ die Häflte der Server abstellt, ist es inzwischen ja sonst auch gar kein richtiges Wochenende mehr.
-
Ohne neue Linux-Root-Lücke wegen der das RZ die Häflte der Server abstellt, ist es inzwischen ja sonst auch gar kein richtiges Wochenende mehr.
-
Ohne neue Linux-Root-Lücke wegen der das RZ die Häflte der Server abstellt, ist es inzwischen ja sonst auch gar kein richtiges Wochenende mehr.
-
Ohne neue Linux-Root-Lücke wegen der das RZ die Häflte der Server abstellt, ist es inzwischen ja sonst auch gar kein richtiges Wochenende mehr.
-
Nous avons décidé d'appliquer (sur les Debian 7 à 13) le patch qui configure le sysctl "kernel.yama.ptrace_scope=2", en utilisant Ansible avec cette tâche : https://paste.evolix.org/?76d737e7693e2fd2#DQW289rJrW9dSggs6K92J7Jmm4u5j13G9ycEsAKrrsJm #sshkeysignpwn #linux #debian #cybersecurity
-
Nous avons décidé d'appliquer (sur les Debian 7 à 13) le patch qui configure le sysctl "kernel.yama.ptrace_scope=2", en utilisant Ansible avec cette tâche : https://paste.evolix.org/?76d737e7693e2fd2#DQW289rJrW9dSggs6K92J7Jmm4u5j13G9ycEsAKrrsJm #sshkeysignpwn #linux #debian #cybersecurity
-
Nous avons décidé d'appliquer (sur les Debian 7 à 13) le patch qui configure le sysctl "kernel.yama.ptrace_scope=2", en utilisant Ansible avec cette tâche : https://paste.evolix.org/?76d737e7693e2fd2#DQW289rJrW9dSggs6K92J7Jmm4u5j13G9ycEsAKrrsJm #sshkeysignpwn #linux #debian #cybersecurity
-
C’était sans compter une nouvelle faille dans le noyau Linux 😥 #sshkeysignpwn
-
C’était sans compter une nouvelle faille dans le noyau Linux 😥 #sshkeysignpwn
-
C’était sans compter une nouvelle faille dans le noyau Linux 😥 #sshkeysignpwn
-
C’était sans compter une nouvelle faille dans le noyau Linux 😥 #sshkeysignpwn
-
"Logic bug in the Linux kernel's __ptrace_may_access() function"
👇
https://www.openwall.com/lists/oss-security/2026/05/15/2 -
"Logic bug in the Linux kernel's __ptrace_may_access() function"
👇
https://www.openwall.com/lists/oss-security/2026/05/15/2 -
"Logic bug in the Linux kernel's __ptrace_may_access() function"
👇
https://www.openwall.com/lists/oss-security/2026/05/15/2 -
"Logic bug in the Linux kernel's __ptrace_may_access() function"
👇
https://www.openwall.com/lists/oss-security/2026/05/15/2 -
"Logic bug in the Linux kernel's __ptrace_may_access() function"
👇
https://www.openwall.com/lists/oss-security/2026/05/15/2 -
Newest Linux kernel vulnerability mitigation:
# echo 2 > /proc/sys/kernel/yama/ptrace_scope
# echo 'kernel.yama.ptrace_scope=2' > /etc/sysctl.d/ssh-keysign-pwn.confOn all deb systems you can install linux-vulnerability-mitigation from https://people.debian.org/~daniel/linux-vulnerability-mitigation/
Source: https://forgejo.debian.net/linux/linux-vulnerability-mitigation/src/branch/main/mitigations
#Linux #debian #Ubuntu #kernel #security #mitigation #sshkeysignpwn
-
Newest Linux kernel vulnerability mitigation:
# echo 2 > /proc/sys/kernel/yama/ptrace_scope
# echo 'kernel.yama.ptrace_scope=2' > /etc/sysctl.d/ssh-keysign-pwn.confOn all deb systems you can install linux-vulnerability-mitigation from https://people.debian.org/~daniel/linux-vulnerability-mitigation/
Source: https://forgejo.debian.net/linux/linux-vulnerability-mitigation/src/branch/main/mitigations
#Linux #debian #Ubuntu #kernel #security #mitigation #sshkeysignpwn
-
Newest Linux kernel vulnerability mitigation:
# echo 2 > /proc/sys/kernel/yama/ptrace_scope
# echo 'kernel.yama.ptrace_scope=2' > /etc/sysctl.d/ssh-keysign-pwn.confOn all deb systems you can install linux-vulnerability-mitigation from https://people.debian.org/~daniel/linux-vulnerability-mitigation/
Source: https://forgejo.debian.net/linux/linux-vulnerability-mitigation/src/branch/main/mitigations
#Linux #debian #Ubuntu #kernel #security #mitigation #sshkeysignpwn
-
Newest Linux kernel vulnerability mitigation:
# echo 2 > /proc/sys/kernel/yama/ptrace_scope
# echo 'kernel.yama.ptrace_scope=2' > /etc/sysctl.d/ssh-keysign-pwn.confOn all deb systems you can install linux-vulnerability-mitigation from https://people.debian.org/~daniel/linux-vulnerability-mitigation/
Source: https://forgejo.debian.net/linux/linux-vulnerability-mitigation/src/branch/main/mitigations
#Linux #debian #Ubuntu #kernel #security #mitigation #sshkeysignpwn
-
Newest Linux kernel vulnerability mitigation:
# echo 2 > /proc/sys/kernel/yama/ptrace_scope
# echo 'kernel.yama.ptrace_scope=2' > /etc/sysctl.d/ssh-keysign-pwn.confOn all deb systems you can install linux-vulnerability-mitigation from https://people.debian.org/~daniel/linux-vulnerability-mitigation/
Source: https://forgejo.debian.net/linux/linux-vulnerability-mitigation/src/branch/main/mitigations
#Linux #debian #Ubuntu #kernel #security #mitigation #sshkeysignpwn
-
⚠️ 🤪 🔥 :nes_fire:
Nouvelle vuln kernel Linux aujourd'hui : ssh-keysign-pwn 🔑Pas une LPE cette fois, mais lecture de fichiers root en user non-privilégié :
• Clés privées SSH host (ecdsa/ed25519/rsa)
• /etc/shadow → crack offlineLe bug : ptrace_may_access() saute le check dumpable quand mm=NULL. Race window entre exit_mm() et exit_files(). Flaggé par Jann Horn en 2020... corrigé en 2026. 6 ans.
Confirmé sur : Debian 13, Ubuntu 22/24/26, Arch, CentOS, RPi OS. Pas de prérequis CONFIG spécifique donc cela semblerait bien plus universel que Fragnesia.
Patch mergé dans mainline par Linus aujourd'hui (31e62c2ebbfd), pas encore dans les kernels stables.
Pas de CVE assigné à ce stade.
👇
https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn"Six-Year-Old Linux Kernel Flaw Lets Unprivileged Users Read Root-Owned Files
"
⬇️
https://9to5linux.com/six-year-old-linux-kernel-flaw-lets-unprivileged-users-read-root-owned-files -
⚠️ 🤪 🔥 :nes_fire:
Nouvelle vuln kernel Linux aujourd'hui : ssh-keysign-pwn 🔑Pas une LPE cette fois, mais lecture de fichiers root en user non-privilégié :
• Clés privées SSH host (ecdsa/ed25519/rsa)
• /etc/shadow → crack offlineLe bug : ptrace_may_access() saute le check dumpable quand mm=NULL. Race window entre exit_mm() et exit_files(). Flaggé par Jann Horn en 2020... corrigé en 2026. 6 ans.
Confirmé sur : Debian 13, Ubuntu 22/24/26, Arch, CentOS, RPi OS. Pas de prérequis CONFIG spécifique donc cela semblerait bien plus universel que Fragnesia.
Patch mergé dans mainline par Linus aujourd'hui (31e62c2ebbfd), pas encore dans les kernels stables.
Pas de CVE assigné à ce stade.
👇
https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn"Six-Year-Old Linux Kernel Flaw Lets Unprivileged Users Read Root-Owned Files
"
⬇️
https://9to5linux.com/six-year-old-linux-kernel-flaw-lets-unprivileged-users-read-root-owned-files -
⚠️ 🤪 🔥 :nes_fire:
Nouvelle vuln kernel Linux aujourd'hui : ssh-keysign-pwn 🔑Pas une LPE cette fois, mais lecture de fichiers root en user non-privilégié :
• Clés privées SSH host (ecdsa/ed25519/rsa)
• /etc/shadow → crack offlineLe bug : ptrace_may_access() saute le check dumpable quand mm=NULL. Race window entre exit_mm() et exit_files(). Flaggé par Jann Horn en 2020... corrigé en 2026. 6 ans.
Confirmé sur : Debian 13, Ubuntu 22/24/26, Arch, CentOS, RPi OS. Pas de prérequis CONFIG spécifique donc cela semblerait bien plus universel que Fragnesia.
Patch mergé dans mainline par Linus aujourd'hui (31e62c2ebbfd), pas encore dans les kernels stables.
Pas de CVE assigné à ce stade.
👇
https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn"Six-Year-Old Linux Kernel Flaw Lets Unprivileged Users Read Root-Owned Files
"
⬇️
https://9to5linux.com/six-year-old-linux-kernel-flaw-lets-unprivileged-users-read-root-owned-files -
⚠️ 🤪 🔥 :nes_fire:
Nouvelle vuln kernel Linux aujourd'hui : ssh-keysign-pwn 🔑Pas une LPE cette fois, mais lecture de fichiers root en user non-privilégié :
• Clés privées SSH host (ecdsa/ed25519/rsa)
• /etc/shadow → crack offlineLe bug : ptrace_may_access() saute le check dumpable quand mm=NULL. Race window entre exit_mm() et exit_files(). Flaggé par Jann Horn en 2020... corrigé en 2026. 6 ans.
Confirmé sur : Debian 13, Ubuntu 22/24/26, Arch, CentOS, RPi OS. Pas de prérequis CONFIG spécifique donc cela semblerait bien plus universel que Fragnesia.
Patch mergé dans mainline par Linus aujourd'hui (31e62c2ebbfd), pas encore dans les kernels stables.
Pas de CVE assigné à ce stade.
👇
https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn"Six-Year-Old Linux Kernel Flaw Lets Unprivileged Users Read Root-Owned Files
"
⬇️
https://9to5linux.com/six-year-old-linux-kernel-flaw-lets-unprivileged-users-read-root-owned-files -
⚠️ 🤪 🔥 :nes_fire:
Nouvelle vuln kernel Linux aujourd'hui : ssh-keysign-pwn 🔑Pas une LPE cette fois, mais lecture de fichiers root en user non-privilégié :
• Clés privées SSH host (ecdsa/ed25519/rsa)
• /etc/shadow → crack offlineLe bug : ptrace_may_access() saute le check dumpable quand mm=NULL. Race window entre exit_mm() et exit_files(). Flaggé par Jann Horn en 2020... corrigé en 2026. 6 ans.
Confirmé sur : Debian 13, Ubuntu 22/24/26, Arch, CentOS, RPi OS. Pas de prérequis CONFIG spécifique donc cela semblerait bien plus universel que Fragnesia.
Patch mergé dans mainline par Linus aujourd'hui (31e62c2ebbfd), pas encore dans les kernels stables.
Pas de CVE assigné à ce stade.
👇
https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn"Six-Year-Old Linux Kernel Flaw Lets Unprivileged Users Read Root-Owned Files
"
⬇️
https://9to5linux.com/six-year-old-linux-kernel-flaw-lets-unprivileged-users-read-root-owned-files -
Oh no, please don't tell me again that Linux is now insecure on the net?!
«Linux's Latest Vulnerability Allows Reading Root-Owned Files By Unprivileged Users»
⛓️💥 https://www.phoronix.com/news/Linux-ssh-keysign-pwn
⛓️💥 https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn#sshkeysignpwn #pwn #ssh #linux #0day #keysigning #sshkeys #itsecurity #itsec #itsecurity #zeroday
-
Oh no, please don't tell me again that Linux is now insecure on the net?!
«Linux's Latest Vulnerability Allows Reading Root-Owned Files By Unprivileged Users»
⛓️💥 https://www.phoronix.com/news/Linux-ssh-keysign-pwn
⛓️💥 https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn#sshkeysignpwn #pwn #ssh #linux #0day #keysigning #sshkeys #itsecurity #itsec #itsecurity #zeroday
-
Oh no, please don't tell me again that Linux is now insecure on the net?!
«Linux's Latest Vulnerability Allows Reading Root-Owned Files By Unprivileged Users»
⛓️💥 https://www.phoronix.com/news/Linux-ssh-keysign-pwn
⛓️💥 https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn#sshkeysignpwn #pwn #ssh #linux #0day #keysigning #sshkeys #itsecurity #itsec #itsecurity #zeroday
-
Oh no, please don't tell me again that Linux is now insecure on the net?!
«Linux's Latest Vulnerability Allows Reading Root-Owned Files By Unprivileged Users»
⛓️💥 https://www.phoronix.com/news/Linux-ssh-keysign-pwn
⛓️💥 https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn#sshkeysignpwn #pwn #ssh #linux #0day #keysigning #sshkeys #itsecurity #itsec #itsecurity #zeroday
-
Oh no, please don't tell me again that Linux is now insecure on the net?!
«Linux's Latest Vulnerability Allows Reading Root-Owned Files By Unprivileged Users»
⛓️💥 https://www.phoronix.com/news/Linux-ssh-keysign-pwn
⛓️💥 https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn#sshkeysignpwn #pwn #ssh #linux #0day #keysigning #sshkeys #itsecurity #itsec #itsecurity #zeroday