The 4th Linux kernel flaw this month can lead to stolen SSH host keys
4 hours ago
- #SSH Exploit
- #Linux Security
- #Kernel Vulnerability
- A new Linux kernel flaw named 'ssh-keysign-pwn' (CVE-2026-46333) has been disclosed, allowing unprivileged users to steal sensitive files.
- The vulnerability exploits a ptrace access check issue in the kernel, enabling attackers to read SSH host private keys and the shadow password file.
- Qualys security researchers found the bug, which has existed for about six years, and provided a proof-of-concept exploit.
- Patched kernel versions (e.g., 7.0.8, 6.18.31) have been released by maintainers, but most distributions have not yet updated.
- Mitigation options include tightening Yama ptrace restrictions or disabling host-based SSH authentication, both with trade-offs.