Skip to content

OSG-SEC-2026-05-14 IMPORTANT Linux SSH Keysign Vulnerability (CVE-2026-46333)

IMPORTANT Linux SSH Keysign Vulnerability (CVE-2026-46333)

Dear OSG Security Contacts,

A local privilege-boundary bypass vulnerability(CVE-2026-46333) has been publicly disclosed affecting Linux kernels.

IMPACTED VERSIONS:

According to the public GitHub PoC repository, the exploit has reportedly been confirmed on Raspberry Pi OS Bookworm 6.12.75, Debian 13, Ubuntu 22.04/24.04/26.04, Arch Linux, and CentOS 9. As per AlmaLinix, AlmaLinux 9 and 10 are both vulnerable. AlmaLinux 8 is not exploitable with the current public PoCs, but the underlying logic bug is present in the 4.18 kernel.

WHAT ARE THE VULNERABILITIES:

The issue allows a local unprivileged user to potentially duplicate ("steal") sensitive file descriptors from privileged processes through insufficient permission validation in pidfd_getfd() / ptrace-related access checks. Successful exploitation could allow access to sensitive resources such as SSH host private keys or /etc/shadow.
This vulnerability allows one to exploit a kernel vulnerability and specific suid binaries to steal file descriptors opened by the binary.
sshkeysign -> steal ssh host keys
chage -> steal /etc/shadow

EXPLOIT PRE-CONDITIONS

This is a local kernel vulnerability requiring the attacker to already have code execution on the target host.

WHAT YOU SHOULD DO:

Apply vendor-provided kernel updates that incorporate upstream fix 31e62c2ebbfdc3fe3dbdf5e02c92a9dc67087a3a and reboot the system to load the updated kernel. At the time of writing, patched kernels are only available for very few relevant distributions. AlmaLinux has patches available.

At this stage, the recommended approach is to apply multiple mitigations where operationally feasible.

Mitigation 1: Disable ptrace
Impact: no debugging possible except for admin or CAP_SYS_PTRACE.

Even though in some places it has been listed as insufficient, we believe this mitigation to be sound (at least to the public exploits so far): pidfd_getfd() calls ptrace_may_access with PTRACE_MODE_ATTACH_REALCREDS (PTRACE_MODE_ATTACH bit is set), and this will be checked against the yama scope through the ptrace_access_check LSM hook.

$ sudo sysctl -w kernel.yama.ptrace_scope=2
$ echo 'kernel.yama.ptrace_scope = 2' | sudo tee /etc/sysctl.d/99-ptrace.conf

Mitigation 2: BPF-lsm (to be further tested)
Put an ebpf-lsm filter and exit when the ptrace check happens over the vulnerable path (mm=NULL).
Check mitigation/ebpf directory.
You can build our mitigation from the ./mitigation directory.
Once compiled, you will find the binary in the out directory.
Copy it to the target machine and run it as root once and will stay until reboot.

Mitigation 3: Remove suid bit on the two known programs that trigger this path

This only mitigates the known binary vectors (chage, ssh-keysign)

ls -l /usr/libexec/ssh-keysign /usr/libexec/openssh/ssh-keysign /usr/lib/ssh/ssh-keysign /usr/lib/openssh/ssh-keysign 2>/dev/null
-r-xr-sr-x. 1 root ssh_keys 341240 Apr 13 15:56 /usr/libexec/openssh/ssh-keysign

chmod a-s /usr/libexec/openssh/ssh-keysign
Impact: Normally used for some host-to-host trust, not typically used.

chmod a-s /usr/bin/chage
Impact: users cannot check password expiry, normally safe

INDICATORS OF COMPROMISE

The indicators and behaviors listed below are based on currently observed public proof-of-concept activity and testing performed on Ubuntu 24.04 with mitigation 1. This is not an exhaustive list of indicators, exploitation techniques, or affected binaries.

  • Repeated pidfd_getfd syscall activity (syscall 438 on tested x86_64 kernel)
  • Multiple failed and successful pidfd_getfd attempts from an unprivileged user context
  • Invocation of the public PoC binary sshkeysign_pwn
  • pidfd_getfd activity originating from a user home directory path
  • Successful file descriptor duplication events (success=yes exit=4) observed in audit logs
  • Rapid repeated syscall activity consistent with exploit race attempts

Recommended Auditd Rules

auditctl -a always,exit -F arch=b64 -S pidfd_open -k pidfd-monitor
auditctl -a always,exit -F arch=b64 -S pidfd_getfd -k pidfd-monitor
auditctl -a always,exit -F arch=b64 -S ptrace -k ptrace-monitor

REFERENCES

[1] https://www.openwall.com/lists/oss-security/2026/05/15/2
[2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=31e62c2ebbfdc3fe3dbdf5e02c92a9dc67087a3a
[3] https://gitlab.cern.ch/ComputerSecurity/mitigations/ssh-keysign/-/tree/master?ref_type=heads
[4] https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn
[5] https://almalinux.org/blog/2026-05-15-ssh-keysign-pwn-cve-2026-46333/
[6] https://nvd.nist.gov/vuln/detail/CVE-2026-46333
[7] https://access.redhat.com/security/cve/cve-2026-46333

Please contact the OSG security team at [email protected] if you have any questions or concerns.

OSG Security Team