惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Google DeepMind News
Google DeepMind News
博客园_首页
H
Help Net Security
T
Tailwind CSS Blog
S
SegmentFault 最新的问题
GbyAI
GbyAI
Scott Helme
Scott Helme
D
Docker
Hacker News: Ask HN
Hacker News: Ask HN
P
Privacy & Cybersecurity Law Blog
Jina AI
Jina AI
雷峰网
雷峰网
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Spread Privacy
Spread Privacy
G
GRAHAM CLULEY
C
Cisco Blogs
The Hacker News
The Hacker News
F
Full Disclosure
Y
Y Combinator Blog
Blog — PlanetScale
Blog — PlanetScale
Recent Announcements
Recent Announcements
G
Google Developers Blog
量子位
K
Kaspersky official blog
Cisco Talos Blog
Cisco Talos Blog
The Cloudflare Blog
A
About on SuperTechFans
C
Cybersecurity and Infrastructure Security Agency CISA
Last Week in AI
Last Week in AI
博客园 - 三生石上(FineUI控件)
Microsoft Security Blog
Microsoft Security Blog
Martin Fowler
Martin Fowler
T
Tenable Blog
P
Palo Alto Networks Blog
H
Heimdal Security Blog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
W
WeLiveSecurity
Schneier on Security
Schneier on Security
The Register - Security
The Register - Security
F
Fortinet All Blogs
Stack Overflow Blog
Stack Overflow Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
T
The Blog of Author Tim Ferriss
N
News and Events Feed by Topic
Hugging Face - Blog
Hugging Face - Blog
小众软件
小众软件
V
V2EX
爱范儿
爱范儿

Blog | Orca Security

Langflow RCE Actively Exploited to Deploy Cryptominers on AI Infrastructure Orca MCP: When Text Stops Scaling Kubernetes Compliance Tools: Automating CIS Benchmarks Risk-Based Vulnerability Management for the Cloud: A 2026 Guide Private Cloud Security: Top Risks and Best Practices (2026) What Is Generative AI in Cybersecurity? Best Vulnerability Management Tools and Software in 2026 2026 State of Application Security Report Recap: What the Data Says and What Security Teams Should Do About It AI Security for Sensitive Data: Best Practices and Guidelines Best AI Code Security Solutions 2026: How to Secure AI-Generated Code From Platform to Program: How to Ensure Your Cloud Security Solution Delivers Best AI Cybersecurity Providers 2026: A Buyer's Guide to AI-Powered Security Platforms Join Orca Security at Black Hat USA 2026 CNAPP Tools That Reduce Security Tool Sprawl: CNAPP vs. Dedicated Solutions What Is Container Runtime Security? A Practical Guide 2026 What Is Application Security Testing? Tools and Types What Is Managed Cloud Security? A Practical Guide What Is SaaS Security Posture Management? SSPM Guide Top 10 Cloud Security Standards for Compliance What is the MIT License? Compliance and Comparisons AI Agents vs. Agentless Security vs. Agent-based Security 144 Mastra npm Packages Compromised via Supply Chain Attack The Complete Guide to LLM Security: Risks, Best Practices, and Solutions Cloud Security LIVE 2026: Top 10 Takeaways Practitioners Can Use Now Cloud Security LIVE 2026: Top 10 Takeaways CISOs Can Use Now (and What to Do Next) How Orca Traced an nginx Flaw to 1.45 Million Tengine Servers All Running Vulnerable Code What to Look for in Container Security Tools Cloud Application Security Best Practices for DevSecOps Cloud Security Tools: 10 Types Explained for Teams What Is NIST CSF? Framework 2.0 Explained 7 Open Source Incident Response Tools by Category Critical Langflow Path Traversal Flaw Exploited for Unauthenticated RCE Critical PhpSpreadsheet RCE Patch Bypass Puts Millions at Risk Critical Splunk Enterprise Vulnerabilities Allow Unauthenticated File Operations and Remote Code Execution 16 Best Open Source Application Security Tools 2026 What Is Containerization? Security and Best Practices 8 Container Security Best Practices for 2026 Close the Cloud Identity Gap with Orca and AWS IAM Access Analyzer The 5-Step Context-Aware Cloud Vulnerability Prioritization Framework Critical Jupyter Enterprise Gateway Vulnerabilities Enable Full Kubernetes Cluster Takeover AI Security Best Practices for Regulated Industries Massive PyPI Supply Chain Attack Harvests Cloud Credentials via Python Startup Hooks SAST vs SCA: Key Differences for AppSec Teams What Is Cloud Security Architecture? Principles, Layers, and Frameworks What Is ASPM? A Guide to Application Security Posture Management What Is SaaS Security? A Practical Guide 2026 What Is a Man-in-the-Middle Attack? A Cloud Security Guide What Is Open Policy Agent? Best Practices and Use Cases 11 Best Open-Source DevSecOps Tools for 2026 How to Secure AI Workloads in Multi-Cloud Environments: A Complete Framework Critical WordPress Plugin Vulnerability Allows Unauthenticated Admin Takeover on 150K Sites What Is Kubernetes as a Service? KaaS Explained Critical Netlogon RCE Flaw Actively Exploited Against Windows Domain Controllers Your FedRAMP Continuous Monitoring Strategy Has a Gap. We Built Something to Fix It. How to Simplify Multi-Cloud Compliance Reporting: The 2026 Checklist Red Hat npm Packages Compromised in Supply-Chain Attack Spreading Credential-Stealing Worm Critical RCE in LiquidJS Lets Attackers Execute Arbitrary Commands on Unpatched Hosts Securing Shadow AI: How to Detect Unapproved LLMs in Your Cloud Data Security Posture Management (DSPM) for AI Gitea Container Registry Exposes Private Images to Unauthenticated Attackers Critical Unauthenticated RCE in Kopia Backup via SSH ProxyCommand Injection Best Palo Alto Networks Cortex (Prisma Cloud) Alternatives in 2026 7 Enterprise AI Security Risks to Manage Critical Pre-Auth RCE in ChromaDB Threatens AI Infrastructure Critical Coder Signature Bypass Exposes Developer Keys and Tokens New “PoolSlip” NGINX Exploit Revives Unpatched Remote Code Execution Risk Critical Drupal SQL Injection Exposes PostgreSQL-Backed Sites to Remote Code Execution AI Security Tools: How to Evaluate Them Across Every ML Attack Phase Massive npm Supply Chain Attack Compromises AntV Ecosystem, Steals CI/CD Secrets at Scale NIST AI Risk Management Framework (AI RMF) Explained: What It Is and How Organizations Use It The AI Data You Forgot to Lock: How Exposed Vector Databases Put Organizations at Risk GenAI Risks in Cloud Environments: What Security Teams Are Actually Missing in 2026 What Is Multi-Cloud Security? What Is Cloud Detection and Response (CDR)? 18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated DoS and Potential RCE Announcing Cloud Security Agent Skills for Orca’s MCP Server TanStack and 160+ npm/PyPI Packages Compromised in Supply Chain Worm Attack Dirty Frag: Linux Kernel Vulnerability Chain Enables Local Privilege Escalation to Root Critical Apache HTTP Server HTTP/2 Vulnerability Could Enable Remote Code Execution Skill Issues: How We Discovered Supply Chain Attack Vectors in an AI Agent Skills Marketplace What Is an Incident Response Plan? What Is Cloud Data Security? Risks, Challenges, and 12 Best Practices Remote Code Execution in GitHub Enterprise Server via Git Push Injection (CVE-2026-3854) Linux Kernel Bug (Copy.Fail) Enables Local Privilege Escalation to Root (CVE-2026-31431) Xinference PyPI package compromise leads to full environment takeover What is Application Security? When AI Accelerates the Offense, Coverage Gaps Become Catastrophic Orca Security Recognized in the 2026 TAG Enterprise AI Security Handbook Navigating Cloud Security in 2026: Join Cloud Security LIVE Anthropic’s Project Glasswing Is a Positive Step Toward Cleaner, Safer Production Kyverno SSRF: Breaking Kubernetes Namespace Isolation (CVE-2026-4789) Streamline Compliance Reporting with Orca and Drata’s Integrated Vulnerability Management CVE-2026-23226: How a Missing Lock in ksmbd’s Channel List Exposes Your Linux SMB3 Server 2026 State of AppSec: When Development Velocity Outpaces Security AI Is Entering Your Infrastructure. Now what? Orca Security Featured in SACR’s 2026 Unified Agentic Defense Platforms Report Supply Chain Attack on Axios Delivers Cross-Platform RAT via Compromised npm Account Credential‑Stealing Malware in LiteLLM Supply Chain Attack Mission Accomplished: Orchestrate Your Remediation Strategy With Orca Missions The Orca Approach to Runtime AI Security
Linux kernel vulnerability enables local theft of SSH host keys and /etc/shadow
Roi Nisimi · 2026-05-16 · via Blog | Orca Security

Table of contents

  • Executive Summary
  • Vulnerability Details
  • Why This Matters
  • Affected Systems and Proof of Concept (PoC)
  • Recommended Mitigation
  • Exploitation Risk and Threat Outlook
  • Potential Impact
  • How can Orca help?

Executive Summary

A high-impact Linux kernel vulnerability, currently without a verified public CVE or CVSS score, was disclosed affecting kernels prior to commit 31e62c2e. The issue allows a local unprivileged attacker to steal file descriptors from privileged processes during a narrow exit window, potentially exposing root-only files such as SSH host private keys and /etc/shadow.

Vulnerability Details

The issue originates from ptrace access-control logic, where __ptrace_may_access() could skip the dumpability check when a target task no longer had an mm pointer. During process exit, the task may lose its memory descriptor before closing open file descriptors. By racing this state and abusing pidfd_getfd(), attackers can duplicate sensitive file descriptors from setuid-root helpers that opened privileged files before dropping privileges or exiting.

Why This Matters

This is not a remote, unauthenticated vulnerability. Exploitation requires local code execution on the affected Linux host. However, the impact is serious: stealing SSH host keys can enable host impersonation and undermine trust relationships, while access to /etc/shadow may allow offline password cracking and further privilege escalation.

Affected Systems and Proof of Concept (PoC)

The public PoC targets ssh-keysign to extract /etc/ssh/ssh_host_{ecdsa,ed25519,rsa}_key and change to read /etc/shadow. The repository claims successful testing on Raspberry Pi OS Bookworm 6.12.75, Debian 13, Ubuntu 22.04, Ubuntu 24.04, Ubuntu 26.04, Arch, and CentOS 9. Systems running Linux kernels before the upstream fix should be considered potentially exposed until their distribution ships and applies the relevant kernel update.

Users should upgrade to a kernel version that includes commit 31e62c2ebbfdc3fe3dbdf5e02c92a9dc67087a3a or the corresponding vendor backport as soon as it becomes available. Because this is a kernel-level issue, mitigation should focus on patching the kernel, reducing local shell access, limiting untrusted workloads, and monitoring for suspicious attempts to access SSH host keys or shadow password data.

Exploitation Risk and Threat Outlook

At the time of writing, a working public PoC is available on GitHub, and the upstream Linux kernel fix has already landed. We could not verify. Regardless, the combination of public exploit code, sensitive file exposure, and broad Linux distribution impact makes this high risk, especially on multi-user systems, developer workstations, shared servers, CI runners, and cloud workloads where local code execution may be achievable through another weakness.

Potential Impact

Successful exploitation could allow attackers to steal SSH host private keys, obtain /etc/shadow for offline cracking, impersonate trusted hosts, escalate privileges, and expand access across infrastructure.

How can Orca help?

Orca enables customers to quickly identify assets running vulnerable kernel versions, understand their exposure in context, including internet accessibility, workload criticality, and whether affected assets are reachable or running sensitive workloads, and prioritize remediation based on real risk rather than CVSS alone. Orca’s platform highlights affected assets directly in the newItem view, helping security teams focus on the most critical remediation paths first.