惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

A
About on SuperTechFans
D
DataBreaches.Net
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
V
Visual Studio Blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
B
Blog RSS Feed
Recent Announcements
Recent Announcements
The Register - Security
The Register - Security
S
Secure Thoughts
Y
Y Combinator Blog
The Last Watchdog
The Last Watchdog
L
LINUX DO - 最新话题
V2EX - 技术
V2EX - 技术
腾讯CDC
GbyAI
GbyAI
G
Google Developers Blog
博客园 - 司徒正美
博客园 - 三生石上(FineUI控件)
T
The Exploit Database - CXSecurity.com
T
Threat Research - Cisco Blogs
P
Proofpoint News Feed
Schneier on Security
Schneier on Security
Microsoft Security Blog
Microsoft Security Blog
Jina AI
Jina AI
WordPress大学
WordPress大学
aimingoo的专栏
aimingoo的专栏
MyScale Blog
MyScale Blog
Help Net Security
Help Net Security
K
Kaspersky official blog
P
Privacy & Cybersecurity Law Blog
www.infosecurity-magazine.com
www.infosecurity-magazine.com
AI
AI
MongoDB | Blog
MongoDB | Blog
Scott Helme
Scott Helme
J
Java Code Geeks
Engineering at Meta
Engineering at Meta
H
Heimdal Security Blog
H
Help Net Security
D
Darknet – Hacking Tools, Hacker News & Cyber Security
云风的 BLOG
云风的 BLOG
Microsoft Azure Blog
Microsoft Azure Blog
S
Security Affairs
TaoSecurity Blog
TaoSecurity Blog
The GitHub Blog
The GitHub Blog
Hacker News: Ask HN
Hacker News: Ask HN
Martin Fowler
Martin Fowler
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Project Zero
Project Zero
T
The Blog of Author Tim Ferriss
Last Week in AI
Last Week in AI

Ubuntu blog

MAAS installation: bare metal provisioning is easier than ever | Ubuntu Januscape vulnerability CVE-2026-53359 mitigations available | Ubuntu Managing Ubuntu on bare metal at scale Ubuntu Server: a platform made for enterprise scale | Ubuntu Building an open source chain of trust: new research uncovers key blockers and ways forward | Ubuntu Beyond safety and security: Why automotive open source demands dependability  | Ubuntu DirtyClone Linux kernel local privilege escalation vulnerability fixes available | Ubuntu pedit COW kernel local privilege escalation vulnerability mitigations | Ubuntu Canonical becomes Gold Sponsor of Trifecta Tech Foundation | Ubuntu Challenges designers face in open source (and how to fix them) | Ubuntu Hunting a 16-year-old SQLite bug with TLA+: is dqlite affected? | Ubuntu Anbox Cloud on C4A metal: Android, at scale, without friction | Ubuntu Canonical announces live kernel patching for Arm64 | Ubuntu How to use RISC-V custom instructions with Ubuntu | Ubuntu Ubuntu Summit 26.04: connected by open source | Ubuntu So you need to add microcontrollers to your fleet: now what? | Ubuntu Validating real-world skills through Canonical Academy | Ubuntu Virtualized Android comes to Anbox Cloud | Ubuntu Template: Streamlining open source design contributions | Ubuntu Beyond Mythos: responding to a new threat landscape | Ubuntu A look into Ubuntu Core 26: Building a local AI inference appliance in a virtual machine | Ubuntu A decade of Ubuntu on IBM Z and IBM LinuxONE | Ubuntu AI at the edge: simplifying infrastructure with Cisco and Canonical | Ubuntu The next era of telco clouds: get open infrastructure choice with Sylva and Canonical Kubernetes | Ubuntu What is RDMA over Converged Ethernet (RoCE)? | Ubuntu Beyond tokens per watt – using Ubuntu 26.04 LTS for AI | Ubuntu A look into Ubuntu Core 26: Deploying AI models on Renesas RZ/V series for production | Ubuntu RISC-V profiles – why is RVA23 significant? | Ubuntu AI with AMD ROCm on Ubuntu: your questions answered | Ubuntu Ubuntu and Ubuntu Pro on Azure Cobalt 200 VMs | Ubuntu What is InfiniBand? | Ubuntu How Canonical Support solves hard Linux performance bugs  – even in 12-year old code | Ubuntu Securing AI agent workflows on Ubuntu with the new NVIDIA OpenShell snap | Ubuntu Canonical announces optimized Ubuntu images for TPU virtual machines by Google Cloud | Ubuntu VMware hypervisor deployment using MAAS | Ubuntu Migrating from Apache Spark 3 to Spark 4 | Ubuntu Introducing Workshop: launch sandboxed development environments on Ubuntu with a single command | Ubuntu Run agentic workloads on Arm and Ubuntu | Ubuntu Decoding design: How design and engineering thrive together in open source | Ubuntu Developing web apps with local LLM inference | Ubuntu PinTheft Linux kernel vulnerability mitigation | Ubuntu Canonical announces fully Managed Kubeflow AI operations platform on the Microsoft Azure Marketplace | Ubuntu A look into Ubuntu Core 26: Cloud-powered edge computing with AWS IoT Greengrass and Azure IoT Edge | Ubuntu Finding the blind spot: How Canonical hunts logic flaws with AI | Ubuntu Fragnesia Linux kernel local privilege escalation vulnerability mitigations | Ubuntu Rethinking BYOD security: protecting data without trusting devices | Ubuntu Dirty Frag Linux kernel local privilege escalation vulnerability mitigations | Ubuntu Three weeks to go: A sneak peek of the Ubuntu Summit 26.04 experience | Ubuntu How to use Ubuntu on Windows | Ubuntu Fixes available for CVE-2026-31431 (Copy Fail) Linux Kernel Local Privilege Escalation Vulnerability | Ubuntu Run NVIDIA Nemotron 3 Nano Omni locally in a single command | Ubuntu Why Web Engineering is great | Ubuntu Ubuntu 16.04 LTS has reached the end of standard Expanded Security Maintenance with Ubuntu Pro. Here are your options. | Ubuntu Understanding disaggregated GenAI model serving with llm-d | Ubuntu From Jammy to Resolute: how Ubuntu’s toolchains have evolved | Ubuntu Hybrid search and reranking: a deeper look at RAG | Ubuntu Canonical expands Ubuntu support to next-generation MediaTek Genio 520 and 720 platforms | Ubuntu Intentional leadership at Canonical | Ubuntu Ubuntu Pro comes to Nutanix bare-metal Kubernetes | Ubuntu RISC-V 101 – what is it and what does it mean for Canonical? | Ubuntu Ubuntu Summit 26.04 is coming: Save the date and share your story! | Ubuntu How to manage Ubuntu fleets using on-premises Active Directory and ADSys | Ubuntu Simplify bare metal operations for sovereign clouds | Ubuntu How to Harden Ubuntu SSH: From static keys to cloud identity | Ubuntu The “scanner report has to be green” trap | Ubuntu Modern Linux identity management: from local auth to the cloud with Ubuntu | Ubuntu Canonical welcomes NVIDIA’s donation of the GPU DRA driver to CNCF | Ubuntu Hot code burns: the supply chain case for letting your containers cool before you ship | Ubuntu
CVE-2026-46333 (ssh-keysign-pwn) Linux kernel vulnerability mitigations | Ubuntu
Luci Stanesc · 2026-05-20 · via Ubuntu blog

An information disclosure security vulnerability in the Linux kernel was publicly disclosed on May 15th, 2026. The vulnerability was reported by Qualys and fixed in the mainline Linux kernel tree. A proof-of-concept exploit was published soon after public disclosure. The ID CVE-2026-46333 was assigned, but the vulnerability is also referred to as “ssh-keysign-pwn”, based on the proof-of-concept exploit.

The vulnerability is a race condition that can result in the disclosure of sensitive files to unprivileged local users. The exploit demonstrates this by disclosing the contents of the /etc/shadow file (containing hashed local user passwords) and OpenSSH server host private keys (which could facilitate SSH on-path attacks or impact SSH host-based authentication).

CVE-2026-46333 has been assigned a CVSS 3.1 score of 5.5 by CISA, corresponding to a severity of Medium. Canonical agrees with this assessment. The Ubuntu Priority assigned is High, due to the disclosure of sensitive local information to unprivileged users.

Linux kernel package updates are available that fix these vulnerabilities. This blog had been published on the day the vulnerability was publicly disclosed, describing mitigations that disable the  ability to exploit the vulnerability, at a cost of being unable to run debugging tools (such as gdb and gcore) as unprivileged users. The mitigations are no longer necessary if the Linux kernel updates are applied.

Impact

The vulnerability allows disclosure of files opened by a suid or sgid executable to an unprivileged attacker that invokes the suid or sgid executable. The race condition occurs as the privileged process exits, which requires the executable to keep the sensitive files open when exiting. During a short window, an unprivileged attacker can inspect an invoked privileged process using the ptrace() system call.

The demonstrated exploits include:

  • The ability to read the contents of the /etc/shadow file via the sgid /usr/bin/chage. The file contains hashed local user passwords and would require an additional brute-force attack in order to retrieve the plain-text passwords. The algorithms used by Ubuntu are considered strong against such attacks, but require passwords that conform to current best practices.
  • The ability to read the OpenSSH server host private keys via the suid /usr/lib/openssh/ssh-keysign. These are used by the OpenSSH server to prove its identity to clients and ensure that an on-path attack does not compromise SSH connections. Additionally, the OpenSSH host keys are used for host-based authentication and their disclosure could lead to user impersonation on deployments that use this uncommon authentication method.

On container deployments, the information that can be disclosed is strictly within the confines of the container and, generally, unlikely to be useful to an attacker.

Affected releases

In Ubuntu, the vulnerability fix is distributed through the Linux kernel image packages. Before the Linux kernel security updates were available, this blog post described a mitigation that can be applied in the instructions below. The mitigation will impact debuggers, such as gdb. The mitigation is no longer necessary if the Linux kernel updates are applied.

ReleasePackage NameFixed Version
Trusty Tahr (14.04 LTS)linuxNot affected
Xenial Xerus (16.04 LTS)linuxNot affected
Bionic Beaver (18.04 LTS)linuxNot affected
Focal Fossa (20.04 LTS)linuxOnly 5.15 kernel versions were affected. Fixed version: 5.15.0-181.191~20.04.1

5.4 kernels versions are not affected

Jammy Jellyfish (22.04 LTS)linuxLinux 5.15: 5.15.0-181.191
Linux 6.8 (HWE): 6.8.0-124.124~22.04.1
Noble Numbat (24.04 LTS)linuxLinux 6.8: 6.8.0-124.124
Linux 6.17 (HWE): 6.17.0-35.35~24.04.1
Questing Quokka (25.10)linux6.17.0-35.35
Resolute Raccoon (26.04 LTS)linux7.0.0-22.22

How to check if you are impacted

On your system, run the following command to get the version of the currently running kernel and compare the listed version to the corresponding table above.

uname -r

The list of installed kernel packages can be obtained using the following command:

dpkg -l 'linux-image*' | grep ^ii

Security updates

We recommend you upgrade all packages:

sudo apt update && sudo apt upgrade

If this is not possible and the Linux kernel is installed via a meta package, its update can be targeted directly:

sudo apt update
dpkg-query -W -f '${source:Package}\t${binary:Package}\n' | awk '$1 ~ "^linux-meta" { print $2 }' | xargs sudo apt install --only-upgrade

Once the security updates for the Linux kernel are installed, a reboot is required:

sudo reboot

The unattended-upgrades feature is enabled by default for Ubuntu 16.04 LTS onwards. This service:  

  • Applies new security updates every 24 hours automatically.
  • If you have this enabled, the patches above will be automatically applied within 24 hours of being available, but a reboot is still required.

Manual mitigation

Update: Linux kernel security updates that fix the vulnerability are now available. The mitigations described in this section are no longer needed and should only be applied if the Linux kernel cannot be updated. If you have previously configured the mitigations, please follow the instructions in the ‘Disabling the mitigation’ section below.

The mitigation disables the ability of unprivileged users to attach to other processes using the ptrace() system call. This is generally used by debuggers. The kernel.yama.ptrace_scope sysctl can be used to restrict the situations in which the affected system call can be used. On Ubuntu, the sysctl parameter defaults to the value 1, which imposes an ancestor-descendant relationship between the attacker’s process and the victim. The scope can be further restricted with one of the following values:

  • 2: this disallows the use of the ptrace() system call for users without the CAP_SYS_PTRACE privilege, which is the case for most users. As such, an attacker would not normally have this capability,. Debugging tools that utilize ptrace, such as gdb and gcore, will be impacted for unprivileged users.
  • 3: this disables attaching to processes using ptrace() altogether. Debugging tools that utilize ptrace, such as gdb and gcore, will be impacted for all users, including privileged ones.

Please note that if the sysctl is set to the value 3, it cannot be changed without a system reboot.

The following instructions change the currently running value of the kernel.yama.ptrace_scope sysctl and configure a drop-in file (/etc/sysctl.d/99-CVE-2026-46333.conf) to retain the value across reboots. We consider setting the to the value 2 to be a sufficient mitigation. If you wish to use the value 3, you can adjust the command accordingly.

echo kernel.yama.ptrace_scope=2 | sudo tee /etc/sysctl.d/99-CVE-2026-46333.conf
sudo sysctl -p /etc/sysctl.d/99-CVE-2026-46333.conf

Disabling the mitigation

Once kernel updates are installed, the mitigation can be removed:

sudo rm /etc/sysctl.d/99-CVE-2026-46333.conf
sudo sysctl kernel.yama.ptrace_scope=1

We recommend you do not set this parameter to the value 0, as doing so would disable the protections provided by the feature, as explained here.