Logic bug in the Linux kernel's __ptrace_may_access() function (CVE-2026-46333)
9 points by fro
9 points by fro
Also this write up:
https://www.linkedin.com/pulse/ptracemaydream-cve-2026-46333-forgotten-too-soon-full-oldani-i0ghf
Finally! Yay :)
It's interesting that the first two exploitable programs listed are chage and ssh-keysign - exactly the ones used by the public PoC. I wonder if this is a coincidence, or if there aren't that many exploitable setuid binaries on a normal install.
I wonder if there's an easter egg lurking in these example crypt hashes.