Another new vulunerability found in Linux Kernel ssh-keysign-pwn

Another vulunerability ssh-keysign-pwn has been identified. This allows unprivileged users to read root-owned files. Not write, but read. This is done via ptrace

Raspberry Pi OS Bookworm 6.12.75, Debian 13, Ubuntu 22.04 / 24.04 / 26.04, Arch, CentOS 9 and others are all infected.
Debian 13 with SELinux enabled does not appear to be impacted.

Its patch was committed yesterday into the Linux Kernel. Not sure whether it has been pushed out to Arch, Debian and others.

A CVE ID has not been assigned to this as of posting this. This is the 3rd in the recent such list of exploits.

No Mitigation is known as of writing this, apart from uninstalling PTRACE. Possibly STRACE too.

Update 1: CVE-2026-46333 has been assigned to this.

Not sure this was identified using a LLM/GenAI solution.

There does not seem to be an embargo period for this too, just like . It looks like embargoes are a thing of the past.

Seven new stable kernels with patches for CVE-2026-46333

Keep calm
and update
your stuff

That’s what I really hate about the newest developments. Do the people not care? Don’t they know better? Their AI should tell them better.

The vulnerability that is fixed by https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=31e62c2ebbfdc3fe3dbdf5e02c92a9dc67087a3a
seems to be very old. I assume at that point in time there were no AI tools available to scan the source code.

This is one of the advantages of AI. We will probably see more vulnerabilties being detected with the next couple of weeks. And this is good.

It would be good with responsible disclosure. But yeah, finding and fixing them is better than not.

Wondering if my old rpi3 with the 6.1.21 kernel is affected…

I was talking about following responsible disclosure, which seems to be disregarded in exchange for clout

So thanks to AI I have been updating the kernel twice this day (now at 7.07.-arch2-1).
What if this is just due to AI hallucionating ?

It’s not impossible but I hope a human did code review as well.

That version already has the patch.

People are not writing patches against AI hallucinations. AI has become good enough to find these things, so there’s an understandable inrush of reports on huge and longstanding codebases. It’s a phase, we will get through it, it will settle down again.

Yes but my point was normally I don’t get kernel updates twice a day as far as I remember, it is getting to the point it is getting ridiculous and I am just not sure this is really necessary. And I am not covinced AI is good enough (yet).

Well they wouldn’t be patching nothing. Would they?

But would they do that if AI has not “told them” to do just that ?

Computers have told humans about bugs for decades, it’s just a new, powerful algorithm sifting through the code. What would be the alternative, ignoring these bugs?

My point was does this algorithm really find bugs or is it based on wrong information ?

Well, as I said, they wouldn’t fix something that wasn’t a bug.

But was it a bug I mean are you sure it was ?

If they were equally good to find the bug themselves, they surely should

The first link in the first post in this thread has a gif showing the vulnerability in action.