CVE-2026-46333: Local Root Privilege Escalation and Credential Disclosure in the Linux Kernel ptrace Path

Qualys TRU disclosed CVE-2026-46333, a critical Linux kernel logic flaw in __ptrace_may_access() combined with pidfd_getfd that allows local unprivileged users to capture file descriptors and escalate to root or exfiltrate sensitive files (e.g., /etc/shadow and SSH host keys). The issue dates to mainline kernel v4.10-rc1 (Nov 2016), working exploits covering common setuid binaries and daemons are circulating, vendor patches and mitigations (raise kernel.yama.ptrace_scope to 2) are available, and operators should apply vendor kernel updates and rotate exposed credentials.