Nine-Year-Old Linux Kernel Flaw Leaks SSH Keys and Password Hashes

A nine-year-old Linux kernel ptrace flaw (CVE-2026-46333) allows unprivileged local users to capture file descriptors from setuid processes using pidfd_getfd, enabling theft of SSH host private keys and /etc/shadow and, in some cases, full local privilege escalation; Qualys TRU developed PoCs and working exploits (ssh-keysign, chage, pkexec, accounts-daemon), patches and distribution updates are available, and interim mitigation is raising kernel.yama.ptrace_scope to 2.