Linux kernel flaw opens root-only files to unprivileged users

Plus ModuleJail, a radical proposal for minimizing the impact of similar bugs

Another Linux kernel flaw has handed local unprivileged users a way to peek at files they should never be able to read, including root-only secrets such as SSH keys. The bug affects multiple LTS kernel lines from 5.10 upward, although a fix has already landed – and there is now a proposal for reducing the odds of similar surprises in future. What FOSS analytics vendor Metabase memorably dubbed the strip-mining era of open source security continues. This time, the culprit is CVE-2026-46333, a local kernel vulnerability that lets an unprivileged user read files they should not be able to access, including those normally available only to root. An attacker who already has login access to an affected machine could therefore potentially grab SSH keys, password files, or other confidential credentials, as the KnightLi

blog explains.Despite its official designation, a demo

exploit on GitHub calls it ssh-keysign-pwn. It is not quite as catchy a name as Copy

Fail, or Dirty

Linux kernel flaw opens root-only files to unprivileged users

Other newsrooms on this story

Related reading

Linux cryptographic code flaw offers fast route to root

Other newsrooms on this story

Related reading

Linux cryptographic code flaw offers fast route to root

'Dirty Frag' Linux flaw one-ups CopyFail with no patches and public root exploit

The third major Linux kernel flaw in two weeks has been found - thanks to AI

Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major…

Privilegienausweitung in Linux: Lokale Nutzer können fremde Dateien lesen

New Fragnesia Linux flaw lets attackers gain root privileges