{"id":237558,"date":"2026-05-22T03:15:28","date_gmt":"2026-05-22T08:15:28","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2026\/05\/9-year-old-linux-kernel-flaw-enables-root-command-execution-on-major-distros"},"modified":"2026-05-22T03:15:28","modified_gmt":"2026-05-22T08:15:28","slug":"9-year-old-linux-kernel-flaw-enables-root-command-execution-on-major-distros","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2026\/05\/9-year-old-linux-kernel-flaw-enables-root-command-execution-on-major-distros","title":{"rendered":"9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/9-year-old-linux-kernel-flaw-enables-root-command-execution-on-major-distros.gif\"><\/a><\/p>\n<p>Cybersecurity researchers have disclosed details of a vulnerability in the Linux kernel that remained undetected for nine years.<\/p>\n<p>The vulnerability, tracked as <a href=\"https:\/\/thehackernews.com\/2026\/05\/dirtydecrypt-poc-released-for-linux.html\">CVE-2026\u201346333<\/a> (CVSS score: 5.5), is a case of improper privilege management that could permit an unprivileged local user to disclose sensitive files and execute arbitrary commands as root on default installations of several major distributions like Debian, Fedora, and Ubuntu. It\u2019s also codenamed ssh-keysign-pwn.<\/p>\n<p>According to Qualys, which discovered the flaw, the problem is rooted in the kernel\u2019s __ptrace_may_access function and was introduced in November 2016.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cybersecurity researchers have disclosed details of a vulnerability in the Linux kernel that remained undetected for nine years. The vulnerability, tracked as CVE-2026\u201346333 (CVSS score: 5.5), is a case of improper privilege management that could permit an unprivileged local user to disclose sensitive files and execute arbitrary commands as root on default installations of several [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34],"tags":[],"class_list":["post-237558","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/237558","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=237558"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/237558\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=237558"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=237558"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=237558"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}