ssh-keysign-pwn: pidfd_getfd FD Theft via mm-NULL Exit Window (CVE-2026-46333)
by 0xdeadbeefnetwork (repo), Qualys (reported kernel bug) · 2026-06-05
- Severity
- High
- CVE
- CVE-2026-46333
- Category
- binary
- Affected product
- Linux kernel plus privileged userland binaries (ssh-keysign, chage)
- Affected versions
- Kernels prior to upstream fix commit 31e62c2ebbfd (2026-05-14)
- Disclosed
- 2026-06-05
- Patch status
- patched
References
Archive entry
intelseclab/poc-archiveMetadata
| Field | Value |
|---|---|
| Date Added | 2026-06-05 |
| Last Updated | N/A |
| Author / Researcher | 0xdeadbeefnetwork (repo), Qualys (reported kernel bug) |
| CVE / Advisory | CVE-2026-46333 |
| Category | binary |
| Severity | High |
| CVSS Score | N/A |
| Status | Patched |
| Tags | LPE, Linux kernel, pidfd_getfd, ptrace, ssh-keysign, chage, fd-theft |
| Related | N/A |
Affected Target
| Field | Value |
|---|---|
| Software / System | Linux kernel plus privileged userland binaries (ssh-keysign, chage) |
| Versions Affected | Kernels prior to upstream fix commit 31e62c2ebbfd (2026-05-14) |
| Language / Platform | C / Linux |
| Authentication Required | Yes (local unprivileged user account) |
| Network Access Required | No (local only) |
Summary
ssh-keysign-pwn demonstrates a local file-descriptor theft primitive on vulnerable Linux kernels. During process exit, a race window appears after exit_mm() but before file descriptors are closed; in that state pidfd_getfd(2) can bypass expected dumpable checks and steal privileged FDs from a dying setuid process. The PoC targets ssh-keysign (host private keys) and chage (/etc/shadow) to show practical local privilege-escalation impact.
Vulnerability Details
Root Cause
The kernel permission path in __ptrace_may_access() did not enforce the dumpable check when task->mm == NULL. In do_exit(), exit_mm() runs before exit_files(), leaving a brief interval where memory context is gone but privileged file descriptors are still open. A same-UID attacker can race pidfd_getfd() in that interval and duplicate those descriptors.
Attack Vector
- Repeatedly spawn a target setuid/helper binary that opens sensitive files before dropping privileges.
- Obtain a pidfd for the child process.
- Aggressively call
pidfd_getfd()over candidate fd numbers while the child exits. - Identify duplicated descriptors resolving to sensitive targets (e.g.,
/etc/ssh/ssh_host_*_key,/etc/shadow) and read contents.
Impact
- Exposure of root-only files to unprivileged local users.
- Practical credential/key theft (
sshhost keys, password hashes) that can enable broader compromise. - In environments with vulnerable kernels and affected helper binaries, this is a reliable local privilege-escalation path.
Environment / Lab Setup
OS: Linux distribution with vulnerable kernel (pre-2026-05-14 fix)
Target: setuid helper binaries (`ssh-keysign`, `chage`)
Attacker: local unprivileged shell account
Tools: gcc/make, standard libc, pidfd syscalls
Setup Steps
| |
Proof of Concept
Step-by-Step Reproduction
- Build the exploit in an authorized vulnerable lab.
1gcc -O2 -Wall -o sshkeysign_pwn sshkeysign_pwn.c - Execute as a non-root user and let the race loop run.
1./sshkeysign_pwn - On success, read stolen key material from stdout.
Exploit Code
See
sshkeysign_pwn.cin this folder.
| |
Expected Output
uid=1000 target=/usr/libexec/ssh-keysign
fd 7 -> /etc/ssh/ssh_host_ed25519_key (round=12 try=143)
-----BEGIN OPENSSH PRIVATE KEY-----
...
Screenshots / Evidence
screenshots/— placeholder for lab capture output.
Detection & Indicators of Compromise
- Repeated short-lived executions of setuid helpers (`ssh-keysign`, `chage`) by unprivileged users
- High-rate pidfd_open/pidfd_getfd syscall bursts from non-privileged processes
- Unexpected read access patterns to `/etc/ssh/ssh_host_*_key` or `/etc/shadow`
SIEM / IDS Rule (example):
Alert when non-root users generate anomalous bursts of pidfd_getfd syscalls
correlated with repeated spawning of privileged helper binaries.
Remediation
| Action | Detail |
|---|---|
| Patch | Upgrade to a kernel release containing fix commit 31e62c2ebbfd (2026-05-14) for CVE-2026-46333 |
| Workaround | Restrict local shell access on vulnerable systems and monitor/block abusive pidfd syscall patterns |
| Config Hardening | Minimize setuid helper exposure; ensure ssh-keysign is only enabled when explicitly required |
References
- Source Repository — 0xdeadbeefnetwork/ssh-keysign-pwn
- CVE-2026-46333 (NVD)
- Linux fix commit
31e62c2ebbfd(Torvalds tree) - Jann Horn post on FD-theft shape (2020)
Notes
Auto-ingested from https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn on 2026-06-05.
The upstream repository also includes chage_pwn.c, a second PoC that races privileged /etc/shadow file descriptors from chage -l.
| |