VOOZH

URL: https://www.phoronix.com/news/Linux-ssh-keysign-pwn

⇱ Linux's Latest Vulnerability Allows Reading Root-Owned Files By Unprivileged Users - Phoronix

Articles & Reviews
News Archive
Forums
Premium
Contact
Categories

Computers Display Drivers Graphics Cards Linux Gaming Memory Motherboards Processors Software Storage Operating Systems Peripherals

Linux's Latest Vulnerability Allows Reading Root-Owned Files By Unprivileged Users

Written by Michael Larabel in Linux Kernel on 14 May 2026 at 09:35 PM EDT. 55 Comments

Following Dirty Frag, Fragnesia, and other Linux kernel vulnerabilities making themselves known in recent days, the latest now is ssh-keysign-pwn.

With ssh-keysign-pwn, unprivileged users are able to read root-owned files. That affects all Linux kernel releases up through today's latest Linux Git state as of earlier today.

👁 ssh-keysign-pwn

The ssh-keysign-pwn was reported by Qualys and fixed by the mainline Linux kernel earlier today. This patch to adjust the kernel's ptrace behavior is what fixes the issue.

More details on ssh-keysign-pwn can be found via this GitHub repository.

Update: Linux 7.0.8 Released & LTS Kernels Updated For ssh-keysign-pwn

55 Comments

Linux 7.2 Slab Changes Include More Performance Optimizations

Initial AMDGPU HDMI 2.1 FRL Support Successfully Merged For Linux 7.2

Linux 7.2 Improves Anonymous/Unnamed Pipe Performance For Shell Pipelines & More

Linux 7.2 Continues Removing Old i486 Code Remnants, Adds Rugged Panther Lake

Cache Aware Scheduling Merged For Linux 7.2 For Boosting Modern Intel & AMD CPUs

Linux 7.2 Introducing The Rust Zerocopy Library To Eliminate More "Unsafe" Code

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Arch Linux Now Believes Malware Incident Under Control: More Than 1,500 Affected Packages

ReactOS "Open-Source Windows" Reaches The Milestone Of Being Able To Run Half-Life

macOS 27 Beta Breaks The Ability To Boot Asahi Linux

Arch Linux's AUR Sees More Than 400 Packages Compromised With Malware

Arch Linux AUR Hit By Another Wave Of Now More Sophisticated Malware Attack

Russian Spam & Profanities Are Now Plaguing The Arch Linux AUR

YSERVER: Modern X11 Server Written In Rust With The Help Of Claude Code

AMD Opens Pre-Orders For The Linux-Friendly Ryzen AI Halo Developer Platform

Support Phoronix
While Having Ad-Free Browsing,
Single-Page Article Viewing

Legal Disclaimer, Privacy Policy, Cookies | | Contact