DEBIAN-CVE-2026-46333

Advisory lineage Upstream: 1 Downstream: 0
Upstream
CVE-2026-46333
Published: 15 May 2026, 14:16
Last modified:15 Jun 2026, 09:01

Vulnerability Summary

Overall Risk (default)
medium
28/100
CVSS Score
7.1 HIGH
3.1 (osv_debian)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

15 May 2026, 14:16
Published
Vulnerability first disclosed
15 Jun 2026, 09:01
Last Modified
Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: ptrace: slightly saner 'get_dumpable()' logic The 'dumpability' of a task is fundamentally about the memory image of the task - the concept comes from whether it can core dump or not - and makes no sense when you don't have an associated mm. And almost all users do in fact use it only for the case where the task has a mm pointer. But we have one odd special case: ptrace_may_access() uses 'dumpable' to check various other things entirely independently of the MM (typically explicitly using flags like PTRACE_MODE_READ_FSCREDS). Including for threads that no longer have a VM (and maybe never did, like most kernel threads). It's not what this flag was designed for, but it is what it is. The ptrace code does check that the uid/gid matches, so you do have to be uid-0 to see kernel thread details, but this means that the traditional "drop capabilities" model doesn't make any difference for this all. Make it all make a *bit* more sense by saying that if you don't have a MM pointer, we'll use a cached "last dumpability" flag if the thread ever had a MM (it will be zero for kernel threads since it is never set), and require a proper CAP_SYS_PTRACE capability to override.

CVSS Metrics

  • v3.1HIGHScore: 7.1CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Affected Systems

  • debianlinux

    all | all | < 5.10.251-5 | < 6.1.172-1 | < 6.12.88-1 | < 7.0.7-1

  • debianlinux-6.1

    all | < 6.1.172-1~deb11u1

References (1)