A fourth vulnerability has hit the kernel [ssh-keysign-pwn]
Posted by Amomynou5@reddit | sysadmin | View on Reddit | 25 comments
Allows unprivileged users to read files owned by root. Affects all stable kernels as of 2026-05-14.
PoC: https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn Patch: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=31e62c2ebbfdc3fe3dbdf5e02c92a9dc67087a3a
WatTambor420@reddit
Hopefully this is a sign to slow down with vibe coding the kernel lol.
Wonder if Linus is uninvolved with the kernel these days, or if they’re just having a really, really bad stretch.
Demented_CEO@reddit
Let's be honest, Linux was never meant to be a secure OS and projects like SELinux are shrugged off for being "too hard" to implement. You can't have security with the same convenience, it'll require quite a bit of discipline as well.
A great example is the philosophy behind OpenBSD, taking correctness very seriously and coming with sensible security defaults and a more robust privilege escalation method (doas vs. sudo). We'd need more of that in Linux.
Hotshot55@reddit
Maybe 10 years ago.
frymaster@reddit
The bug being patched has existed for many years
The patch linked in OP literally has his name on it
synept@reddit
The kernel is not being vibe coded, vulnerabilities are being found that have existed for many years.
BananaSacks@reddit
It looks like my 2024 gamble to get out of 'Big Corp' and retire my 'Big-Boy pants' is paying off.
I don't miss this. Not one bit.
Hats of to ye who have to keep the ships afloat.
IJustLoggedInToSay-@reddit
I think about this all the time, but I would miss eating...
speaksoftly_bigstick@reddit
Counting down the days... Seems so far off when those "days" are actually "years" 😆
BananaSacks@reddit
It's like xmas when we were kids. Pencil it into the calendar, and forget about it. Time flies. It will catch up with you before you know it!
opinionsOnPears@reddit
None of this started happening until they made Linus go to anger management.
brontide@reddit
This one is a little more limited in scope, thankfully. You need a vulnerable kernel, vulnerable suid apps on the device, and good timing. The software must take actions in a specific order to leave the file descriptor vulnerable. Basically it has to open the file and drop privileges before closing the file. The calling process can then kill the process ( with the user privs ) and read the file descriptor if the timing was right.
Darkk_Knight@reddit
sudo apt update && sudo apt upgrade -y && sudo apt autoremove -y && sudo reboot
done.
purplemonkeymad@reddit
Perhaps I should be putting that cron.hourly now.
homing-duck@reddit
That won’t protect you from 0-days. We have implemented the following.
Chellhound@reddit
Good idea - now to just translate that into group policy for my AD domain...
JerikkaDawn@reddit
I got the reference!!! 😂
Solkre@reddit
Yeah I need that on everything!
mouringcat@reddit
Someone may turn it back on. May I suggest filling it with cement and drop it in the ocean…
ADL-AU@reddit
Don’t even need to do that. Ansible will just kick in and do it all for us.
NoDistrict1529@reddit
Oh.
liberovento@reddit
Oh my god again. Please, please I need rest I’m tired
Solkre@reddit
Well that’s just too damn bad!
progenrule@reddit
patching cadence cant keep up anymore
Specialist_Cow6468@reddit
I’m tired, boss
W3tTaint@reddit
Vacation time.