Read root-owned files as an unprivileged user. Pre-31e62c2ebbfd kernels (everything in stable as of 2026-05-14).The bug__ptrace_may_access() skips the dumpable check when task->mm == NULL. do_exit() runs exit_mm() before exit_files() — no mm, fds still there. pidfd_getfd(2) succeeds in that window when the caller’s uid matches the target’s.Reported by Qualys, fixed by Linus 2026-05-14. Jann Horn flagged the FD-theft shape in October 2020. Six years.MitigationDon’t run your PC if you don’t need it. Lock yourself in and look over your sholder …FixLinus Torvalds himself patched the kernel: Making sure you're not a bot!. We have to see on when we patch our supported kernels …More info github.com GitHub - 0xdeadbeefnetwork/ssh-keysign-pwn: Steal SSH host private keys and /etc/shadow via... Steal SSH host private keys and /etc/shadow via the ptrace_may_access mm-NULL bypass + pidfd_getfd. Pre-31e62c2ebbfd kernels. 2 posts - 2 participants Read full topic