cbcvebase.
CVE-2026-46333
published 2026-05-15

CVE-2026-46333: In the Linux kernel, the following vulnerability has been resolved: ptrace: slightly saner 'get_dumpable()' logic The 'dumpability' of a task is fundamentally…

PriorityP343high7.1CVSS 3.1
AVLACLPRLUINSUCHIHAN
EXPLOIT
EPSS
1.24%
65.5th percentile
In the Linux kernel, the following vulnerability has been resolved: ptrace: slightly saner 'get_dumpable()' logic The 'dumpability' of a task is fundamentally about the memory image of the task - the concept comes from whether it can core dump or not - and makes no sense when you don't have an associated mm. And almost all users do in fact use it only for the case where the task has a mm pointer. But we have one odd special case: ptrace_may_access() uses 'dumpable' to check various other things entirely independently of the MM (typically explicitly using flags like PTRACE_MODE_READ_FSCREDS). Including for threads that no longer have a VM (and maybe never did, like most kernel threads). It's not what this flag was designed for, but it is what it is. The ptrace code does check that the uid/gid matches, so you do have to be uid-0 to see kernel thread details, but this means that the traditional "drop capabilities" model doesn't make any difference for this all. Make it all make a *bit* more sense by saying that if you don't have a MM pointer, we'll use a cached "last dumpability" flag if the thread ever had a MM (it will be zero for kernel threads since it is never set), and require a proper CAP_SYS_PTRACE capability to override.

Affected

77 ranges· showing 25
VendorProductVersion rangeFixed in
debiandebian_linux
linuxlinux
linuxlinux
linuxlinux
linuxlinux
linuxlinux
linuxlinux>= 3.16.52 < 3.173.17
linuxlinux>= 4.4.40 < 4.54.5
linuxlinux>= 4.8.16 < 4.94.9
linuxlinux>= 4.9.1 < 4.104.10
linuxlinux>= bfedb589252c01fa505ac9f6f2a3d5d68d707ef4 < 93d4ba49d18e3d7fb41a9927c2d0cca5e9dfefd693d4ba49d18e3d7fb41a9927c2d0cca5e9dfefd6
linuxlinux>= bfedb589252c01fa505ac9f6f2a3d5d68d707ef4 < 15b828a46f305ae9f05a7c16914b3ce27347420515b828a46f305ae9f05a7c16914b3ce273474205
linuxlinux>= bfedb589252c01fa505ac9f6f2a3d5d68d707ef4 < 4709234fd1b95136ceb789f639b1e7ea5de1b1814709234fd1b95136ceb789f639b1e7ea5de1b181
linuxlinux>= bfedb589252c01fa505ac9f6f2a3d5d68d707ef4 < 8f907d345bae8f4b3f004c5abc56bf2dfb851ea78f907d345bae8f4b3f004c5abc56bf2dfb851ea7
linuxlinux>= bfedb589252c01fa505ac9f6f2a3d5d68d707ef4 < 6e5b51e74a40d377bcd3081dd33fbaa0e1aa7e3d6e5b51e74a40d377bcd3081dd33fbaa0e1aa7e3d
linuxlinux>= bfedb589252c01fa505ac9f6f2a3d5d68d707ef4 < 2a93a4fac7b6051d3be7cd1b015fe7320cd0404d2a93a4fac7b6051d3be7cd1b015fe7320cd0404d
linuxlinux>= bfedb589252c01fa505ac9f6f2a3d5d68d707ef4 < 01363cb3fbd0238ffdeb09f53e9039c9edf8a73001363cb3fbd0238ffdeb09f53e9039c9edf8a730
linuxlinux>= bfedb589252c01fa505ac9f6f2a3d5d68d707ef4 < 31e62c2ebbfdc3fe3dbdf5e02c92a9dc67087a3a31e62c2ebbfdc3fe3dbdf5e02c92a9dc67087a3a
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel>= 3.16.52 < 3.173.17
linuxlinux_kernel>= 4.4.40 < 4.54.5
linuxlinux_kernel>= 4.8.16 < 4.94.9

CVSS provenance

nvdv3.17.1HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
vendor_ubuntu8.8HIGH
vendor_redhat7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.