New Linux kernel flaw ssh-keysign-pwn & ModuleJail, a way to limit the impact of similar bugs

marel · May 18, 2026, 6:59pm

Another day, another CVE, CVE-2026-46333.

Another Linux kernel flaw has handed local unprivileged users a way to peek at files they should never be able to read, including root-only secrets such as SSH keys

The good news is there is now a way to minimize the risk of these kind of bugs: ModuleJail.

The top line of the README summarizes it:

A single POSIX shell script that shrinks a Linux host’s kernel-module attack surface by writing a modprobe.d blacklist for every kernel module not currently in use, minus a built-in baseline and an optional sysadmin whitelist. No daemons, no initramfs changes, no AI inside the tool. One script, one run, one blacklist file.

dcurtisfra · May 20, 2026, 12:53pm

@marel:

Here on Tumbleweed → “kernel-default” changelog:

* Fri May 15 2026 ddiss@suse.de
- ptrace: slightly saner 'get_dumpable()' logic (bsc#1265308).
- commit 67ebcde

The references in the SUSE <CVE-2026-46333 - ptrace: slightly saner ‘get_dumpable()’ logic> don’t currently point to the Tumbleweed repair but, it has happened anyway, with the snapshot 20260516 released during the evening of the 17th of May this year, with the Kernel update from version 7.0.6 to version 7.0.7 …

And, the reference “bsc#1265308” appears in various SUSE Security Advisories …