CVEFinder.io

CVE-2026-46333

⚠️ high
🔍 Scan for this CVE
Summary

In the Linux kernel, the following vulnerability has been resolved: ptrace: slightly saner 'get_dumpable()' logic The 'dumpability' of a task is fundamentally about the memory image of the task - the concept comes from whether it can core dump or not - and makes no sense when you don't have an associated mm. And almost all users do in fact use it only for the case where the task has a mm pointer. But we have one odd special case: ptrace_may_access() uses 'dumpable' to check various other thi

Description

In the Linux kernel, the following vulnerability has been resolved:

ptrace: slightly saner 'get_dumpable()' logic

The 'dumpability' of a task is fundamentally about the memory image of
the task - the concept comes from whether it can core dump or not - and
makes no sense when you don't have an associated mm.

And almost all users do in fact use it only for the case where the task
has a mm pointer.

But we have one odd special case: ptrace_may_access() uses 'dumpable' to
check various other things entirely independently of the MM (typically
explicitly using flags like PTRACE_MODE_READ_FSCREDS). Including for
threads that no longer have a VM (and maybe never did, like most kernel
threads).

It's not what this flag was designed for, but it is what it is.

The ptrace code does check that the uid/gid matches, so you do have to
be uid-0 to see kernel thread details, but this means that the
traditional "drop capabilities" model doesn't make any difference for
this all.

Make it all make a *bit* more sense by saying that if you don't have a
MM pointer, we'll use a cached "last dumpability" flag if the thread
ever had a MM (it will be zero for kernel threads since it is never
set), and require a proper CAP_SYS_PTRACE capability to override.

CVSS Score
7.1
High
EPSS Score
1.4
Exploit Probability
Published Date
2026-05-15
First Seen: 2026-05-17
📊 Relative Risk Intelligence

This CVE is Moderate Risk - more severe than 53.2% of all 335,187 vulnerabilities in our database.

#156,714
Above average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: May 21, 2026
🔍 Exploitation Status
Poc
Proof-of-concept available
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Total
Complete system compromise possible
SSVC data provided by CISA
Last Modified 2026-07-14
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CWE IDs (Weakness Types)

📦 Affected Products 12

🔗 References 41

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-14355 🔶 medium 5.6 0.3 In PHP versions 8.2.* before 8.2.32, 8.3.* before 8.3.32, 8.4.* before 8.4.23, 8.5.* before 8.5.8, the AES-WRAP-PAD algo... 2026-07-03
CVE-2026-53325 🔶 medium 5.5 0.1 In the Linux kernel, the following vulnerability has been resolved: agp/amd64: Fix broken error propagation in agp_amd6... 2026-06-29
CVE-2026-53278 🔶 medium 5.5 0.1 In the Linux kernel, the following vulnerability has been resolved: arm_mpam: Check whether the config array is allocat... 2026-06-26
CVE-2026-53279 🔶 medium 5.5 0.1 In the Linux kernel, the following vulnerability has been resolved: drm/gma500/oaktrail_lvds: fix hang on init failure ... 2026-06-26
CVE-2026-53280 🔶 medium 5.5 0.1 In the Linux kernel, the following vulnerability has been resolved: iommu: Fix NULL group->domain dereference in pci_de... 2026-06-26
CVE-2026-53281 ⚠️ high 8.8 0.1 In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Avoid NULL pointer dereference or refco... 2026-06-26
These CVEs affect the same products