DigiNews

Summary

The article explains a Linux kernel vulnerability exploited by ssh-keysign-pwn, where an unprivileged user can read root-owned files due to a window after exit_mm in which pidfd_getfd can succeed if the caller's UID matches the target. It documents PoC targets such as SSH host keys and /etc/shadow, notes the bug was reported by Qualys and fixed by Linus on 2026-05-14, and covers affected distributions. It underscores the importance of kernel patches and careful PIDFD usage for SMBs and IT teams.