Notice Links:
| Posted | Fri, 15 May 2026 22:43 PM UTC
Fri, 15 May 2026 18:43 PM EDT |
|---|---|
| Last Update | Mon, 18 May 2026 05:07 AM UTC (15 days ago)
Mon, 18 May 2026 01:07 AM EDT |
| Status | Closed |
Mon, 18 May 2026 01:52 AM UTC: Extended the mitigation option to describe yama.ptrace_scope. --- A serious Linux kernel vulnerability has been publicly disclosed: http://www.openwall.com/lists/oss-security/2026/05/15/9 This issue has been allocated CVE-2026-46333. It targets kernel setuid binaries via kernel ptrace system calls. It affects all servers running recent Linux kernels. In practical terms, if an actor can run code inside a vulnerable VPS, for example through a compromised website, shell account, or application, this bug may allow them to have read access to files owned by the root user. MitigationsWhere a server is using a modular kernel, you should also check with the distributor as soon as possible for updates and additional mitigation steps. On RimuHosting VPSs, it is possible to block this attack by preventing user accounts from accessing ptrace functonality. Running the following command will block those until the next reboot. Its normal default value is 1. sysctl -w kernel.user_ptrace=0 Another mitigation is below. Typical system default value is 0. sysctl -w kernel.yama.ptrace_scope=3 Unlike user_ptrace this toogle has a graduated permission, from 0 to 3. With a setting of 3 this will block all tracing subsystems, including for root users, the level can not be changed again until the server is restarted. Please read kernel documentation for more information. These temporary fixes may also limit normal access to setuid programs, uncluding sudo and su commands. Fixed kernelsWe have released patched kernels on all our hosts. A reboot will be required to use those. VPSs should be restarted from our control panel.
You can verify which kernel your VM is running using the command 'uname -r', it will look something like this...: 6.18.0-really31-rh-20260515150258.xenU.x86_64 Patched kernels will show a build date of 20260515 or newer. Those digits are the date: 2026 May 15th. Ongoing workWe are continuing to review this vulnerability, and will be providing updates and further recomendations here. Please subscribe to this notice for updates. # | |
Log in to subscribe to changes to this notice.
Set your operation notice contact details for future notifications.
LaunchtimeVPS: Server hosting service. A Rimu Hosting Ltd business. RimuHosting services include:
© RimuHosting Ltd 2002-2026. Rimuhosting, Launchtime and the Rimuhosting logo are RimuHosting™ trademarks.
launchtimevps.com 