Logic bug in the Linux kernel's __ptrace_may_access() function (CVE-2026-46333)
Qualys disclosed a logic bug in the Linux kernel's __ptrace_may_access() function, assigned CVE-2026-46333. The vulnerability allows an unprivileged local attacker to bypass ptrace access checks, potentially enabling unauthorized tracing of arbitrary processes. This could lead to information disclosure or privilege escalation. The flaw affects multiple kernel versions; patches are available from kernel.org. Users are advised to update their kernels promptly. The advisory was published on May 20, 2026, by Qualys.
// why it matters
Unprivileged local users can escalate privileges by bypassing ptrace restrictions.