{"uuid": "52cf7eea-2c40-450a-9250-a0ffc84abcb8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/post/linux/gather/cve_2026_46333_chage.rb", "content": "{\"actions\": [], \"aliases\": [], \"arch\": \"\", \"author\": [\"0xdeadbeefnetwork\", \"bhaskarbhar\"], \"autofilter_ports\": null, \"autofilter_services\": null, \"check\": true, \"default_credential\": false, \"description\": \"This module exploits a race condition in the Linux kernel\\n          do_exit() teardown path affecting __ptrace_may_access().\\n\\n          During process termination, privileged file descriptors may\\n          remain accessible through pidfd_getfd() after task->mm becomes\\n          NULL, allowing sensitive file disclosure from privileged SUID\\n          binaries such as chage.\\n\\n          This module targets chage to disclose /etc/shadow.\\n\\n          This module performs information disclosure only and does not\\n          create a new session.\", \"disclosure_date\": \"2026-05-14\", \"fullname\": \"post/linux/gather/cve_2026_46333_chage\", \"is_install_path\": true, \"mod_time\": \"2026-06-04 11:38:35 +0000\", \"name\": \"Linux Kernel __ptrace_may_access() Exit Race chage File Disclosure\", \"needs_cleanup\": true, \"notes\": {\"AKA\": [\"ssh-keysign-pwn\"], \"Reliability\": [\"repeatable-session\"], \"SideEffects\": [\"artifacts-on-disk\"], \"Stability\": [\"crash-safe\"]}, \"path\": \"/modules/post/linux/gather/cve_2026_46333_chage.rb\", \"platform\": \"Linux\", \"post_auth\": false, \"rank\": 300, \"ref_name\": \"linux/gather/cve_2026_46333_chage\", \"references\": [\"CVE-2026-46333\", \"URL-https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn\"], \"rport\": null, \"session_types\": [\"shell\", \"meterpreter\"], \"targets\": null, \"type\": \"post\"}", "creation_timestamp": "2026-06-15T19:08:59.000000Z"}