PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-46333 Git CVE debrief

CVE-2026-46333 is a Linux kernel access-control issue in ptrace-related dumpability checks. The fix changes how the kernel decides access for tasks that no longer have an mm, so the ptrace path behaves more consistently for threads without a memory image, including kernel threads.

Vendor
Git
Product
Unknown
CVSS
Unknown
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-15
Original CVE updated
2026-05-16
Advisory published
2026-05-15
Advisory updated
2026-05-16

Who should care

Linux kernel maintainers, distro security teams, and operators of multi-user systems or environments that rely on ptrace restrictions should review this advisory. Systems that permit local users, debug tooling, or kernel-thread introspection deserve the most attention.

Technical summary

The reported problem is that "dumpability" is fundamentally tied to a task's memory image, but ptrace_may_access() also used it for checks unrelated to an mm pointer. That created an odd special case for threads without an mm, including kernel threads. The resolved logic uses a cached "last dumpability" value when a task no longer has an mm but previously had one, and requires CAP_SYS_PTRACE to override. The description also notes that uid/gid matching still applies, so this is an access-check refinement rather than a change to the basic identity check.

Defensive priority

High on systems that expose local users, debugging workflows, or sensitive multi-threaded services; otherwise medium. Because this affects kernel access control and ptrace behavior, patching should be prioritized in general-purpose Linux deployments.

Recommended defensive actions

  • Apply the vendor or distribution kernel update that includes the ptrace get_dumpable() fix.
  • Review any tooling, monitoring, or hardening controls that depend on ptrace access behavior for tasks without an mm.
  • Verify whether local users or service accounts can reach debugging or inspection paths that depend on ptrace permissions.
  • Track downstream distribution advisories and stable-kernel backports referenced by the NVD record.
  • Treat CAP_SYS_PTRACE as the explicit override path and confirm least-privilege policies are still appropriate after patching.

Evidence notes

The CVE was published in the supplied source data on 2026-05-15T14:16:35.793Z and modified on 2026-05-16T13:16:16.810Z. The description states the issue is resolved by adjusting ptrace get_dumpable() logic for tasks without an mm and by requiring CAP_SYS_PTRACE to override. The NVD metadata also references multiple kernel.org stable commits and advisory posts, but no CVSS score or weakness IDs were provided in the supplied corpus.

Official resources

Publicly disclosed in the supplied record on 2026-05-15T14:16:35.793Z and updated on 2026-05-16T13:16:16.810Z. No CISA KEV entry is listed in the supplied enrichment data.