Several vulnerabilities in the Linux kernel, most notably the high-severity CVE-2026-46333 (ptrace exit-race), have been patched in the latest security updates.

The most significant flaw, dubbed ssh-keysign-pwn, involves a logic error in the kernel's ptrace access-check path. This race condition allows a local unprivileged attacker to bypass security boundaries and read root-owned secrets, such as the system shadow file or SSH host private keys without requiring full root privileges.

In addition to the ptrace flaw, this update addresses vulnerabilities involving Bluetooth deadlocks (CVE-2026-31499), memory leaks in networking (CVE-2026-43088), and buffer overflows in the ksmbd file server (CVE-2026-43490).

Debian has already pushed patched Linux kernel packages (version 6.12.88-1) to the trixie repository. Other distributions are expected to release corresponding updates shortly.

Sources: Debian Mailing List: https://lists.debian.org/debian-security-announce/2026/msg00214.html