A logic flaw in the Linux kernel allows unprivileged local users to read root-only files and execute arbitrary commands as root [1, 2, 3].
This vulnerability is critical because it affects default installations of major Linux distributions, including Ubuntu, Debian, and Fedora [1, 4]. By exploiting the flaw, a user with limited permissions can bypass security restrictions to seize full control of a system.
The vulnerability was discovered by the Qualys Threat Research Unit and researchers at Xint.io and Theori [1, 2]. The Qualys Threat Research Unit said the bug has resided in mainline Linux since November 2016 (v4.10-rc1) [1, 6].
The flaw stems from improper privilege-management logic [2, 5]. This error allows a four-byte write to an incorrect location, which enables the privilege escalation [2, 5].
Reporting on the vulnerability has varied regarding its identification. The Hacker News identified the flaw as CVE-2026-46333 [5], while FreePressJournal cited it as CVE-2026-31431 [2]. MSN referred to a flaw called "Fragnesia" as CVE-2026-46300 [3].
Severity scores for the flaw also differ across reports. The Hacker News reported a CVSS score of 5.5 [5], whereas FreePressJournal listed the score as 7.8 [2].
"CVE-2026-46333 is a nine-year-old Linux kernel improper privilege-management flaw introduced in November 2016 with a CVSS score of 5.5," The Hacker News editorial team said [5].
“The bug has resided in mainline Linux since November 2016 (v4.10‑rc1).”
The discovery of a decade-old vulnerability in the Linux kernel highlights the persistent risk of 'dormant' bugs in foundational open-source code. Because the flaw affects default installations of the most widely used distributions, the potential attack surface is vast, though it requires the attacker to already have local access to the machine. The discrepancy in CVSS scores and CVE identifiers suggests an ongoing process of triage and classification among security researchers and distributors.
