module
Linux Kernel __ptrace_may_access() Exit Race chage File Disclosure
| Disclosed | Created |
|---|---|
| May 14, 2026 | Jun 16, 2026 |
Disclosed
May 14, 2026
Created
Jun 16, 2026
Description
This module exploits a race condition in the Linux kernel
do_exit() teardown path affecting __ptrace_may_access().
During process termination, privileged file descriptors may
remain accessible through pidfd_getfd() after task->mm becomes
NULL, allowing sensitive file disclosure from privileged SUID
binaries such as chage.
This module targets chage to disclose /etc/shadow.
This module performs information disclosure only and does not
create a new session.
do_exit() teardown path affecting __ptrace_may_access().
During process termination, privileged file descriptors may
remain accessible through pidfd_getfd() after task->mm becomes
NULL, allowing sensitive file disclosure from privileged SUID
binaries such as chage.
This module targets chage to disclose /etc/shadow.
This module performs information disclosure only and does not
create a new session.
Authors
0xdeadbeefnetwork
bhaskarbhar
bhaskarbhar
Platform
Linux
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.