A serious Linux kernel vulnerability has been publicly disclosed:

http://www.openwall.com/lists/oss-security/2026/05/15/9

This issue has been allocated CVE-2026-46333. It targets kernel setuid binaries via kernel ptrace system calls. It affects all servers running recent Linux kernels.

In practical terms, if an actor can run code inside a vulnerable VPS, for example through a compromised website, shell account, or application, this bug may allow them to have read access to files owned by the root user.

Mitigations

Where a server is using a modular kernel, you should also check with the distributor as soon as possible for updates and additional mitigation steps.

On RimuHosting VPSs, it is possible to substantially mitigate this attack by preventing user accounts from accessing ptrace functonality. Running the following command will block those until the next reboot.

sysctl -w kernel.user_ptrace=0

This temporary fix may affect anything that depend on setuid binaries, uncluding sudo and su commands.

Another mitigation may be to remove the setuid bit from those affected binaries. This would also result in loss of the specific functionaility that provides and should be carefully tracked.

Fixed kernels

We have released patched kernels on all our hosts. A reboot will be required to use those. VPSs should be restarted from our control panel.

• Control panel restart: https://rimuhosting.com/cp/vps/restart.jsp
• Kernel selection page: https://rimuhosting.com/cp/vps/kernel.jsp

You can verify which kernel your VM is running using the command 'uname -r', it will look something like this...:

6.18.0-really31-rh-20260515150258.xenU.x86_64

Patched kernels will show a build date of 20260515 or newer. Those digits are the date: 2026 May 15th.

Ongoing work

We are continuing to review this vulnerability, and will be providing updates and further recomendations here. Please subscribe to this notice for updates.