https://www.openwall.com/lists/oss-security/2026/05/15/2 - not fixed in current kernels. No CVE so far.
Exploit: https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn
Patch: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=31e62c2ebbfdc3fe3dbdf5e02c92a9dc67087a3a
Brad Spengler then published a brief analysis
Yeah its pretty brief, a tweet with a link to the patch 
Yeah, it was first fixed without pomp and then someone discovered it (and made public) analyzing commits. That's why no CVE.
Yeah, there's been quite a few recently, ah well, another round of compiles again. Thanks for the heads up. I guess it's a weirdo combo occuring these days, general lack of ethics in authority, Windows being awful so there's more eyes on Linux, AI taking off, I hope these things aren't intentional back doors is all I gotta say about it.