CVE-2026-31431. 100% Reliable Linux LPE — no race, no per-distro offsets, page-cache write that bypasses on-disk file-integrity tools and crosses containers. Found by Xint Code.
It looks like the fix is just disabling the algif_aead kernel module. That prevented the proof of concept script from working on everything I tested it on. Hopefully they will get some kernel updates out soon.
Tested on Ubuntu 24.04. Security patching from Ubuntu does fix it. Scary vulnerability
It looks like the fix is just disabling the algif_aead kernel module. That prevented the proof of concept script from working on everything I tested it on. Hopefully they will get some kernel updates out soon.
They have shipped out an update mitigation for the issue. http://ubuntu.com/blog/copy-fail-vulnerability-fixes-available
sudo apt update && sudo apt upgradeand after that, also do the steps listed on that page for running
rmmodand grepping for the affected module unloaded