| ▲ | john_strinlai 3 hours ago |
| Disclosure timeline 2026-03-23Reported to Linux kernel security team
2026-03-24Initial acknowledgment
2026-03-25Patches proposed and reviewed
2026-04-01Patch committed to mainline
2026-04-22CVE-2026-31431 assigned
2026-04-29Public disclosure (https://copy.fail/)
kernel 6.19.14-arch1-1, the kernel in question from the parent comment, has been patched. |
|
| ▲ | marshray an hour ago | parent [-] |
| The lesson here being... compile your own kernel from git sources every few days? Give up entirely on non-virtualized container security? This is not sarcasm. I'd finally given in and started learning about docker/podman-style OCI containerization last week. |
| |
| ▲ | john_strinlai an hour ago | parent [-] | | in this specific case, they offer an alternative mitigation if your chosen distro has not updated yet: For immediate mitigation, block AF_ALG socket creation via seccomp or blacklist the algif_aead module: echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif-aead.conf
rmmod algif_aead 2>/dev/null
| | |
| ▲ | marshray an hour ago | parent [-] | | Thanks! I'd do 'umask 133' in front of the echo out of paranoia. Out of curiosity, was the asterisk after '2>/dev/null' intentional? I had not seen that idiom before. | | |
| ▲ | john_strinlai an hour ago | parent | next [-] | | the asterisk is my oops, trying to format the comment in italics to differentiate my comment from the text provided by the author. sorry for the confusion | |
| ▲ | ranger_danger 34 minutes ago | parent | prev [-] | | And I would do chattr +i disable-algif.conf |
|
|
|
