Wouldn't manually loading a module require elevated privileges? Isn't the issue they are trying to solve that completely unprivileged users can exploit the module to elevate their privileges?

I just tried it on Ubuntu 24.04. Blacklisting algif_aead does not prevent the module from getting loaded by `nobody` using the unprivileged AF_ALG API.

So this project literally does nothing except spew some vibe coded slop across your cluster. Please just upgrade your kernel packages, it's way safer.

Let's consider a sysadmin who says "I blacklisted this module, so we shall never see it on this system."

And then, some random service or cronjob goes down a list and "modprobes" things. Such as a vulnerability scanner.

So the kernel module got loaded by name, until the next reboot.

Yeah, it's another coincidence and another narrowing of the conditions by which this can be exploited. But it's correct to say that blacklisting modules is not the panacea or a 100% airtight solution.