Comment by TehCorwiz

19 hours ago

It does not behave as described on EndeavorOS (arch-based) running kernel 6.19.14-arch1-1. I receive the error:

Password: su: Authentication token manipulation error

I'm guessing this means it's already patched?

10 comments

TehCorwiz

Reply
john_strinlai  19 hours ago

yes, it was reported on march 23rd, patches on april 1.

you are reading about it now because it has been patched.

  • marshray  18 hours ago

    No it hasn't.

    Ubuntu before 26.04 LTS (released a week ago) are currently listed as vulnerable.

    Debian other than forky and sid are currently listed as vulnerable.

    This is a disgrace.

    • john_strinlai  18 hours ago

      Disclosure timeline

          2026-03-23Reported to Linux kernel security team
    2026-03-24Initial acknowledgment
    2026-03-25Patches proposed and reviewed
    2026-04-01Patch committed to mainline
    2026-04-22CVE-2026-31431 assigned
    2026-04-29Public disclosure (https://copy.fail/)

      kernel 6.19.14-arch1-1, the kernel in question from the parent comment, has been patched.

      6 replies →