Comment by john_strinlai

19 hours ago

yes, it was reported on march 23rd, patches on april 1.

you are reading about it now because it has been patched.

8 comments

john_strinlai

Reply
marshray  18 hours ago

No it hasn't.

Ubuntu before 26.04 LTS (released a week ago) are currently listed as vulnerable.

Debian other than forky and sid are currently listed as vulnerable.

This is a disgrace.

  • john_strinlai  18 hours ago

    Disclosure timeline

        2026-03-23Reported to Linux kernel security team
    2026-03-24Initial acknowledgment
    2026-03-25Patches proposed and reviewed
    2026-04-01Patch committed to mainline
    2026-04-22CVE-2026-31431 assigned
    2026-04-29Public disclosure (https://copy.fail/)

    kernel 6.19.14-arch1-1, the kernel in question from the parent comment, has been patched.

    • marshray  17 hours ago

      The lesson here being... compile your own kernel from git sources every few days?

      Give up entirely on non-virtualized container security?

      This is not sarcasm. I'd finally given in and started learning about docker/podman-style OCI containerization last week.

      5 replies →