← Back to context

Comment by marshray

18 hours ago

No it hasn't.

Ubuntu before 26.04 LTS (released a week ago) are currently listed as vulnerable.

Debian other than forky and sid are currently listed as vulnerable.

This is a disgrace.

7 comments

marshray

Reply
john_strinlai  18 hours ago

Disclosure timeline

    2026-03-23Reported to Linux kernel security team
    2026-03-24Initial acknowledgment
    2026-03-25Patches proposed and reviewed
    2026-04-01Patch committed to mainline
    2026-04-22CVE-2026-31431 assigned
    2026-04-29Public disclosure (https://copy.fail/)

kernel 6.19.14-arch1-1, the kernel in question from the parent comment, has been patched.

  • marshray  17 hours ago

    The lesson here being... compile your own kernel from git sources every few days?

    Give up entirely on non-virtualized container security?

    This is not sarcasm. I'd finally given in and started learning about docker/podman-style OCI containerization last week.

    • john_strinlai  17 hours ago

      in this specific case, they offer an alternative mitigation if your chosen distro has not updated yet:

      For immediate mitigation, block AF_ALG socket creation via seccomp or blacklist the algif_aead module:

          echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif-aead.conf
    rmmod algif_aead 2>/dev/null

      3 replies →

    • x4132  13 hours ago

      are you sure containerization would be more secure? this is also a rootless podman escape. the lesson here is to not give random people shell access to your systems.