Comment by john_strinlai

19 hours ago

Disclosure timeline

    2026-03-23Reported to Linux kernel security team
    2026-03-24Initial acknowledgment
    2026-03-25Patches proposed and reviewed
    2026-04-01Patch committed to mainline
    2026-04-22CVE-2026-31431 assigned
    2026-04-29Public disclosure (https://copy.fail/)

kernel 6.19.14-arch1-1, the kernel in question from the parent comment, has been patched.

7 comments

john_strinlai

marshray 18 hours ago

The lesson here being... compile your own kernel from git sources every few days?

Give up entirely on non-virtualized container security?

This is not sarcasm. I'd finally given in and started learning about docker/podman-style OCI containerization last week.

john_strinlai 18 hours ago
in this specific case, they offer an alternative mitigation if your chosen distro has not updated yet:
For immediate mitigation, block AF_ALG socket creation via seccomp or blacklist the algif_aead module:
echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif-aead.conf rmmod algif_aead 2>/dev/null
- marshray 18 hours ago
  
  Thanks!
  I'd do 'umask 133' in front of the echo out of paranoia.
  Out of curiosity, was the asterisk after '2>/dev/null' intentional? I had not seen that idiom before.
  
  2 replies →
DooMMasteR 1 hour ago

I mean, most Kernel version literally got the patch 2026.04.30, so just today.
x4132 14 hours ago

are you sure containerization would be more secure? this is also a rootless podman escape. the lesson here is to not give random people shell access to your systems.