Comment by nh2

17 hours ago

If you want to use the suggested mitigation (disabling kernel module `algif_aead` with a modprobe config), and you do not want to run that whole obfuscated shell code to get an actual root shell, but only check if the module can be loaded, here is a readable version of its first few lines:

    python3 -c 'import socket; s = socket.socket(socket.AF_ALG, socket.SOCK_SEQPACKET, 0); s.bind(("aead","authencesn(hmac(sha256),cbc(aes))")); print("algif_aead probably successfully loaded, mitigation not effective; remove again with: rmmod algif_aead")'

Similarly, when the mitigation is in place,

    modprobe algif_aead

should fail with an error.

3 comments

nh2

Reply
archon810  6 hours ago 

    modprobe algif_aead
    modprobe: FATAL: Module algif_aead not found in directory /lib/modules/6.14.3-x86_64-linode168

Yet this kernel is vulnerable.

  • Sophira  3 hours ago

    That would suggest that CRYPTO_USER_API_AEAD=y in your kernel config. You can disable it in that case by setting that to "n", recompiling your kernel, and putting the new kernel in place.

    • nh2  1 hour ago

      Indeed, no modprobe.d will help when the feature is compiled into the kernel ("=y") instead of compiled into a runtime-loadable module.