Schedule a Demo

Table of contents

CVE-2026-31431 (Copy Fail): Linux Kernel LPE

Dor Hayun April 30, 2026 2 min read
Malicious Packages
CVE-2026-31431 (Copy Fail): Linux Kernel LPE - Blog Cover Linux Kernel LPE

Table of contents

A new Linux kernel LPE disclosed by Theori/Xint lets any unprivileged local user become root with a 732-byte Python script. Works first try, no race, no per-kernel offsets. CVSS 7.8 (High), effectively critical for shared-kernel and multi-tenant environments.

The bug

A logic flaw in the kernel’s algif_aead (introduced in 4.14, July 2017), reached via AF_ALG and splice(), gives a deterministic 4-byte write into the page cache of any readable file, including setuid binaries.

  • No race, no per-kernel offsets, works first try.
  • On-disk file is unchanged, so file-integrity tools won’t catch it.
  • Page cache is shared across the host, making this a container escape primitive on Kubernetes nodes from any pod that can create AF_ALG sockets.

Who’s affected

Every kernel from 4.14 until the fix. Theori verified root on Ubuntu 24.04 LTS, Amazon Linux 2023, RHEL 10.1, and SUSE 16. The same exploit works unmodified on Debian, Fedora, Rocky, Alma, Oracle, Arch. Fixed in 6.18.22, 6.19.12, and 7.0.

What to do

Most distros had not shipped patched kernels at disclosure. Mitigate first, patch when available.

  1. Disable algif_aead on every host:
echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf rmmod algif_aead 2>/dev/null || true

Safe to apply: does not affect dm-crypt, kTLS, IPsec, OpenSSL, SSH, or kernel keyring crypto. Only impacts apps explicitly using the OpenSSL afalg engine.

  1. Block AF_ALG via seccomp for untrusted workloads, such as K8s pods, CI runners, and agent sandboxes.
  2. Patch the kernel as soon as your distro ships the fix, then reboot.
  3. Prioritize: multi-tenant K8s nodes, then CI runners, then production servers, then workstations.

For cloud-native teams

Kernel CVEs don’t appear in image SBOMs, so detection belongs at the node layer. Workloads running under hardware virtualization (Firecracker for Lambda, Fargate) or kernel reimplementations (gVisor, V8 isolates) are not exposed to the host kernel’s AF_ALG path.

References

Manage open source risk

Read the report

About the author

CVE-2026-31431 (Copy Fail): Linux Kernel LPE - ?s=96&d=mm&r=g
Dor Hayun

A software developer in Mend.io’s Cloud Native Security Squad, Hayun began his career as a security analyst focusing on Linux vulnerabilities. He is dedicated to securing the cloud-native world and enjoys exploring cybersecurity changes in the AI era.

Recent resources

CVE-2026-31431 (Copy Fail): Linux Kernel LPE - Mini Shai Hulud

Shai-Hulud Strikes SAP: Supply Chain Worm Weaponized Claude Code to Compromise the CAP Framework

Tom Abai Apr 29, 2026
Malicious Packages

SAP CAP packages compromised via Claude Code in AI-assisted worm attack.

Read more
CVE-2026-31431 (Copy Fail): Linux Kernel LPE - The Butlerian Jihad

The Butlerian Jihad: Compromised Bitwarden CLI Deploys npm Worm, Poisons AI Assistants, and Dumps GitHub Secrets

Tom Abai Apr 23, 2026
Malicious Packages

Mend.io tracks TeamPCP's latest supply chain attack.

Read more
CVE-2026-31431 (Copy Fail): Linux Kernel LPE - Blog cover Team PCP part 4 1

A Poisoned Xinference Package Targets AI Inference Servers

Tom Abai Apr 22, 2026
Malicious Packages

Three poisoned xinference releases on PyPI target AI infrastructure credentials.

Read more

© 2026 Mend.io (White Source Ltd.) All rights reserved.

AI Security & Compliance Assessment

Map your maturity against the global standards. Receive a personalized readiness report in under 5 minutes.

Get your report