Recently, a local privilege escalation vulnerability (CVE-2026-31431) has been disclosed, caused by a logical flaw in the authencesn module of the Linux kernel's encryption subsystem. A local attacker can write arbitrary content to the page cache by chaining the use of AF_ALG sockets and the splice() system call. Eventually, they can achieve local privilege escalation to root. The details and PoC have been disclosed and the risk is high.

Linux kernel is the core component of Linux operating systems. Check your system and implement timely security hardening.

Reference:

https://nvd.nist.gov/vuln/detail/CVE-2026-31431

https://lore.kernel.org/linux-cve-announce/2026042214-CVE-2026-31431-3d65@gregkh/T/

important

(Severity: low, medium, important, and critical)

72548b093ee3 <= commit < a664bf3d603d

Amazon Linux 2023

Oracle Linux server 7 & 8 & 9 & 10

RedHat Enterprise Linux 8 & 9 & 10

SUSE 16

Ubuntu 26.04 LTS

Linux Kernel 6.18 >= 6.18.22 (commit fafe0fa2995a)

Linux Kernel 6.19 >= 6.19.12 (commit ce42ee423e58)

Linux Kernel 7.0 >= 7.0 (commit a664bf3d603d)

This vulnerability has been fixed in later official versions. If your service version falls into the affected range, upgrade it to a latest secure version.

https://git.kernel.org/stable/c/fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8

https://git.kernel.org/stable/c/ce42ee423e58dffa5ec03524054c9d8bfd4f6237

https://git.kernel.org/stable/c/a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5

For details about the fixed versions of Linux vendors, see the security notices of Amazon Linux, Oracle Linux, Red Hat, SUSE and Ubuntu.

Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.

Get more professional support at any time

Contact Us