Anything being done about NVD - CVE-2026-31431 ?

hello, I tried the temporary fix on Rocky 9 but I have this error # rmmod algif_aead rmmod: ERROR: Module algif_aead is builtin. the same fix on an Ubuntu 22.04LTS works Any advice ? Roberto

I’ll answer myself: Mitigation doesn't work on RHEL 9.4 opened 02:57AM - 30 Apr 26 UTC (UTC) [image] FrancisTurner Using either rmmod or modprobe resu…

So this is not Zero Day vulnerability ? Its imporant

It is a zero day vulnerability, but the bad guy has to have access to your machine (either local or remote) before he can use it. It’s not a vulnerability that allows any random schmoe to log into your computer unless he already has a way to do it. It just allows him to jack up his access level if…

I added the following line to /etc/default/grub: GRUB_CMDLINE_LINUX=“initcall_blacklist=algif_aead_init” then did a sudo grub2-mkconfig -o /boot/grub2/grub.cfg upon reboot the exploit no longer works. The failure message is: AttributeError: module ‘os’ has no attribute ‘splice’. You would probabl…

[image] fauxgotten: upon reboot the exploit no longer works. The failure message is: AttributeError: module ‘os’ has no attribute ‘splice’. You would probably want to revert this change once a patched kernel is released. If on Rocky 9, that is because of python version is less than 3.10. The…

Hello, Update copy_fail_exp.py (#66) main ← danielino:main opened 12:02PM - 30 Apr 26 UTC (UTC) [image] danielino …

Sad to report that using 3.12, it is still exploit is still there when tested with 3.12 rather than the default :cry:. Wonder if the security researcher that said this was a fix also had the same issue?

Hello, The example is in python, but you can write the same thing in whatever language .. maybe in Ruby or other. The python script just permit to “easily” show the exploit.

For the time being we just have to wait until the appropriate packages are updated with fixes, eg: new kernel. As already said by @FrankCox the impact probably isn’t that bad considering it requires someone to actually have access to your server with an existing account.

CVE-2026-31431 - Copy Fail - Linux kernel crypto vulnerability

Rocky Linux Help & Support

iwalker April 30, 2026, 5:53pm 9

If on Rocky 9, that is because of python version is less than 3.10. The python test exploit needs at least python 3.10 for it to work and report it. So that error doesn’t verify that you are safe.

Topic		Replies	Views
Rocky 8.10 - CVE-2025-38352 Rocky Linux Help & Support rocky-linux-8	24	1692	November 21, 2025
The Further Experiments of a Vacuous Experimenter Rocky Linux Help & Support	9	691	August 25, 2023
Trouble in River City -- Rocky Linux 8.5 Rollover Blew Up Rocky Linux Help & Support	17	2133	August 25, 2023
Some errata missing in comparison with RHEL and AlmaLinux Rocky Linux Help & Support	16	4352	August 25, 2023
Compiling Openssl 3.0.8 on Rocky Linux 9 Rocky Linux Help & Support	19	10305	August 25, 2023

CVE-2026-31431 - Copy Fail - Linux kernel crypto vulnerability

Related topics