Re: [EXTERNAL] Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation

["Shrader, David Lee" <dshrader () lanl gov>]

In our environment we found that user action could initiate the loading of the algif_aead kernel module. It appears to 
be loadable on-demand.

Thanks,
David

________________________________________
From: Reid Sutherland <reid () thirddimension net>
Sent: Friday, May 1, 2026 9:08 AM
To: oss-security () lists openwall com <oss-security () lists openwall com>
Subject: [EXTERNAL] Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation
 
On Thu, 2026-04-30 at 10:25 -0700, Alan Coopersmith wrote:

> On 4/30/2026 12:17 AM, cyber security wrote:
>
> > That is very terrifying, is it is 10.0 score?
>
>
> A 10.0 score would require that a vulnerability be exploitable over
> the network, without having to login to a local account on the system
> first to run the exploit script.


Sorry but I'm having a hard time understanding the actual threat level
of this vulnerability.

# lsmod |grep aead 
#

Does anything load the vulnerable module by default or not?  If not,
this should be low-rated IMO.

Is this a big test to highlight all the people that have no idea what
they're doing (about to find out if that's me)?  Right now I'm seeing
people blindly copy/paste an advisory with "RHEL 14.3" in it.