oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE-2026-31431: CopyFail: linux local privilege scalation

From: Eric Biggers <ebiggers () kernel org>
Date: Sat, 2 May 2026 03:54:02 +0000
On Sat, May 02, 2026 at 03:35:58AM +0000, Eric Biggers wrote:

So the idea would be something along the lines of:


And just to make sure no one gets the wrong impression: just because
there seem to be ways in which the attack surface of AF_ALG could/should
be reduced doesn't mean that userspace should keep using it (or even
worse, start to use it).  Fixing programs like iwd needs to proceed
concurrently, so that eventually (some years down the line) the problem
can finally be fully solved by removing AF_ALG from the kernel source.

- Eric
Previous By Date Next
Previous By Thread Next

Current thread: