oss-sec mailing list archives

Re: CVE-2026-31431: CopyFail: linux local privilege scalation

From: Demi Marie Obenour <demiobenour () gmail com>
Date: Sat, 2 May 2026 02:39:12 -0400

On 5/1/26 23:54, Eric Biggers wrote:

On Sat, May 02, 2026 at 03:35:58AM +0000, Eric Biggers wrote:

So the idea would be something along the lines of:


And just to make sure no one gets the wrong impression: just because
there seem to be ways in which the attack surface of AF_ALG could/should
be reduced doesn't mean that userspace should keep using it (or even
worse, start to use it).  Fixing programs like iwd needs to proceed
concurrently, so that eventually (some years down the line) the problem
can finally be fully solved by removing AF_ALG from the kernel source.

- Eric


Can AF_ALG be emulated using LD_PRELOAD?  That would allow it to be
eliminated from the kernel much more quickly, as one would not need
to get rid of all of its existing users.  It would even work for those
who need AF_ALG because of closed source binaries, who otherwise will
have no alternative other than running an old kernel in a VM.
-- 
Sincerely,
Demi Marie Obenour (she/her/hers)

Attachment: OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature

Current thread:

Re: Re: CVE-2026-31431: CopyFail: linux local privilege scalation, (continued)
- - - Re: Re: CVE-2026-31431: CopyFail: linux local privilege scalation Reid Sutherland (May 03)
    - Re: CVE-2026-31431: CopyFail: linux local privilege scalation Sam James (Apr 30)
    - Re: CVE-2026-31431: CopyFail: linux local privilege scalation Eric Biggers (Apr 30)
    - Re: CVE-2026-31431: CopyFail: linux local privilege scalation Demi Marie Obenour (May 01)
    - Re: CVE-2026-31431: CopyFail: linux local privilege scalation Eric Biggers (May 01)
    - Re: CVE-2026-31431: CopyFail: linux local privilege scalation Demi Marie Obenour (May 01)
    - Re: CVE-2026-31431: CopyFail: linux local privilege scalation Eric Biggers (May 01)
    - Re: CVE-2026-31431: CopyFail: linux local privilege scalation Demi Marie Obenour (May 02)
    - Re: CVE-2026-31431: CopyFail: linux local privilege scalation Eric Biggers (May 02)
    - Re: CVE-2026-31431: CopyFail: linux local privilege scalation Eric Biggers (May 02)
    - Re: CVE-2026-31431: CopyFail: linux local privilege scalation Demi Marie Obenour (May 02)
    - Re: CVE-2026-31431: CopyFail: linux local privilege scalation Greg Dahlman (May 02)
    - Re: CVE-2026-31431: CopyFail: linux local privilege scalation Greg Dahlman (May 02)
    - Re: CVE-2026-31431: CopyFail: linux local privilege scalation Simon McVittie (May 03)
    - Re: CVE-2026-31431: CopyFail: linux local privilege scalation Greg Dahlman (May 03)
    - Re: CVE-2026-31431: CopyFail: linux local privilege scalation Milan Broz (May 04)
    - Re: CVE-2026-31431: CopyFail: linux local privilege scalation Demi Marie Obenour (May 04)
    - Re: CVE-2026-31431: CopyFail: linux local privilege scalation Eric Biggers (May 04)
    - Re: CVE-2026-31431: CopyFail: linux local privilege scalation Milan Broz (May 04)
    - Re: CVE-2026-31431: CopyFail: linux local privilege scalation Richard Kettlewell (May 02)
    - Re: CVE-2026-31431: CopyFail: linux local privilege scalation Demi Marie Obenour (May 02)

(Thread continues...)