Re: CVE-2026-31431: CopyFail: linux local privilege scalation

[Reid Sutherland <reid () thirddimension net>]

On Sat, 2026-05-02 at 20:56 +0200, Justin Swartz wrote:
> On Fri, May 1, 2026 at 20:25:17 -0400, Reid Sutherland wrote:
> > Why is userspace allowed to load modules in any capacity?
>
> It's potentially useful for autoloading driver modules when PnP
> devices are connected, which could be considered deadweight if
> they were loaded, or baked into the kernel itself, when the
> respective devices aren't present.

This is userspace software loading an administrative driver.  Not even
close to the same as physically connecting a device.



> > Why do we need kernel modules for math?
>
> To interact with cryptographic acceleration hardware, if present or
> desired, and to provide support for kernel subsystems that rely on
> encryption, like IPSec or WireGuard.

Then why is it exposed to userland?  Attack surface continues to
expand.


> > I'm assuming any thoroughly qualified platform engineer compiles
> > the host kernel without module support.  At least, that needs to
> > make a comeback, bring back applying grsec patches and make
> > menuconfig..
>
> I'm thoroughly unqualified, so take my opinion with a bag of salt:
>
> If you have a use case that allows you to avoid loadable kernel
> modules indefinitely in a completely monolithic kernel then, by
> all means, roll your kernel as such and you'll be slightly safer
> than those who don't.

Slightly is the wrong word to use in this recent case.  It is likely
what separated the secure from vulnerable in major cloud environments.


> Kernel configuration minification doesn't seem to be spoken of
> much anymore except by those who have fairly resource constrained
> embedded systems that run Linux on some application processor.
>
> If you're prepared to go that far, why not roll your own distro?

Because I'm not invested.  Clearly billions are poured into this
environment and it's all hinged on an insecure chain (using math in
kernel space and loading modules from userspace).

This whole using math in the kernel and exposing it, the complexity of
code written for algorithms is often very high, this is a breeding
ground for "oops I messed up" root vulnerabilities (hindsight 20/20).


> LFS is a potentially good starting point, but you can get by with
> even less. For example: Linux, musl, busybox, just the applications
> (and mandatory dependencies) you need, and some init scripts to tie
> it all together.


I agree it's easy in theory, but unless the people are paid and
passionate, it's not going to last.  We need a serious push for a
hardened platform kernel after this.