oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: Re: CVE-2026-31431: CopyFail: linux local privilege scalation

From: Alexander Bochmann <ab () lists gxis de>
Date: Sat, 2 May 2026 23:03:53 +0200
...on 2026-05-02 20:05:00, Eric Biggers wrote:


What it does break are a small set of userspace programs that made the
shortsighted decision to use AF_ALG, instead of simply following the
standard practice of using a userspace crypto library.


For some added fun - I noticed that Debian 13, for example, 
ships an openssl build with an AF_ALG engine, so uh, yeah, 
depending on how you use your userspace crypto library... 

No idea if that has any actual consumers anywhere out there 
today.

$ openssl version
OpenSSL 3.5.5 27 Jan 2026 (Library: OpenSSL 3.5.5 27 Jan 2026)
$ openssl engine afalg -c
(afalg) AFALG engine support
 [AES-128-CBC, AES-192-CBC, AES-256-CBC]

Alex.
Previous By Date Next
Previous By Thread Next

Current thread: