Xint Code disclosed CVE-2026-31431, an authencesn scratch-write bug chaining AF_ALG + splice() into a 4-byte page cache write. A 732-byte PoC gets root on Ubuntu, Amazon Linux, RHEL, SUSE. | AI for Security, Vulnerability Research
and even that is only for the upcoming 7.0 release. a couple of hours ago trixie was not fixed here, but since then a fixed kernel package was released: https://security-tracker.debian.org/tracker/CVE-2026-31431
also check the openwall link there, where they discuss it was not backported to LTS kernels until very recently.
Windows has an overwhelming market share in PCs. Exploitable vulnerabilities that let hackers own it are going to be huge news for as long as that remains the case, because it directly impacts the lives and personal data of more people.
That said, I’m seeing lots of people talk about this particular Linux vulnerability, so I’m not even sure what your gripe is.
patched month ago
where exactly? at least a couple hours ago there were no patches yet for any of debian, redhat, suse
https://github.com/torvalds/linux/commit/a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5 its in that post
that commit is misleading. that’s the commit of the researcher to their own branch. it was only merged to mainline mid april.
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8
and even that is only for the upcoming 7.0 release. a couple of hours ago trixie was not fixed here, but since then a fixed kernel package was released: https://security-tracker.debian.org/tracker/CVE-2026-31431
also check the openwall link there, where they discuss it was not backported to LTS kernels until very recently.
on suse’s part, there are still no fixes: https://www.suse.com/security/cve/CVE-2026-31431.html
No patch on 6.12 LTS and by extension Debian.
Still, my point remains valid.
Windows has an overwhelming market share in PCs. Exploitable vulnerabilities that let hackers own it are going to be huge news for as long as that remains the case, because it directly impacts the lives and personal data of more people.
That said, I’m seeing lots of people talk about this particular Linux vulnerability, so I’m not even sure what your gripe is.