Xint Code disclosed CVE-2026-31431, an authencesn scratch-write bug chaining AF_ALG + splice() into a 4-byte page cache write. A 732-byte PoC gets root on Ubuntu, Amazon Linux, RHEL, SUSE. | AI for Security, Vulnerability Research
and even that is only for the upcoming 7.0 release. a couple of hours ago trixie was not fixed here, but since then a fixed kernel package was released: https://security-tracker.debian.org/tracker/CVE-2026-31431
also check the openwall link there, where they discuss it was not backported to LTS kernels until very recently.
that commit is misleading. that’s the commit of the researcher to their own branch. it was only merged to mainline mid april.
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8
and even that is only for the upcoming 7.0 release. a couple of hours ago trixie was not fixed here, but since then a fixed kernel package was released: https://security-tracker.debian.org/tracker/CVE-2026-31431
also check the openwall link there, where they discuss it was not backported to LTS kernels until very recently.
on suse’s part, there are still no fixes: https://www.suse.com/security/cve/CVE-2026-31431.html