Skills
CVE-2026-31431 'Copy Fail': 732-Byte Python Script Gives Root on Every Linux Distro Since 2017 — Container Escape Primitive Compromises Kubernetes Nodes
A 9-year-old logic bug in the Linux kernel's algif_aead module (AEAD socket interface) enables a deterministic 4-byte write into the page cache via a 732-byte Python exploit, achieving local privilege escalation with CVSS 7.8. Because the page cache is shared across container boundaries, this is also a container escape primitive and Kubernetes node compromise vector. Mitigation: disable algif_aead module or block AF_ALG sockets via seccomp; fix merged upstream April 1, distros rolling out patches.
Source
↳ Follow the thread