The Point: Critical Linux kernel vulnerability (CVE-2026-31431) enables local privilege escalation to root. Kernel update is required; as a temporary solution, a workaround exists for disabling the affected module on Ubuntu and Debian-based systems.
A critical security flaw in the Linux kernel (CVE-2026-31431) allows local users to gain root privileges and take complete control of the system. Nearly all common Linux distributions running kernels from 2017 through the patch release date are affected. A module deactivation mechanism now exists as a workaround for vulnerable systems.
The vulnerability is based on a logic error in the Linux kernel that allows users to deliberately write to protected memory regions and manipulate internal system structures. The exploitation process works reliably without typical obstacles such as race conditions or specific system dependencies. With a CVSS Base Score of 7.8, the vulnerability is classified as critical.
The vulnerability has already been verified on Ubuntu 24.04 LTS, Amazon Linux 2023, RHEL 10.1, and SUSE 16. To minimize risk, experts strongly recommend updating to a patched kernel version as soon as possible (patch included in commit a664bf3d603d).
A new workaround for Debian-based systems such as Ubuntu is now available: by creating the file disable-algif-aead.conf in the /etc/modprobe.d directory with the content “install algif_aead /bin/false,” loading of the vulnerable kernel module is prevented. However, this workaround requires prior verification that the affected module is necessary for your use cases, as disabling it may result in unintended side effects or system impairment.
CERT.at emphasizes the fundamental importance of keeping all software up to date and preferring automatic updates. Regular system restarts ensure that security updates are activated promptly.
Source: www.cert.at