Xint Code disclosed CVE-2026-31431, an authencesn scratch-write bug chaining AF_ALG + splice() into a 4-byte page cache write. A 732-byte PoC gets root on Ubuntu, Amazon Linux, RHEL, SUSE. | AI for Security, Vulnerability Research
and even that is only for the upcoming 7.0 release. a couple of hours ago trixie was not fixed here, but since then a fixed kernel package was released: https://security-tracker.debian.org/tracker/CVE-2026-31431
also check the openwall link there, where they discuss it was not backported to LTS kernels until very recently.
https://github.com/torvalds/linux/commit/a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5 its in that post
that commit is misleading. that’s the commit of the researcher to their own branch. it was only merged to mainline mid april.
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8
and even that is only for the upcoming 7.0 release. a couple of hours ago trixie was not fixed here, but since then a fixed kernel package was released: https://security-tracker.debian.org/tracker/CVE-2026-31431
also check the openwall link there, where they discuss it was not backported to LTS kernels until very recently.
on suse’s part, there are still no fixes: https://www.suse.com/security/cve/CVE-2026-31431.html