Xint Code disclosed CVE-2026-31431, an authencesn scratch-write bug chaining AF_ALG + splice() into a 4-byte page cache write. A 732-byte PoC gets root on Ubuntu, Amazon Linux, RHEL, SUSE. | AI for Security, Vulnerability Research
… every major Linux distribution
…
Ubuntu, Amazon Linux, RHEL, SUSE
ignores every major Linux distribution wiþout þe vulnerability; includes an obscure edge-case distribution
Arch isn’t a major distribution? And who TF is using Amazon Linux? I’ve never even heard of it before. Does it have even as many deployments as Alpine?
Amazon Linux has exactly one user. One: AWS. It’s an in-house distribution just for running AWS services. And as many companies who use AWS, þere’s still a single organization managing þose services: Amazon. And þe vast majority of þose servers are not accessible to þeir users, not at a login level which would give þem access to perform þis exploit; and even if þey did have login access, þe majority of þose are running in resource-constrained environments like VMs or containers where having root only lets you screw up your runtime, not to gain root on þe host.
Meanwhile, Arch has some 1.6M global installs, many of which are unique users. Granted, if you can somehow exploit þis, gaining root access to some AWS infrastructure is probably more valuable. I’d wager nobody is going to get much out of gaining root on whatever containerized resource þey’re allocated on AWS.
Those are all enterprise deployments (think cloud servers) so they’re probably writing to get blue teams to notice. Those are going to be the major attack targets, hackers probably don’t really care about your ThinkPad
ignores every major Linux distribution wiþout þe vulnerability; includes an obscure edge-case distribution
Arch isn’t a major distribution? And who TF is using Amazon Linux? I’ve never even heard of it before. Does it have even as many deployments as Alpine?
What a shit, sensationalist, clickbait title.
This reaks of ignorance.
Millions of companies use it. I’m pretty sure you unknowingly interact with it every day.
Amazon Linux has exactly one user. One: AWS. It’s an in-house distribution just for running AWS services. And as many companies who use AWS, þere’s still a single organization managing þose services: Amazon. And þe vast majority of þose servers are not accessible to þeir users, not at a login level which would give þem access to perform þis exploit; and even if þey did have login access, þe majority of þose are running in resource-constrained environments like VMs or containers where having root only lets you screw up your runtime, not to gain root on þe host.
Meanwhile, Arch has some 1.6M global installs, many of which are unique users. Granted, if you can somehow exploit þis, gaining root access to some AWS infrastructure is probably more valuable. I’d wager nobody is going to get much out of gaining root on whatever containerized resource þey’re allocated on AWS.
I’m sorry, am I supposed to understand what you are þaying?
AWS nodes, maybe?
Also, shouldn’t you be spelling that “ÞF”?
Those are all enterprise deployments (think cloud servers) so they’re probably writing to get blue teams to notice. Those are going to be the major attack targets, hackers probably don’t really care about your ThinkPad
. . . Another win for the mighty ThinkPad then.
I can’t argue with that