CVE-2026-31431 has been made public. This affects majority of Linux Operating Systems. Nectar images that are affected includes (but are not limited to):
Image UUID
Image Name
3f99b47f-ea38-4eb9-a751-8583390159b5
NeCTAR Ubuntu 24.04 LTS (Noble) amd64
c0250c96-98a4-4bfa-b67c-51874808337f
NeCTAR Ubuntu 22.04 LTS (Jammy) amd64
9e1a422e-8ead-4c94-a0af-50fdda972a3d
NeCTAR Rocky Linux 10 x86_64
6287efc7-1a13-444c-9bad-11d3b1d73f1e
NeCTAR Fedora 42 x86_64
21650962-3f34-4a2b-bee5-dd7e60bcd9b1
NeCTAR Debian 13 (Trixie) amd64
33d03464-7d22-438d-8152-127fe37d7161
NeCTAR CentOS Stream 9 x86_64
bdf52f88-d68f-4f9e-88ef-37bdb4249e4c
NeCTAR AlmaLinux 10 x86_64
This is a local privilege escalation (to root) vulnerability. If you have unprivileged users on your systems, you will need to mitigate/fix this to prevent them from gaining root.
As of time of writing, there are no patched packages from Ubuntu. We will provide an update if this changes.
Mitigations
1. Using modprobe
You can mitigate this in Ubuntu with the following commands. As root, run
This mitigation works for distributions that has algif_aead as a dynamic kernel module. This does not work for distributions that have algif-aead compiled into kernel (e.g. RHEL)
2. Using grub
For distributions that have compiled the module into kernel, you can prevent the blacklist the module via the `initcall_blacklist` config in grub
Mitigations are not a fix. The proper fix requires a new kernel, which currently does not exist The different mitigations come with varying level of completeness. It is important that you decide what is right for you.
Out of all the mitigations, we believe that blacklisting using grub is superior, as it occurs at an earlier sequence in kernel, and works for both kernel modules and in-kernel.
We will update this post as more information becomes available.
0 Votes
0 Comments
People who like this
Delete Comment
This post will be deleted permanently. Are you sure?
CVE-2026-31431 has been made public. This affects majority of Linux Operating Systems. Nectar images that are affected includes (but are not limited to):
This is a local privilege escalation (to root) vulnerability. If you have unprivileged users on your systems, you will need to mitigate/fix this to prevent them from gaining root.
As of time of writing, there are no patched packages from Ubuntu. We will provide an update if this changes.
Mitigations
1. Using modprobe
You can mitigate this in Ubuntu with the following commands. As root, run
This mitigation works for distributions that has algif_aead as a dynamic kernel module. This does not work for distributions that have algif-aead compiled into kernel (e.g. RHEL)
2. Using grub
For distributions that have compiled the module into kernel, you can prevent the blacklist the module via the `initcall_blacklist` config in grub
If you have grubby, you can do
If not, you can edit /etc/default/grub, and append the following
and run `sudo update-grub` after editing
NOTES
Mitigations are not a fix. The proper fix requires a new kernel, which currently does not exist The different mitigations come with varying level of completeness. It is important that you decide what is right for you.
Out of all the mitigations, we believe that blacklisting using grub is superior, as it occurs at an earlier sequence in kernel, and works for both kernel modules and in-kernel.
We will update this post as more information becomes available.
0 Votes
0 Comments