CVSS score 7.8 Severity High CVE-2026-31431 Linux kernel
Highly easy root exploit (at least locally). kernel.org kernel patched, various states for various distros, if your distro doesn't have patch/update out yet, expect it soon.
Appears (I've not vetted it) there's also effective work-around to close the hole in existing running kernels, apparently, e.g.:
disable the algif_aead kernel module. This breaks nothing for the vast majority of systems dm-crypt, LUKS, IPsec, TLS, SSH, and standard OpenSSL/GnuTLS builds all use the in-kernel crypto API directly and do not go through AF_ALG: echo 'install algif_aead /bin/false' >/etc/modprobe.d/disable-algif.conf rmmod algif_aead 2>/dev/null || true For containerized or multi-tenant workloads, block AF_ALG socket reation via seccomp policy regardless of patch state.
Proof-of-concept exploit already published, likely expect active exploit attempts soon, if they've not already started.
Looks like the bug has been in Linux kernels for about 9 years.
Select references: https://www.cve.org/CVERecord?id=CVE-2026-31431 https://www.cyberkendra.com/2026/04/a-732-byte-python-script-can-get-root.ht...