Security Onion Blog

Friday, May 1, 2026

Security Onion and Linux Kernel Copy Fail Vulnerability CVE-2026-31431

A flaw was found in the Linux kernel that allows for local privilege escalation:

https://access.redhat.com/security/cve/cve-2026-31431


Updated kernel packages should be coming soon to resolve this issue.


UPDATE 2026/05/04 Oracle has released an updated UEK kernel (5.15.0-319.201.4.4) to address this vulnerability (https://linux.oracle.com/errata/ELSA-2026-50253.html). Assuming you're running Security Onion on Oracle 9 with the Oracle UEK kernel, you can update to this new kernel with a standard soup (https://docs.securityonion.net/en/3/main/soup/) followed by a reboot.


If you can't wait until updated kernels are released and need to apply a temporary mitigation, you can run the following command and then reboot:

sudo grubby --update-kernel=ALL --args="initcall_blacklist=algif_aead_init"


After updated kernels are released, that temporary mitigation can be reverted by running the following command and then rebooting:

sudo grubby --update-kernel=ALL --remove-args="initcall_blacklist=algif_aead_init"

 

at
Labels: , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Search This Blog

Featured Post

Security Onion and Linux Kernel Dirty Frag Vulnerability CVE-2026-43284

There is a new local privilege escalation called Dirty Frag (CVE-2026-43284): https://access.redhat.com/security/cve/cve-2026-43284 Updated ...

Popular Posts

Blog Archive