Security Onion Blog

Friday, May 1, 2026

Security Onion and Linux Kernel Copy Fail Vulnerability CVE-2026-31431

A flaw was found in the Linux kernel that allows for local privilege escalation:

https://access.redhat.com/security/cve/cve-2026-31431


Updated kernel packages should be coming soon to resolve this issue.


UPDATE 2026/05/04 Oracle has released an updated UEK kernel (5.15.0-319.201.4.4) to address this vulnerability (https://linux.oracle.com/errata/ELSA-2026-50253.html). Assuming you're running Security Onion on Oracle 9 with the Oracle UEK kernel, you can update to this new kernel with a standard soup (https://docs.securityonion.net/en/3/main/soup/) followed by a reboot.


If you can't wait until updated kernels are released and need to apply a temporary mitigation, you can run the following command and then reboot:

sudo grubby --update-kernel=ALL --args="initcall_blacklist=algif_aead_init"


After updated kernels are released, that temporary mitigation can be reverted by running the following command and then rebooting:

sudo grubby --update-kernel=ALL --remove-args="initcall_blacklist=algif_aead_init"

 

at
Labels: , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Search This Blog

Featured Post

Security Onion 3.1.0 Now Available with Elastic 9.3.3, Suricata 8.0.5, Zeek 8.0.8, and much more!

Security Onion 3.1.0 is now available and includes new features, updated components, and many quality of life improvements! For a full scree...

Popular Posts

Blog Archive