Follow @Openwall on Twitter for new release announcements and other news
[<prev] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <WxmRz2euk4ueOgjy@aceecat.org>
Date: Sat, 2 May 2026 21:43:21 -0700
From: nightmare.yeah27@...ecat.org
To: oss-security@...ts.openwall.com
Subject: Re: CVE-2026-31431: CopyFail: linux local privilege scalation

On Sun, May 03, 2026 at 07:43:56AM +1000, Brian May wrote:

> But I heard some enterprise kernels came with the code compiled into the
> kernel, and these required a kernel command line option and a reboot to
> fix.

VPSs provided by Linode/Akamai have the "option" (see below) to boot
their kernel, so that no kernel package needs even to be installed in
the image.  That kernel is monolithic, and as far as I can see there
isn't a way to pass kernel options, either. As of today, the kernel
build options relevant to this bug seem to be still enabled, and
Akamai has this to say about it:

https://status.linode.com/incidents/msqh44ktjp9g

In the past, I have tried using distro or self compiled kernels
instead which is possible in theory, but I have found in that case
there was a non-negligible chance of the system not coming back from
reboot.

-- 
Ian

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.