CVE-2026-31431

Open Source Security Advisory - Published May 5, 2026

Upgrading the Linux Kernel across Multiple Distributions

This CVE advisory guide is hosted and made freely available by pro.mentalnet.xyz

Upgrading the Linux Kernel to Fix CVE-2026-31431

This guide explains how to upgrade your system kernel to patched versions that resolve CVE-2026-31431 across multiple Linux distributions.

Distribution / Family Patched Kernel
Debian 12 (Bookworm) 6.1.170-1
Debian 13 (Trixie) 6.12.85
Alpine Linux 3.23 6.18.22 as of time of writing
Arch Linux 7.0.3 or newer as of time of writing
Gentoo 6.18.26 (gentoo-kernel-bin) as of time of writing
Slackware / Other Linux 7.0.3 or newer as of time of writing

About CVE-2026-31431

Identifier: CVE-2026-31431

Component: crypto: algif_aead

Summary

A regression introduced complexity in algif_aead by enabling in-place operation despite the source and destination buffers coming from separate mappings.

The fix:

  • removes in-place processing logic
  • restores out-of-place operation
  • preserves associated-data copying
  • simplifies the execution path

DebianDebian 12 and Debian 13

These updates are distributed through each release’s security repository.

Debian Version Fixed Kernel Package Version Running Kernel Name (uname -r)
Debian 12 (Bookworm) 6.1.170-1 6.1.0-45-amd64
Debian 13 (Trixie) 6.12.85 6.12.85+deb13-amd64

Step 1 — Verify the Security Repository Is Enabled

Check:

grep security.debian.org /etc/apt/sources.list

Expected entries:

Debian 12

deb http://security.debian.org/debian-security bookworm-security main

Debian 13

deb http://security.debian.org/debian-security trixie-security main

If missing, add the appropriate line and run:

sudo apt update

Step 2 — Install the Patched Kernel

sudo apt install linux-image-amd64

Confirm availability:

apt-cache policy linux-image-amd64

Expected versions:

Debian 12

6.1.170-1

Debian 13

6.12.85

Step 3 — Reboot Into the Updated Kernel

sudo reboot

Step 4 — Verify the Running Kernel Version

After reboot:

uname -r

Expected results:

Debian 12

6.1.0-45-amd64

(package version 6.1.170-1)

Debian 13

6.12.85+deb13-amd64

(package version 6.12.85)

Debian kernel ABI naming differs from upstream version numbers; the package version confirms the applied security fix level.

Step 5 — Confirm the Patch Is Installed

Verify installed kernel packages:

dpkg -l | grep linux-image

Example outputs:

Debian 12

linux-image-6.1.0-45-amd64 6.1.170-1

Debian 13

linux-image-6.12.85+deb13-amd64 6.12.85

This confirms the system is running a kernel version containing the fix for CVE-2026-31431.

AlpineAlpine Linux

Alpine Linux 3.23 includes Linux 6.18.22 as of May 5, 2026.

Step 1 — Update Package Indexes

apk update

Step 2 — Upgrade Installed Packages

apk upgrade

Step 3 — Reboot

reboot

Step 4 — Verify Kernel Version

uname -r

Confirm the system is running Alpine’s patched kernel: 6.18.22

ArchArch Linux

Arch Linux is rolling release, so the patched kernel is delivered through normal package updates.

As of May 5, 2026, Arch users should be on Linux 7.0.3 or newer for this fix.

Step 1 — Refresh the Keyring

If the system has not been updated recently, refresh the Arch keyring:

sudo pacman -Sy archlinux-keyring

Step 2 — Perform a Full System Upgrade

sudo pacman -Syu

This updates installed kernel packages such as:

  • linux
  • linux-lts
  • linux-hardened
  • linux-zen

Step 3 — Reboot

sudo reboot

Step 4 — Verify the Running Kernel

uname -r

Confirm the system is running 7.0.3 or newer as of May 5, 2026.

GentooGentoo

Gentoo provides both source-based and prebuilt kernel options. For simplicity, this guide uses gentoo-kernel-bin, which provides a prebuilt kernel maintained by Gentoo.

As of May 5, 2026, Gentoo users should be on 6.18.26 or newer.

Step 1 — Sync Repositories

emerge --sync

Step 2 — Install Updated Kernel

emerge sys-kernel/gentoo-kernel-bin

This installs a prebuilt kernel and initramfs in /boot.

Step 3 — Configure Bootloader (systemd-boot example)

Create a new entry in:

/efi/loader/entries/

Example:

title Gentoo Linux (updated kernel) linux /vmlinuz-6.18.26-gentoo initrd /initramfs-6.18.26-gentoo.img options root=/dev/sdXn rw

Adjust:

  • kernel filename
  • initramfs filename
  • root device

Step 4 — Reboot

reboot

Step 5 — Verify

uname -r

Confirm the system is running 6.18.26 or newer.

SlackwareSlackware / Other Linux Distributions

For Slackware or other distributions where kernels are manually managed, use Linux 7.0.3 or newer as of May 5, 2026, or a patched kernel provided by your distribution.

Option A — Install Updated Slackware Kernel Packages

If official kernel packages are available:

upgradepkg kernel-generic-*.txz kernel-modules-*.txz

Rebuild initrd if required:

mkinitrd -c -k <kernel-version> -f ext4 -r /dev/sdXn -u

Update bootloader configuration and reboot.

Option B — Manual Kernel Compilation

Step 1 — Download the Kernel

cd /usr/src wget https://cdn.kernel.org/pub/linux/kernel/v7.x/linux-7.0.3.tar.xz tar -xf linux-7.0.3.tar.xz cd linux-7.0.3

Step 2 — Reuse Existing Configuration

cp /boot/config-$(uname -r) .config make olddefconfig

Step 3 — Compile and Install Modules

make -j$(nproc) make modules_install

Step 4 — Install Kernel Files

KVER=$(make -s kernelrelease) cp arch/x86/boot/bzImage /boot/vmlinuz-$KVER cp System.map /boot/System.map-$KVER cp .config /boot/config-$KVER

Step 5 — Build Initrd (if needed)

mkinitrd -c -k $KVER -f ext4 -r /dev/sdXn \ -m virtio:virtio_ring:virtio_pci:virtio_scsi:scsi_mod:sd_mod:ext4 \ -u -o /boot/initrd-$KVER.gz

Step 6 — Update Bootloader (ELILO Example)

cp /boot/vmlinuz-$KVER /boot/efi/EFI/Slackware/ cp /boot/initrd-$KVER.gz /boot/efi/EFI/Slackware/

Example entry:

image=vmlinuz-<kernel-version> label=linux-new initrd=initrd-<kernel-version>.gz read-only append="root=/dev/sdXn ro"

Step 7 — Reboot and Verify

reboot

Verify:

uname -r ls /lib/modules

Kernel version and module directory must match.

Optional — Exploit Verification

Proof-of-concept exploit, in the form of a Python 3 script available at this URL:

https://copy.fail/#exploit
This vulnerability in the kernel was found using AI scanning tools by the cybersecurity organization Xint Code.

Safety Notice

Run only on systems you control. This exploit attempts local privilege escalation.

Vulnerable System

  • authentication protections may be bypassed
  • privilege escalation succeeds
  • su password prompts are skipped

Patched System

  • exploit fails
  • su still requires a password
  • privilege escalation does not occur

Footnote — Userspace Differences

Exploit reliability depends on userspace assumptions.

Slackware

/bin/su

instead of:

/usr/bin/su

Alpine Linux

Component Alpine Replacement
glibc musl
util-linux su BusyBox su
PAM often absent
loader paths different

Important Clarification

These differences:

  • do not eliminate the kernel vulnerability
  • do not replace patching
  • do not guarantee security

They only affect the portability of proof-of-concept exploit scripts.

Always apply the patched kernel version for your distribution.