Updated
Updated · The Hacker News · Apr 30
Researchers disclose Linux root flaw via page cache corruption
Updated
Updated · The Hacker News · Apr 30

Researchers disclose Linux root flaw via page cache corruption

11 articles · Updated · The Hacker News · Apr 30
  • Tracked as CVE-2026-31431 with a CVSS score of 7.8, the bug affects distributions shipped since 2017, including Amazon Linux, RHEL, SUSE and Ubuntu.
  • Xint.io and Theori said an unprivileged local user can use a 732-byte Python exploit against the kernel's algif_aead module to modify a setuid binary such as /usr/bin/su and gain root.
  • The flaw is not remotely exploitable alone, but shared page cache creates cross-container risk. Researchers likened its primitive to Dirty Pipe, and Linux distributions have issued advisories.
A nine-year-old Linux bug gives instant root access. How many systems have already been quietly compromised?
Does this container-escaping flaw signal the end for shared-kernel security models in the cloud?
With AI now finding kernel flaws in hours, is the age of human-led security auditing for operating systems obsolete?

Related Stories

The Hacker NewsApr 30
penligent.aiApr 30
habr.comApr 30
RedditApr 30
CybersecurityNewsApr 30
linkedinApr 30
github.comApr 30
news.hada.ioApr 30
xint.ioApr 30
deepwatch.comApr 30
XApr 30