CVE-2026-31431. 100% Reliable Linux LPE — no race, no per-distro offsets, page-cache write that bypasses on-disk file-integrity tools and crosses containers. Found by Xint Code.
Exactly. It’s Yet Another Privilege Escalation Vulnerability. Unless you’re dealing with a multiuser machine, the attacker first needs to use some other vuln to get into an unprivileged account. Without that additional vulnerability, this exploit is useless.
I manage multi user systems and try to be on top of this and no, privilege escalation with a working public exploit are very rare. There’s quite a lot of CVEs with potential privilege excalation, but most of the time there is no real world exploit. And a large part of those are related to user namespaces in one way or another.
This one is truly scary, at least the immediate mitigation is pretty straightforward.
Well, it often feels like every “Linux security issue” flagged in the tech press is a privilege escalation, but I admit that I haven’t sat down and done the math.
Exactly. It’s Yet Another Privilege Escalation Vulnerability. Unless you’re dealing with a multiuser machine, the attacker first needs to use some other vuln to get into an unprivileged account. Without that additional vulnerability, this exploit is useless.
You mean like inveigling it into a pypi or npm or whatever package? Checks out.
That’s privilege escalation for you. 7.8 is pretty high.
Yet another? Are there really so many LPEVs in linux?
I manage multi user systems and try to be on top of this and no, privilege escalation with a working public exploit are very rare. There’s quite a lot of CVEs with potential privilege excalation, but most of the time there is no real world exploit. And a large part of those are related to user namespaces in one way or another.
This one is truly scary, at least the immediate mitigation is pretty straightforward.
Well, it often feels like every “Linux security issue” flagged in the tech press is a privilege escalation, but I admit that I haven’t sat down and done the math.