Learn why Linux Kernel developers want to deprecate AF_ALG features, and the security concerns driving the decision.

Full story here: https://ostechnix.com/linux-kernel-7-2-deprecates-af_alg/

#AF_ALG #LinuxCryptoSubsystem #Linuxkernel #Linuxsecurity #EricBiggers #LinuxkernelHardening #Opensource

Mitigating CVE-2026-31431 (“Copy Fail”) in Docker Engine
#Docker #Engineering #AF_ALG #CopyFail #CVE202631431 #Dockerengine #Seccomp #Security #Selinux

https://www.docker.com/blog/mitigating-cve-2026-31431-copy-fail-in-docker-engine/

Something I've complained about when people deploy Linux kernel based OS's is so few people ever tune or customizes their kernels or their base distro's.

This used to be something old school sysadmins would do, as part of the basic security hygiene practice - "If you don't need it, don't include it", which applies to daemons , services and packages.

Kernel compilation is something that rarely seems to happen too..

Do you have hardware encryption capabilities you want things like wolfssl to use? Then sure use #AF_ALG . Anything else? Highly unlikely.

Are you running OpenSwan, or some other VPN or tunneling software that uses encapsulating tunnel options? No? Probably don't need ESP4/ESP6 modules.

Easy for me to call out sure, and i'm taking myself to task as well, since really at work, they don't want people deep diving and compiling kernels in many places. "Trust the vendor" where many mgmt types don't get it or care. "Apt/DNF update and carry on".

Funny because this the antithesis of their "resist patches, and updates" attitude towards software.

The number of mongodb 3.x db's out there because the dev hasn't updated the driver, or the number of npm warnings "this is vulnerable, don't use this" that are ignored are high.

#infosec #linux #copyfail #dirtyFrag #opinion

📢 CVE-2026-31431 (Copy.Fail) : workaround eBPF pour une LPE via AF_ALG socket Linux
📝 ## 🔍 Contexte

Publié le 3 mai 2026 sur GitHub (dépôt `wgnet/wg.copyfail.patch`), cet article présente un **workaround eBPF** pour la vulnérabilité **CVE-2026-31431*...
📖 cyberveille : https://cyberveille.ch/posts/2026-05-03-cve-2026-31431-copy-fail-workaround-ebpf-pour-une-lpe-via-af-alg-socket-linux/
🌐 source : https://github.com/wgnet/wg.copyfail.patch
#AF_ALG #CVE_2026_31431 #Cyberveille

Devastating privilege escalation on Linux: https://copy.fail/

Explanation: https://xint.io/blog/copy-fail-linux-distributions

Implementation in Go: https://github.com/badsectorlabs/copyfail-go

... and I learned today that there are AF_ALG socket types, to access cryptographic functions of the kernel.

#Linux #CVE-2026-31431 #crypto #AF_ALG

📢 CVE-2026-31431 ' Copy Fail ' : escalade de privilèges root en 732 octets sur toutes les distributions Linux majeures
📝 ## 🔍 Contexte

Publié le 29 avril 2026 sur le blog de Xint (xint.io), cet article est une...
📖 cyberveille : https://cyberveille.ch/posts/2026-04-30-cve-2026-31431-copy-fail-escalade-de-privileges-root-en-732-octets-sur-toutes-les-distributions-linux-majeures/
🌐 source : https://xint.io/blog/copy-fail-linux-distributions
#AF_ALG #CVE_2016_5195 #Cyberveille