732 Bytes That Root Every Linux Box Since 2017
Tiago has a great write-up of a Linux kernel exploit, CVE-2026-31431, that I think is one of the most beautiful pieces of security work I’ve read in a long time. It’s a 732-byte Python script that gives an unprivileged local user root access on basically every Linux distribution shipped since 2017. What makes it special isn’t the size, it’s how it works. There’s no buffer overflow, no use-after-free, no memory corruption tricks. The bug is a logic flaw in the kernel’s AF_ALG crypto socket code. The reason this is so elegant is that all the standard kernel defences just don’t apply. Most of them are designed to stop memory corruption attacks. This isn’t one. It’s the kernel doing exactly what it was told to do, with side effects nobody noticed for almost a decade. ...