Xint disclosed a long-standing Linux kernel vulnerability in AEAD sockets allowing arbitrary 4-byte writes to the page cache via the splice() primitive. The bug, present since 2017, can corrupt setuid binaries and was fixed in mainline kernels. The vulnerability exploits the fact that AF_ALG socket scatterlists hold direct references to uncached kernel pages rather than duplicates.
Safety
A security bug in AEAD sockets
A 9-year-old Linux kernel vulnerability in AEAD sockets allows attackers to write arbitrary 4-byte data to the page cache via splice(), enabling corruption of setuid binaries.
Thursday, April 30, 2026 12:00 PM UTC2 MIN READSOURCE: LWN.netBY sys://pipeline
Tags
safety
/// RELATED
Safety4d ago
Severe Linux Copy Fail security flaw uncovered using AI scanning help
AI-powered security scanning uncovered Copy Fail, a critical privilege escalation flaw affecting all Linux distributions since 2017 through kernel page-cache corruption in the crypto subsystem.
Safety5d ago
Copy Fail: 732 Bytes to Root on Every Major Linux Distributions
CVE-2026-31431 (Copy Fail) enables unprivileged users to achieve root access across all major Linux distributions via a 732-byte exploit script targeting kernel page cache corruption present since 2017.