CVE-2026-31431. 100% Reliable Linux LPE — no race, no per-distro offsets, page-cache write that bypasses on-disk file-integrity tools and crosses containers. Found by Xint Code.
That may be true for personal computers, but the impact of this vulnerability is mainly on servers. And those typically run distros like Debian, Ubuntu, RHEL that didn’t have a patch at that time.
It looks like the fixes were merged in 6.18, 6.19, and 7.0. But all older (but supported) LTS kernels didn’t have the fix, like 6.12, which is used in Debian 13. And it also seems that Ubuntu, RHEL, and SUSE had not picked up the patches in their kernel versions.
It seems that most LTS distros didn’t get a heads up and there are no patches available. Uh oh.
Automated test suites became so good, many regular people can just use rolling release distros these days.
That may be true for personal computers, but the impact of this vulnerability is mainly on servers. And those typically run distros like Debian, Ubuntu, RHEL that didn’t have a patch at that time.
The impact is any Linux install without root access for its users.
Sure, but it’s much easier to get some form of RCE on public hosts in order to make practical use of the LPE.
What I read said the patch was merged into main on April 1st, so they should have.
It looks like the fixes were merged in 6.18, 6.19, and 7.0. But all older (but supported) LTS kernels didn’t have the fix, like 6.12, which is used in Debian 13. And it also seems that Ubuntu, RHEL, and SUSE had not picked up the patches in their kernel versions.
The kernel 6.12.73-1 used by Debian Trixie is still vulnerable. Applying security updates should update the kernel to 6.12.85-1 and fix the issue.
https://security-tracker.debian.org/tracker/CVE-2026-31431
Edit: Kernel 6.1.170-1 just got released and fixes the vulnerability.
This thread gives a good rundown of what happened: https://infosec.exchange/@wdormann/116489443704631952