问 HN:一个潜伏 9 年未被发现的仅内存 Linux 本地提权漏洞意味着什么?
1 分•作者: eth0up•4 天前
CVE-2026-31431:732 字节,无偏移,跨发行版,仅内存(无磁盘残留),自 2017 年起存在。由 AI 在大约 1 小时内发现。AF_ALG 的维护者自己表示,该接口“除了在漏洞利用中,几乎从未被使用过”。几个主要的发行版将其作为内核内置功能(=y)发布,导致标准的 modprobe.d 缓解措施悄无声息地失效。
不寻求“修补你的系统”的回复。 寻求关于这种特定情况下九年未被检测到的窗口对曾经暴露且现在在取证上不太容易审计的基础设施意味着什么的诚实的概率性(或偏执的)推理。
查看原文
CVE-2026-31431: 732 bytes, no offsets, cross-distro, memory-only (no disk artifacts), extant since 2017. Discovered by AI in ~1 hour. AF_ALG's own maintainers have stated the interface has "never been used much, other than in exploits." Several major distros shipped it as a kernel builtin (=y), making the standard modprobe.d mitigation silently do nothing.<p>Not looking for "patch your systems" responses. Looking for honest probabilistic (or paranoid) reasoning about what a nine-year undetected window on this specific scenario actually implies for infrastructure that was exposed and is now forensically not terribly auditable.