It does not behave as described on EndeavorOS (arch-based) running kernel 6.19.14-arch1-1. I receive the error:
Password: su: Authentication token manipulation error
I'm guessing this means it's already patched?
It does not behave as described on EndeavorOS (arch-based) running kernel 6.19.14-arch1-1. I receive the error:
Password: su: Authentication token manipulation error
I'm guessing this means it's already patched?
yes, it was reported on march 23rd, patches on april 1.
you are reading about it now because it has been patched.
No it hasn't.
Ubuntu before 26.04 LTS (released a week ago) are currently listed as vulnerable.
Debian other than forky and sid are currently listed as vulnerable.
This is a disgrace.
Disclosure timeline
kernel 6.19.14-arch1-1, the kernel in question from the parent comment, has been patched.The lesson here being... compile your own kernel from git sources every few days?
Give up entirely on non-virtualized container security?
This is not sarcasm. I'd finally given in and started learning about docker/podman-style OCI containerization last week.
I mean, most Kernel version literally got the patch 2026.04.30, so just today.
in this specific case, they offer an alternative mitigation if your chosen distro has not updated yet:
For immediate mitigation, block AF_ALG socket creation via seccomp or blacklist the algif_aead module:
Thanks!
I'd do 'umask 133' in front of the echo out of paranoia.
Out of curiosity, was the asterisk after '2>/dev/null' intentional? I had not seen that idiom before.
the asterisk is my oops, trying to format the comment in italics to differentiate my comment from the text provided by the author. sorry for the confusion
And I would do chattr +i disable-algif.conf
are you sure containerization would be more secure? this is also a rootless podman escape. the lesson here is to not give random people shell access to your systems.
same result on my arch machine as well.