请问HN:一个9年未被发现的仅限内存的Linux本地权限提升(LPE)意味着什么?
CVE-2026-31431:732字节,无偏移,跨发行版,仅在内存中存在(无磁盘遗留),自2017年以来一直存在。该漏洞在约1小时内被人工智能发现。AF_ALG的维护者表示,该接口“除了在攻击中,几乎没有被广泛使用”。多个主要发行版将其作为内核内置(=y)发布,这使得标准的modprobe.d缓解措施无声无息地失效。
我们并不寻求“修补你的系统”的回应,而是希望得到关于这个特定场景下九年未被发现的漏洞对暴露的基础设施所暗示的诚实的概率性(或偏执的)推理,而这些基础设施现在在法医审计上并不太容易。
查看原文
CVE-2026-31431: 732 bytes, no offsets, cross-distro, memory-only (no disk artifacts), extant since 2017. Discovered by AI in ~1 hour. AF_ALG's own maintainers have stated the interface has "never been used much, other than in exploits." Several major distros shipped it as a kernel builtin (=y), making the standard modprobe.d mitigation silently do nothing.<p>Not looking for "patch your systems" responses. Looking for honest probabilistic (or paranoid) reasoning about what a nine-year undetected window on this specific scenario actually implies for infrastructure that was exposed and is now forensically not terribly auditable.