The issue was disclosed and a patch submitted 1st of April 2026 to the Linux
kernel. It's been standard practice among the white hat community to privately
Disclose and give the maintainer responsible 30 days to update their stuff, so
it tracks that this one was publicized today.
Note that Ubuntu 26.04 was released on the 23rd of April, and its NOT
vulnerable. I suspect that there is a connection here and that the 26.04
release date was
Advanced.
It also appears (incredibly enough) that the usual AI suspects are able to
generate correct update instructions via scraping articles published, on going
from 24.04 to 26.04
Note that the attacker has to have the ability to:
a) Get an executable uploaded to the target (or a script along with a private
copy of python or whatever other scripting language)
b) Run that executable.
That's trivial if they have a shell account, of course. Not so much on other
systems. This one is likely to be used in conjunction with other exploits.
Temporary Mitigation:
Disable the algif_aead kernel module persistently on all affected systems until
a patched kernel is available:
echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf
rmmod algif_aead 2>/dev/null || true
This one will be a no-op for most users who are conscientious about running
updates on any public-facing systems. But that won't stop the news sites
from going bananas over it. It's been a while since we have had a juicy 0-Day.
Ted
-----Original Message-----
From: PLUG <[email protected]> On Behalf Of Russell Senior
Sent: Wednesday, April 29, 2026 5:18 PM
To: PLUG <[email protected]>
Subject: [PLUG] exploit in the wild
In case people haven't see this, there is a local priviledge escalation:
https://copy.fail/
a short python script can give you a root shell.
--
Russell Senior
PLUG Volunteer
[email protected]
