India, May 1 -- The source of the vulnerability is that a four-byte write to the wrong site can create a way for an ordinary user to obtain full root access. This bug was originally discovered as CVE-2026-31431.

It works through the authentication path in the cryptographic subsystem of the Linux kernel via the algif_aead module. Researchers have shown that an unprivileged local user can write user-defined values to the page cache, which may allow Linux to execute a program stored in the page cache rather than the plaintext version stored on disk. In other words, a user can create two different versions of a file but will only have read access to one of them. This makes it difficult for an administrator to monitor file-system activity usi...