CVE-2026-31431. 100% Reliable Linux LPE — no race, no per-distro offsets, page-cache write that bypasses on-disk file-integrity tools and crosses containers. Found by Xint Code.
While the POC requires su, the underlying flaw potentially works on any setuid binary on systems with AF_ALG enabled (provided there isn’t something else preventing it).
In android this would very likely be the “mount” command, as if it has a microsd card reader or the ability to use a USB data transfer I expect it’s using mount in order to do so.
While the POC requires
su, the underlying flaw potentially works on any setuid binary on systems withAF_ALGenabled (provided there isn’t something else preventing it).In android this would very likely be the “mount” command, as if it has a microsd card reader or the ability to use a USB data transfer I expect it’s using mount in order to do so.