334
submitted 2 months ago by Flax_vert@feddit.uk to c/selfhosted@lemmy.world
you are viewing a single comment's thread
view the rest of the comments
[-] ozymandias117@lemmy.world 6 points 2 months ago* (last edited 2 months ago)

I'm working off the knowledge that OP is using a rolling release, so is likely fixed by that for them. (Arch based, Cachy, and OpenSUSE Tumbleweed all have it as a module, and are the most commonly suggested. Fedora fixed it 2 weeks ago since they follow mainline, so I'd expect Bazzite to have it too. If they're using Debian Sid/Testing, it's both fixed and a module)

If you're using something else, this eBPF filter is probably your best bet https://github.com/Dabbleam/CVE-2026-31431-mitigation

[-] StripedMonkey@lemmy.zip 5 points 2 months ago

My personal suggestion would be to add initcall_blacklist=algif_aead_init to your kernel arguments. Ebpf is cool, but not a very trivial solution.

I understand the suggestion might apply to a random, unspecified distro but I disapprove of both the exploit authors and the general Internet suggesting fixes that don't apply to every distro (including copy.fail's AI slop RHEL distro that doesn't exist) without caveating it.

The kernel module blacklist won't work for every situation, if you're not being specific in telling people where it applies, it's best to suggest a solution that actually works regardless of distro or explain how to validate when it applies but nobody is doing that.

[-] ozymandias117@lemmy.world 3 points 2 months ago

Giving a better solution is certainly useful.

I'd used initcall_debug before, but not initcall_blacklist

this post was submitted on 30 Apr 2026
334 points (98.3% liked)

Selfhosted

60526 readers
1369 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

  1. Be civil.

  2. No spam.

  3. Posts are to be related to self-hosting.

  4. Don't duplicate the full text of your blog or readme if you're providing a link.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details.

  8. AI-related discussions and AI-involved promotional posts have additional requirements for tagging, as noted in Rule 7 and the AI & Promotional Post Expanded Rules post.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS