On 2026-07-14 01:19:18 +0200, Bernd Zeimetz wrote:
> Hi oss-sec,
> 
> few hours ago we had a webhost running Debian kernel 6.12.90+deb13.1-amd64
> being compromised using a root exploit.
> Unfortunately not with many useful traces left, the only obvious
> happening was loading the af_alg module (not used by other modules).
> 
> I know that af_alg is marked as deprecated for 7.2, but is there any
> known exploit or issue that affects kernels of current distribution?
> 
> We've blacklisted the module everywhere now.

https://copy.fail/ suggests to blacklist algif_aead.
Or is this another vulnerability?

-- 
Vincent Lefèvre <[email protected]> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / Pascaline project (LIP, ENS-Lyon)

Reply via email to