alt Hacker NewsI don't know what exactly can load this module but the servers are running for many weeks and I suppose that if something will load this module, it stays loaded until the next reboot.. no ?
I tried to rmmod on all servers and rmmod always returns `ERROR: Module algif_aead is not currently loaded`, that's why I think it's fine. Of course I take a look on https://security-tracker.debian.org/tracker/CVE-2026-31431 for the updates.
Replies
Denvercoder9 • yesterday at 10:15 PM
> I don't know what exactly can load this module
Well, for one thing, opening an AF_ALG socket, as the exploit does.
bombcar • today at 2:34 AM
rmmod just tells you it's not loaded; you'd have to delete the module to prevent it auto-loading.
the kernel will autoload modules when they are needed. The fact that the module hasn't been loaded is an indication that the bug may not have been exploited, but it does not mean that you are not vulnerable to it. You need to block the module from loading or remove it entirely to mitigate the issue (which is what the first line of the recommended mitigation states).