CVE-2026-31431. 100% Reliable Linux LPE — no race, no per-distro offsets, page-cache write that bypasses on-disk file-integrity tools and crosses containers. Found by Xint Code.
It’s a bit strange that this code requires a binary blob to verify, I think people who want to experiment with this should take some caution as it could be an exploit-in-an-exploit (user is highlighting a real exploit, but also trying to take advantage of people testing by effectively installing a back-door.) I won’t say that’s happening for sure, but take running this yourself with extreme caution.
I had always heard “binary blob” said when it came to opaque code, but I see that blob is what is used to describe unexplained binary data as a whole in database lingo, so I’m willing to say your usage of it is probably more correct than mine here, assuming the binary data isn’t an actual program (afaik there’s no elf-file like characteristics but who knows.). 😇
It’s a bit strange that this code requires a binary blob to verify, I think people who want to experiment with this should take some caution as it could be an exploit-in-an-exploit (user is highlighting a real exploit, but also trying to take advantage of people testing by effectively installing a back-door.) I won’t say that’s happening for sure, but take running this yourself with extreme caution.
You can find a cleaned up version here
BLOB already includes “binary”. That’s what the first B is for.
Sorry, couldn’t stop myself.
I had always heard “binary blob” said when it came to opaque code, but I see that blob is what is used to describe unexplained binary data as a whole in database lingo, so I’m willing to say your usage of it is probably more correct than mine here, assuming the binary data isn’t an actual program (afaik there’s no elf-file like characteristics but who knows.). 😇
No one means BLOB when they say blob, it’s a backronym mostly for fun
Apparently that’s only for blob storage (now "object storage), not https://en.wikipedia.org/wiki/Binary_blob
The compressed binary blob is just a 160 B ELF when uncompressed. I don’t think you can do much with that.
I bet you could gain root on many old kernels
You could probably write all zeros to a file. Say, /dev/sda?
???
profit