{"uuid": "dff065d6-ed12-47f6-b7a2-b25170a6ac4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/Kuri0421/408ce4a31edcb7d83c9bac0f7f81dae4", "content": "#!/usr/bin/env bash\n# =============================================================================\n# CVE-2026-31431 (\"Copy Fail\") \u5bfe\u7b56\u72b6\u6cc1\u30c1\u30a7\u30c3\u30af\u30b9\u30af\u30ea\u30d7\u30c8\n#\n# \u8106\u5f31\u6027\u6982\u8981:\n# Linux \u30ab\u30fc\u30cd\u30eb\u306e algif_aead \u30e2\u30b8\u30e5\u30fc\u30eb\u306e\u30ed\u30b8\u30c3\u30af\u6b20\u9665\u306b\u3088\u308a\u3001\n# \u975e\u7279\u6a29\u30e6\u30fc\u30b6\u30fc\u304c AF_ALG \u30bd\u30b1\u30c3\u30c8 + splice() \u3092\u7d44\u307f\u5408\u308f\u305b\u3066\n# \u30da\u30fc\u30b8\u30ad\u30e3\u30c3\u30b7\u30e5\u4e0a\u306e\u4efb\u610f\u30d5\u30a1\u30a4\u30eb\u306b 4 \u30d0\u30a4\u30c8\u3092\u66f8\u304d\u8fbc\u307f root \u3092\u53d6\u5f97\u53ef\u80fd\u3002\n#\n# \u5f71\u97ff\u7bc4\u56f2:\n# \u30ab\u30fc\u30cd\u30eb 4.14 \u301c 6.18.21 (6.18.22 \u672a\u6e80)\n# \u30ab\u30fc\u30cd\u30eb 6.19.x (6.19.12 \u672a\u6e80)\n#\n# \u4fee\u6b63\u30b3\u30df\u30c3\u30c8: fafe0fa2995a (2026\u5e744\u6708)\n# CVSS \u30b9\u30b3\u30a2: 7.8 (HIGH)\n# =============================================================================\n\nset -euo pipefail\n\n# \u2500\u2500 \u30ab\u30e9\u30fc\u5b9a\u7fa9 \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\nRED='\\033[0;31m'; YELLOW='\\033[0;33m'; GREEN='\\033[0;32m'\nCYAN='\\033[0;36m'; BOLD='\\033[1m'; RESET='\\033[0m'\n\ninfo() { echo -e \"${CYAN}[INFO]${RESET} $*\"; }\nok() { echo -e \"${GREEN}[OK]${RESET} $*\"; }\nwarn() { echo -e \"${YELLOW}[WARN]${RESET} $*\"; }\nfail() { echo -e \"${RED}[VULN]${RESET} $*\"; }\nsection() { echo -e \"\\n${BOLD}$*${RESET}\"; echo \"$(printf '\u2500%.0s' {1..60})\"; }\n\n# \u2500\u2500 \u30d0\u30fc\u30b8\u30e7\u30f3\u6bd4\u8f03\u30d8\u30eb\u30d1\u30fc \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n# usage: ver_ge A B \u2192 true if A >= B (\u5404\u8981\u7d20\u306f\u6570\u5024)\nver_ge() {\n local -a a b\n IFS='.' read -ra a <<< \"$1\"\n IFS='.' read -ra b <<< \"$2\"\n local i\n for i in \"${!b[@]}\"; do\n local av=${a[$i]:-0} bv=${b[$i]:-0}\n (( av > bv )) && return 0\n (( av < bv )) && return 1\n done\n return 0 # equal \u2192 true\n}\n\n# \u2500\u2500 \u7d50\u679c\u30d5\u30e9\u30b0 \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\nVULN_VERSION=0\nAFALG_REACHABLE=0\nAEAD_REACHABLE=0\nOVERALL=0 # 0=safe, 1=vulnerable, 2=needs-attention\n\n# \u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\nsection \"1. \u57fa\u672c\u60c5\u5831\"\n# \u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\n\nKERNEL_FULL=$(uname -r)\nKERNEL_VER=$(echo \"$KERNEL_FULL\" | grep -oE '^[0-9]+\\.[0-9]+\\.[0-9]+')\nKERNEL_MAJOR=$(echo \"$KERNEL_VER\" | cut -d. -f1)\nKERNEL_MINOR=$(echo \"$KERNEL_VER\" | cut -d. -f2)\nKERNEL_PATCH=$(echo \"$KERNEL_VER\" | cut -d. -f3)\nARCH=$(uname -m)\n\ninfo \"\u30ab\u30fc\u30cd\u30eb\u30d0\u30fc\u30b8\u30e7\u30f3 : ${KERNEL_FULL}\"\ninfo \"\u30a2\u30fc\u30ad\u30c6\u30af\u30c1\u30e3 : ${ARCH}\"\n\n# OS\u60c5\u5831\nif [[ -f /etc/os-release ]]; then\n . /etc/os-release\n info \"OS : ${PRETTY_NAME:-Unknown}\"\nfi\n\n# \u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\nsection \"2. \u30ab\u30fc\u30cd\u30eb\u30d0\u30fc\u30b8\u30e7\u30f3\u30c1\u30a7\u30c3\u30af\"\n# \u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\n\n# Linux \u4ee5\u5916\u306f\u30b9\u30ad\u30c3\u30d7\nif [[ \"$(uname -s)\" != \"Linux\" ]]; then\n ok \"Linux \u3067\u306f\u3042\u308a\u307e\u305b\u3093 \u2014 CVE-2026-31431 \u306e\u5bfe\u8c61\u5916\u3067\u3059\u3002\"\n exit 0\nfi\n\n# \u30ab\u30fc\u30cd\u30eb\u304c 4.14 \u3088\u308a\u53e4\u3044\u5834\u5408\u306f\u30d0\u30b0\u81ea\u4f53\u304c\u672a\u5c0e\u5165\nif ! ver_ge \"$KERNEL_VER\" \"4.14.0\"; then\n ok \"\u30ab\u30fc\u30cd\u30eb ${KERNEL_VER} \u306f 4.14 \u672a\u6e80 \u2192 \u8106\u5f31\u306a\u30b3\u30fc\u30c9\u304c\u5b58\u5728\u3057\u307e\u305b\u3093 (\u5bfe\u8c61\u5916)\"\n OVERALL=0\n# 6.20 \u4ee5\u964d\u306f\u4fee\u6b63\u6e08\u307f\nelif ver_ge \"$KERNEL_VER\" \"6.20.0\"; then\n ok \"\u30ab\u30fc\u30cd\u30eb ${KERNEL_VER} \u306f 6.20 \u4ee5\u964d \u2192 \u4fee\u6b63\u6e08\u307f\u30d0\u30fc\u30b8\u30e7\u30f3\u3067\u3059\"\n OVERALL=0\n# 6.19.x \u306e\u78ba\u8a8d\nelif [[ \"$KERNEL_MAJOR\" -eq 6 && \"$KERNEL_MINOR\" -eq 19 ]]; then\n if ver_ge \"$KERNEL_VER\" \"6.19.12\"; then\n ok \"\u30ab\u30fc\u30cd\u30eb ${KERNEL_VER} \u306f 6.19.12 \u4ee5\u964d \u2192 \u4fee\u6b63\u6e08\u307f\u3067\u3059\"\n OVERALL=0\n else\n fail \"\u30ab\u30fc\u30cd\u30eb ${KERNEL_VER} \u306f 6.19.12 \u672a\u6e80 \u2192 \u8106\u5f31\u306a\u30d0\u30fc\u30b8\u30e7\u30f3\u3067\u3059\uff01\"\n VULN_VERSION=1; OVERALL=1\n fi\n# 6.18.x \u306e\u78ba\u8a8d\nelif [[ \"$KERNEL_MAJOR\" -eq 6 && \"$KERNEL_MINOR\" -eq 18 ]]; then\n if ver_ge \"$KERNEL_VER\" \"6.18.22\"; then\n ok \"\u30ab\u30fc\u30cd\u30eb ${KERNEL_VER} \u306f 6.18.22 \u4ee5\u964d \u2192 \u4fee\u6b63\u6e08\u307f\u3067\u3059\"\n OVERALL=0\n else\n fail \"\u30ab\u30fc\u30cd\u30eb ${KERNEL_VER} \u306f 6.18.22 \u672a\u6e80 \u2192 \u8106\u5f31\u306a\u30d0\u30fc\u30b8\u30e7\u30f3\u3067\u3059\uff01\"\n VULN_VERSION=1; OVERALL=1\n fi\n# 4.14 \u301c 6.17.x \u306f\u3059\u3079\u3066\u8106\u5f31 (\u4fee\u6b63\u306f 6.18.22 / 6.19.12 \u7cfb\u306e\u307f)\nelse\n fail \"\u30ab\u30fc\u30cd\u30eb ${KERNEL_VER} \u306f\u8106\u5f31\u306a\u7bc4\u56f2 (4.14\u301c6.18.21) \u306b\u8a72\u5f53\u3057\u307e\u3059\uff01\"\n VULN_VERSION=1; OVERALL=1\nfi\n\n# \u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\nsection \"3. algif_aead \u30e2\u30b8\u30e5\u30fc\u30eb\u72b6\u614b\"\n# \u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\n\n# \u30ed\u30fc\u30c9\u6e08\u307f\u304b\u3069\u3046\u304b\nif lsmod 2>/dev/null | grep -q '^algif_aead'; then\n warn \"algif_aead \u30e2\u30b8\u30e5\u30fc\u30eb\u304c\u73fe\u5728\u30ed\u30fc\u30c9\u3055\u308c\u3066\u3044\u307e\u3059\"\n AFALG_REACHABLE=1\n [[ \"$OVERALL\" -eq 0 ]] && OVERALL=2\nelse\n ok \"algif_aead \u30e2\u30b8\u30e5\u30fc\u30eb\u306f\u73fe\u5728\u30ed\u30fc\u30c9\u3055\u308c\u3066\u3044\u307e\u305b\u3093\"\nfi\n\n# \u30e2\u30b8\u30e5\u30fc\u30eb\u30d5\u30a1\u30a4\u30eb\u304c\u5b58\u5728\u3059\u308b\u304b (\u30ed\u30fc\u30c9\u53ef\u80fd\u304b)\nMODULE_PATH=$(find /lib/modules/\"$(uname -r)\" -name 'algif_aead.ko*' 2>/dev/null | head -1)\nif [[ -n \"$MODULE_PATH\" ]]; then\n info \"\u30e2\u30b8\u30e5\u30fc\u30eb\u30d5\u30a1\u30a4\u30eb\u304c\u5b58\u5728: ${MODULE_PATH}\"\nelse\n ok \"algif_aead \u30e2\u30b8\u30e5\u30fc\u30eb\u30d5\u30a1\u30a4\u30eb\u304c\u898b\u3064\u304b\u308a\u307e\u305b\u3093 (\u30ab\u30fc\u30cd\u30eb\u306b\u7d44\u307f\u8fbc\u307f or \u524a\u9664\u6e08\u307f)\"\nfi\n\n# \u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\nsection \"4. AF_ALG \u30bd\u30b1\u30c3\u30c8 / AEAD \u30a2\u30eb\u30b4\u30ea\u30ba\u30e0 \u5230\u9054\u6027\u30c6\u30b9\u30c8\"\n# \u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\n# PoC \u304c\u5fc5\u8981\u3068\u3059\u308b\u524d\u63d0\u6761\u4ef6\u3092\u300c\u66f8\u304d\u8fbc\u307f\u306a\u3057\u300d\u3067\u78ba\u8a8d\u3059\u308b\u5b89\u5168\u306a\u30c6\u30b9\u30c8\n# (\u5b9f\u969b\u306e\u30b9\u30d7\u30e9\u30a4\u30b9/\u66f8\u304d\u8fbc\u307f\u306f\u884c\u308f\u306a\u3044)\n\nif ! command -v python3 &>/dev/null; then\n warn \"python3 \u304c\u898b\u3064\u304b\u308a\u307e\u305b\u3093 \u2014 AF_ALG \u5230\u9054\u6027\u30c6\u30b9\u30c8\u3092\u30b9\u30ad\u30c3\u30d7\u3057\u307e\u3059\"\nelse\n info \"AF_ALG / AEAD \u5230\u9054\u6027\u3092 Python \u3067\u78ba\u8a8d\u4e2d...\"\n PYTHON_RESULT=$(python3 - <<'PYEOF' 2>&1; true\nimport socket, errno, sys\n\nPF_ALG = 38\nSOCK_SEQ = 5 # SOCK_SEQPACKET\nALG_SET_KEY = 1\nALG_SET_IV = 2\nALG_SET_OP = 3\n\n# \u2500\u2500 Step 1: AF_ALG \u30bd\u30b1\u30c3\u30c8\u4f5c\u6210 \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\ntry:\n s = socket.socket(PF_ALG, SOCK_SEQ, 0)\nexcept (OSError, AttributeError) as e:\n print(f\"AF_ALG_UNREACHABLE: {e}\")\n sys.exit(0)\n\nprint(\"AF_ALG_REACHABLE\")\n\n# \u2500\u2500 Step 2: authencesn(hmac(sha256),cbc(aes)) \u30d0\u30a4\u30f3\u30c9 \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\nimport struct\n\n# struct sockaddr_alg: sa_family(2), type(14), feat(4), mask(4), name(64), key(32)\nALG_TYPE = b\"aead\\x00\" + b\"\\x00\" * (14 - len(b\"aead\\x00\"))\nALG_NAME = b\"authencesn(hmac(sha256),cbc(aes))\\x00\"\nALG_NAME += b\"\\x00\" * (64 - len(ALG_NAME))\nsa = struct.pack(\"H\", PF_ALG) + ALG_TYPE + struct.pack(\"II\", 0, 0) + ALG_NAME + b\"\\x00\" * 32\n\ntry:\n s.bind(sa)\n print(\"AEAD_ALG_REACHABLE\")\nexcept OSError as e:\n if e.errno in (errno.ENOENT, errno.EAFNOSUPPORT, errno.EINVAL, errno.ENOBUFS):\n print(f\"AEAD_ALG_UNREACHABLE: {e}\")\n else:\n print(f\"AEAD_ALG_BIND_ERROR: {e}\")\nfinally:\n s.close()\nPYEOF\n)\n\n echo \"$PYTHON_RESULT\" | while IFS= read -r line; do\n case \"$line\" in\n AF_ALG_UNREACHABLE*)\n ok \"AF_ALG \u30bd\u30b1\u30c3\u30c8: \u5230\u9054\u4e0d\u53ef (${line#*: }) \u2192 \u653b\u6483\u6761\u4ef6\u3092\u6e80\u305f\u3057\u307e\u305b\u3093\"\n ;;\n AF_ALG_REACHABLE)\n warn \"AF_ALG \u30bd\u30b1\u30c3\u30c8: \u5230\u9054\u53ef\u80fd\"\n AFALG_REACHABLE=1\n ;;\n AEAD_ALG_REACHABLE)\n fail \"authencesn(hmac(sha256),cbc(aes)) \u30a2\u30eb\u30b4\u30ea\u30ba\u30e0: \u5229\u7528\u53ef\u80fd \u2192 \u60aa\u7528\u6761\u4ef6\u304c\u63c3\u3063\u3066\u3044\u307e\u3059\uff01\"\n AEAD_REACHABLE=1\n ;;\n AEAD_ALG_UNREACHABLE*)\n ok \"AEAD \u30a2\u30eb\u30b4\u30ea\u30ba\u30e0: \u5229\u7528\u4e0d\u53ef (${line#*: }) \u2192 \u60aa\u7528\u6761\u4ef6\u3092\u6e80\u305f\u3057\u307e\u305b\u3093\"\n ;;\n AEAD_ALG_BIND_ERROR*)\n warn \"AEAD \u30a2\u30eb\u30b4\u30ea\u30ba\u30e0: \u30d0\u30a4\u30f3\u30c9\u30a8\u30e9\u30fc (${line#*: })\"\n ;;\n esac\n done\nfi\n\n# \u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\nsection \"5. \u30ab\u30fc\u30cd\u30eb\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u8a2d\u5b9a (\u8efd\u6e1b\u7b56)\"\n# \u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\n\n# unprivileged user namespace (\u653b\u6483\u7d4c\u8def\u306e\u4e00\u3064)\nif [[ -r /proc/sys/kernel/unprivileged_userns_clone ]]; then\n val=$(cat /proc/sys/kernel/unprivileged_userns_clone)\n if [[ \"$val\" -eq 0 ]]; then\n ok \"unprivileged_userns_clone = 0 \u2192 \u975e\u7279\u6a29\u30e6\u30fc\u30b6\u30fc\u540d\u524d\u7a7a\u9593\u306f\u7121\u52b9\"\n else\n warn \"unprivileged_userns_clone = 1 \u2192 \u975e\u7279\u6a29\u30e6\u30fc\u30b6\u30fc\u540d\u524d\u7a7a\u9593\u304c\u6709\u52b9\u3067\u3059\"\n fi\nfi\n\nif [[ -r /proc/sys/user/max_user_namespaces ]]; then\n val=$(cat /proc/sys/user/max_user_namespaces)\n if [[ \"$val\" -eq 0 ]]; then\n ok \"max_user_namespaces = 0 \u2192 \u30e6\u30fc\u30b6\u30fc\u540d\u524d\u7a7a\u9593\u306f\u7121\u52b9\"\n else\n info \"max_user_namespaces = ${val}\"\n fi\nfi\n\n# \u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\nsection \"6. \u7d50\u679c\u30b5\u30de\u30ea\u30fc\"\n# \u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\n\necho \"\"\necho -e \" \u30ab\u30fc\u30cd\u30eb : ${KERNEL_FULL}\"\necho -e \" \u8106\u5f31\u30d0\u30fc\u30b8\u30e7\u30f3 : $([ \"$VULN_VERSION\" -eq 1 ] && echo \"${RED}YES${RESET}\" || echo \"${GREEN}NO${RESET}\")\"\necho -e \" AF_ALG \u5230\u9054\u6027 : $([ \"$AFALG_REACHABLE\" -eq 1 ] && echo \"${YELLOW}\u5230\u9054\u53ef\u80fd${RESET}\" || echo \"${GREEN}\u5230\u9054\u4e0d\u53ef${RESET}\")\"\necho -e \" AEAD \u5229\u7528\u53ef\u5426 : $([ \"$AEAD_REACHABLE\" -eq 1 ] && echo \"${RED}\u5229\u7528\u53ef\u80fd${RESET}\" || echo \"${GREEN}\u5229\u7528\u4e0d\u53ef${RESET}\")\"\necho \"\"\n\nif [[ \"$VULN_VERSION\" -eq 1 && \"$AEAD_REACHABLE\" -eq 1 ]]; then\n echo -e \"${RED}${BOLD}\u26a0 \u7dcf\u5408\u5224\u5b9a: \u8106\u5f31 (CVE-2026-31431 \u306e\u653b\u6483\u6761\u4ef6\u304c\u63c3\u3063\u3066\u3044\u307e\u3059)${RESET}\"\n echo \"\"\n echo \" \u3010\u63a8\u5968\u5bfe\u5fdc\u3011\"\n echo \" 1. \u30ab\u30fc\u30cd\u30eb\u3092\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8:\"\n echo \" - 6.18.x\u7cfb \u2192 6.18.22 \u4ee5\u4e0a\"\n echo \" - 6.19.x\u7cfb \u2192 6.19.12 \u4ee5\u4e0a\"\n echo \" - \u30c7\u30a3\u30b9\u30c8\u30ed\u30d1\u30c3\u30b1\u30fc\u30b8\u4f8b:\"\n echo \" Ubuntu: sudo apt update && sudo apt upgrade linux-image-generic\"\n echo \" RHEL: sudo dnf update kernel\"\n echo \" Amazon Linux: sudo yum update kernel\"\n echo \" 2. \u66ab\u5b9a\u63aa\u7f6e: algif_aead \u30e2\u30b8\u30e5\u30fc\u30eb\u3092\u30d6\u30ed\u30c3\u30af\"\n echo \" echo 'install algif_aead /bin/false' | sudo tee /etc/modprobe.d/block-algif-aead.conf\"\n echo \" sudo update-initramfs -u # (Ubuntu/Debian)\"\n echo \" 3. \u518d\u8d77\u52d5\u5f8c\u306b\u672c\u30b9\u30af\u30ea\u30d7\u30c8\u3067\u518d\u78ba\u8a8d\u3057\u3066\u304f\u3060\u3055\u3044\u3002\"\nelif [[ \"$VULN_VERSION\" -eq 1 ]]; then\n echo -e \"${YELLOW}${BOLD}\u25b3 \u7dcf\u5408\u5224\u5b9a: \u8981\u6ce8\u610f (\u30d0\u30fc\u30b8\u30e7\u30f3\u306f\u8106\u5f31\u3067\u3059\u304c AEAD \u306f\u73fe\u6642\u70b9\u3067\u306f\u5230\u9054\u4e0d\u53ef)${RESET}\"\n echo \" \u30ab\u30fc\u30cd\u30eb\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u3092\u63a8\u5968\u3057\u307e\u3059\u3002\"\nelse\n echo -e \"${GREEN}${BOLD}\u2714 \u7dcf\u5408\u5224\u5b9a: \u5bfe\u7b56\u6e08\u307f / \u5bfe\u8c61\u5916${RESET}\"\n echo \" \u3053\u306e\u30b7\u30b9\u30c6\u30e0\u306f CVE-2026-31431 \u306e\u5f71\u97ff\u3092\u53d7\u3051\u307e\u305b\u3093\u3002\"\nfi\n\necho \"\"\necho \" \u53c2\u8003:\"\necho \" NVD : https://nvd.nist.gov/vuln/detail/CVE-2026-31431\"\necho \" Sysdig : https://www.sysdig.com/blog/cve-2026-31431-copy-fail-linux-kernel-flaw\"\necho \" PoC : https://github.com/theori-io/copy-fail-CVE-2026-31431 (Theori \u516c\u5f0f)\"\necho \"\"", "creation_timestamp": "2026-05-12T05:02:30.000000Z"}