EIP-2026-120692

PRE-CVE

Linux Kernel 6.8 - Local Privilege Escalation

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-120692. PoCs published by Long Fong Chan.

AI-analyzed exploit summary This Rust exploit leverages a Linux kernel vulnerability (CVE-2026-31431) in AF_ALG (algif_aead) to perform arbitrary file overwrite in page cache via splice() and AEAD crypto interface, leading to local privilege escalation by overwriting /usr/bin/su with a custom shellcode payload.

Description

Linux Kernel 6.8 - Local Privilege Escalation

Exploits (1)

exploitdb WORKING POC

by Long Fong Chan · pythonlocallinux

https://www.exploit-db.com/exploits/52573

View Code ZIP pw:eip

This Rust exploit leverages a Linux kernel vulnerability (CVE-2026-31431) in AF_ALG (algif_aead) to perform arbitrary file overwrite in page cache via splice() and AEAD crypto interface, leading to local privilege escalation by overwriting /usr/bin/su with a custom shellcode payload.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Reliable

Target: Linux Kernel 5.4 - 6.8 (unpatched)

No auth needed

Prerequisites: Unprivileged local user access · algif_aead module loaded

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548 - Abuse Elevation Control Mechanism

devstral-2 · analyzed May 27, 2026 Full analysis →

Details

Status pre_cve

Tracked Since May 27, 2026