Came across this this morning: CVE-2026-31431. Any unprivileged local user can write 4 controlled bytes into the page cache of any readable file on a Linux system, and use that to gain root.
Probably pretty low-priority for anyone just running Linux workstations at home, but thought I’d share for general awareness. Anyone running Multi-tenant Linux hosts, Kubernetes / container clusters, etc, should likely update 
It worries me that the kernel team are able to make the kernel so complicated that such thing could occur without being anticipated.
When I was taught to program, it was stressed that you should understand every aspect of what your algorithm is going to do, before you even code it.
I think this sort of thing comes from accepting piecemeal modifications into code , without thinking thru their global consequences.
Beat me to it. Thanks.
The longer I’ve been on Linux, the more I understand the concerns raised by BSD users and why they inconvenienced themselves to migrate to those systems.
I suppose you mean that BSD is centrally managed and therefore has some global oversight of code.
An interesting video about this
For anyone interested, I read this on Zdnet this morning.
"To find out if your kernel has been patched against Copy Fail, issue the following command:
dpkg -l kmod grep -qE '^algif_aead ' /proc/modules && echo "Affected module is loaded" || echo "Affected module is NOT loaded"
If your kernel has been patched, you’ll see “Affected module is NOT loaded.” If your kernel has not been patched, you’ll see “Affected module is loaded.”"
My MX OS is runing with kernel 6.12 and I received the message not loaded.
Sorry for the delay.
I was mostly referring to the sheer number of kernel vulnerabilities found in Linux vs OpenBSD (only 2 remotely executable in 25 years). There was a lecture on Odysee that went into substantial detail comparing the security of one or more of the BSDs (I believe FreeBSD, OpenBSD, and maybe NetBSD) to Linux, but I can’t find it for the life of me. While the disparity in popularity likely skews those numbers some, I imagine the centralized nature of the BSDs is a large factor in the improved security.
I remember having read somewhere that the openbsd people continuously audit the entire os.
I think you are correct there. They are less open to insertion of malicious code in the kernel or utilities. I dont know about the apps … they are ported like in Gentoo and are kept separate from the OS. There are binaries of some common apps.