CVE-2026-31431. 100% Reliable Linux LPE — no race, no per-distro offsets, page-cache write that bypasses on-disk file-integrity tools and crosses containers. Found by Xint Code.
I have a mix of Debian and Ubuntu servers. I’ll update manually anyway but for future cases, would unattended-upgrades set to security upgrades run daily be enough to stop this type of issue?
This is a kernel bug, unattended-upgrades will take care of installing the new kernel once the fix is published, but you still have to reboot to load it. I’ve set up a cron job that runs needrestart nightly and reboots my servers if there is a pending kernel upgrade [1]
But by default the unattended-upgrades timer has a randomized trigger time (so that not all Debian machines in the world start hammering the mirrors at the same time). If you enable the auto reboot option in unattended-upgrades, your boxes will reboot at an unpredictable time. I prefer doing this at known times (middle of the night when I know nothing important is running/number of users is low).
I have a mix of Debian and Ubuntu servers. I’ll update manually anyway but for future cases, would unattended-upgrades set to security upgrades run daily be enough to stop this type of issue?
This is a kernel bug, unattended-upgrades will take care of installing the new kernel once the fix is published, but you still have to reboot to load it. I’ve set up a cron job that runs needrestart nightly and reboots my servers if there is a pending kernel upgrade [1]
Unattended-upgrades has a config option to auto reboot
True.
But by default the unattended-upgrades timer has a randomized trigger time (so that not all Debian machines in the world start hammering the mirrors at the same time). If you enable the auto reboot option in unattended-upgrades, your boxes will reboot at an unpredictable time. I prefer doing this at known times (middle of the night when I know nothing important is running/number of users is low).
You can set a time in the config file
Admittedly your cron job does the same thing but I like to have everything in one place