tetragon/example: Add a blocking policy to mitigate CVE-2026-31431

[alcastronic]

Adding a policy that mitigates the exploitation of CVE-2026-31431. This is done by blocking the creation of the AF_ALG socket. The policy overrides the syscall sys_socket with -1 when AF_ALG is passed as the communication domain.

Description

This adds an example policy that mitigates the exploitation of the privilege escalation bug CVE-2026-31431.

The exploit requires the creation of a socket with the communication domain AF_ALG to copy bytes.
According to the team who discovered the vulnerability, the communication domain is not widely used.
Mitigations published by distributions, e.g., RHEL, recommend disabling the kernel module for algif_aead entirely by blocklisting it in GRUB, which requires a reboot.

Adding this policy allows users of Tetragon to directly prevent the exploitation of this CVE.
By setting the policy to monitor mode, it is possible to detect exploitation attempts on patched systems.

Coverage

This policy works on different versions of the exploit that may use several vectors, including patching /usr/bin/su in memory or overwriting /etc/passwd.

Xint Code Team

• Test against the original version released by Xint Code team https://github.com/theori-io/copy-fail-CVE-2026-31431/blob/main/copy_fail_exp.py

$ python3 copy-fail.py 
Traceback (most recent call last):
  File "/home/host/copy-fail.py", line 9, in <module>
    while i<len(e):c(f,i,e[i:i+4]);i+=4
                   ^^^^^^^^^^^^^^^
  File "/home/host/copy-fail.py", line 5, in c
    a=s.socket(38,5,0);a.bind(("aead","authencesn(hmac(sha256),cbc(aes))"));h=279;v=a.setsockopt;v(h,1,d('0800010000000010'+'0'*64));v(h,5,None,4);u,_=a.accept();o=t+4;i=d('00');u.sendmsg([b"A"*4+c],[(h,3,i*4),(h,2,b'\x10'+i*19),(h,4,b'\x08'+i*3),],32768);r,w=g.pipe();n=g.splice;n(f,w,o,offset_src=0);n(r,u.fileno(),o)
      ^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/socket.py", line 233, in __init__
    _socket.socket.__init__(self, family, type, proto, fileno)
PermissionError: [Errno 1] Operation not permitted

Tetragon output

🚀 process host /usr/bin/python3 copy-fail.py                  
❓ syscall host /usr/bin/python3 __x64_sys_socket                        
💥 exit    host /usr/bin/python3 copy-fail.py 1  

C version

• Test against the C version: https://gist.github.com/blasty/d7b5d0599b154c9ec83c182acbd56e8b

 ./goodcopy. 
[i] target: /usr/bin/su
[&] corrupting page cache (228 bytes)...
[...SNIP...]
socket: Operation not permitted
[#] bl1ng bl1ng?!
Password:  

Tetragon output

🚀 process host /home/host/goodcopy                           
[...SNIP...]    
❓ syscall host /home/host/goodcopy __x64_sys_socket                    
🚀 process host /bin/sh -c -- /usr/bin/su                      
🚀 process host /usr/bin/su                     🛑 CAP_SYS_ADMIN
💥 exit    host /usr/bin/su  SIGINT    🛑 CAP_SYS_ADMIN
💥 exit    host /bin/sh -c -- /usr/bin/su SIGINT      
💥 exit    host /home/host/goodcopy  0               

Arbitrary patches

• Exploit allowing it to overwrite /etc/passwd or patch arbitrary binaries https://github.com/Sndav/CVE-2026-31431-Advanced-Exploit

$ python3 advanced-exploit.py escalate
[*] Copyright (c) 2026, Sndav
[*] This exploit is for educational purposes only.
[*] CVE-2026-31431 — Copy Fail
[*] Mode: remove root password via /etc/passwd

[*] Backup: /tmp/.passwd.bak
[*] Before : root:x:0:0:root:/root:/bin/bash
[*] After  : root::0:0:root :/root:/bin/bash
[*] Offset : 0

    [0x000000]  726f6f74  root
Traceback (most recent call last):
  File "/home/host/advanced-exploit.py", line 408, in <module>
    main()
  File "/home/host/advanced-exploit.py", line 321, in main
    cmd_escalate()
  File "/home/host/advanced-exploit.py", line 398, in cmd_escalate
    if not escalate_passwd():
           ^^^^^^^^^^^^^^^^^
  File "/home/host/advanced-exploit.py", line 292, in escalate_passwd
    _write_4bytes(w._fd, file_off, chunk)
  File "/home/host/advanced-exploit.py", line 121, in _write_4bytes
    alg = socket.socket(AF_ALG, SOCK_SEQPACKET, 0)
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/socket.py", line 233, in __init__
    _socket.socket.__init__(self, family, type, proto, fileno)
PermissionError: [Errno 1] Operation not permitted

Tetragon output

🚀 process host  /usr/bin/python3 advanced-exploit.py escalate  
❓ syscall host  /usr/bin/python3 __x64_sys_socket                        
💥 exit    host /usr/bin/python3 advanced-exploit.py escalate 1 

[alcastronic]

/label release-note/misc

[alcastronic]

Hi maintainers, could you please add the release-note/misc label to this PR? I don’t have permission to apply labels. Thanks!

[kkourt]

Thanks for the PR!

I don't have any specific objections to the policy itself (from a cursory look it seems reasonable to me), but I'm not sure if we want to have CVE mitigations as examples in the Tetragon repository.

My concern is that CVE mitigation policies are very difficult to get right, and adding a CVE mitigation as an example sets certain expectations that are challenging to be met by the Tetragon project. IMO, this content seems better suited for a blog post or, even, a different repository.

[alcastronic]

Thanks for your feedback!

A blogpost on CVE mitigations using Tetragon would allow to also detail on challenges in such policies in general. Which is an interesting topic that will stay important. As observed with this CVE patches have not been immediately available and mitigating a CVE with Tetragon has immediate effect. So I agree with you, a blogpost would provide better value.

Regarding the addition of CVE mitigation policies. There are two of those in ˋexamples/tracingpolicy/cvesˋ.
And it appears there was a discussion some time ago, in issue #1947
So I propose the discussion to add CVE mitigations should also take place in that issue.

To understand your concerns here a bit better, do you think it would make sense to rather add a monitoring policy instead of an enforce policy? That is, implications such as unhandled errors in software that uses e.g. ˋAF_ALGˋ are not as drastic.

Id be fine with either way, merging this PR, changing the policy to monitor mode or closing the PR.