While browsing idly today, I discovered the CVE-2026-31431 patch. After attempting to reproduce it, I confirmed it is indeed exploitable—scripts running under a low-privilege user can escalate to root. Not sure if openEuler has released a corresponding patch yet.
The community is working urgently on the fix, and a corresponding patch is expected to be released during the May Day holiday. For updates on the progress, please follow this issue: AtomGit | GitCode - 全球开发者的开源社区,开源代码托管平台
Once the fix is complete, the community’s security advisory will also be updated accordingly. Thank you!
openEuler-22.03-LTS-SP4 (5.10.0): Fixed normally
openEuler-22.03-LTS-SP3 (5.10.0): Not fixed - out of the supported fix range
But mine is 2403.sp2. From what I see on the platform, these two versions refer to upgrading to SP3 or SP4, right? The corresponding kernel is as follows:
- openEuler-24.03-LTS-SP3 (6.6.0): Normal fixes applied
- openEuler-24.03-LTS-SP4 (6.6.0): Normal fixes applied
I have a question: why is SP2 of the LTS version excluded from the fix scope?
- openEuler-24.03-LTS-SP1 (6.6.0): Fixed normally
- openEuler-24.03-LTS-SP2 (6.6.0): Not fixed – out of the fix scope
- openEuler-24.03-LTS-SP3 (6.6.0): Fixed normally
- openEuler-24.03-LTS-SP4 (6.6.0): Fixed normally