The Update Conundrum
the.unknown-universe.co.uk
How a “kept back” Proxmox kernel left my home lab exposed to CVE‑2026‑31431 — why I now check upgradable packages and use apt full‑upgrade.

cross-posted from: https://lemmy.ml/post/46701277

I’ve been running my home lab since 2021 and honestly thought my update routine was solid: apt update && apt upgrade, reboot, job done.

Turns out I was wrong. I was checking CVE‑2026‑31431 (Copy Fail) this morning and realised that despite my “successful” updates, I was still running a vulnerable kernel from March.

I’ve had to rethink how I handle host updates. If you’re relying on a standard upgrade and a reboot to keep Proxmox or Debian hosts safe, you might want to check if yours is lying to you as well.

  • endlesseden@pyfedi.deep-rose.orgEnglish
    2·
    10 hours ago

    I honestly don’t know what your talking about. proxmox updated the pve kernels immediately after this CVE was published…

    additionally, this CVE only applies to older (pre-6.17 kernels). unless you are on proxmox 8 or earlier, you are already running a “patched” kernel as the pathway necessary for this was changed and in kernel 7.x and above this CVE doesnt work…