SaaS Metrics
GitHub Issue
Tested with Talos (v1.12.5, k8s v1.35.2) [only LPE inside the container, no container escape] - works
**Note:** this is tested as only a LPE *inside* a container, not a host container escape! More details in the comments below.
Works with a standard implementation.
```
Linux cli-8488fc8f77-td5xv 6.18.15-talos #1 SMP Fri Mar 6 11:34:33 UTC 2026 x86_64 GNU/Linux
```
Does not work with `allowPrivilegeEscalation: false`.
View Raw Thread
Developer & User Discourse
rothgar • Apr 29, 2026
How did you test this on Talos? The `algif_aead` module isn't loaded by default and there's no shell on the host to exec into. I can run a privileged container but then I'm already root and the exploit doesn't matter.
aJuvan • Apr 29, 2026
Probably should have added more context. tldr: I tested it inside a normal container just to see if the underlying kernel is already patched.
Long story: I have some specific workloads where a large number of people are meant to have access to containers. That said I have very strict policies and enforcements in place, so no one even gets root on the container which (in my case) could be problematic and I can't just wave it of as "doesn't matter". So when I saw the CVE I had to check and patch the cluster since I do not trust my users enough :D Then, just to do my due diligence, I posted here in case someone might have a similar case as me.
Looking into `algif_aead` it does seem to me like it's loaded (or rather built into the kernel). I checked with `talosctl -n read /proc/config.gz | gzip -dc | grep -i aead` and got back:
```
CONFIG_CRYPTO_AEAD=y
CONFIG_CRYPTO_AEAD2=y
CONFIG_CRYPTO_USER_API_AEAD=y
```
> Granted I only checked this now that you mentioned it after upgrade, not ...
Long story: I have some specific workloads where a large number of people are meant to have access to containers. That said I have very strict policies and enforcements in place, so no one even gets root on the container which (in my case) could be problematic and I can't just wave it of as "doesn't matter". So when I saw the CVE I had to check and patch the cluster since I do not trust my users enough :D Then, just to do my due diligence, I posted here in case someone might have a similar case as me.
Looking into `algif_aead` it does seem to me like it's loaded (or rather built into the kernel). I checked with `talosctl -n read /proc/config.gz | gzip -dc | grep -i aead` and got back:
```
CONFIG_CRYPTO_AEAD=y
CONFIG_CRYPTO_AEAD2=y
CONFIG_CRYPTO_USER_API_AEAD=y
```
> Granted I only checked this now that you mentioned it after upgrade, not ...
rothgar • Apr 30, 2026
I appreciate you testing and posting. I don't understand the exploit requirement enough but I was looking at the remediation steps and saw you need to remove that module. When I checked if the module was loaded I didn't see it.
```
talosctl get loadedkernelmodules
NODE NAMESPACE TYPE ID VERSION STATE
3d runtime LoadedKernelModule ahci 9 Live
3d runtime LoadedKernelModule intel_rapl_common 2 Live
3d runtime LoadedKernelModule intel_rapl_msr 2 Live
3d runtime LoadedKernelModule k10temp 1 Live
3d runtime LoadedKernelModule libahci 1 Live
3d runtime LoadedKernelModule nvme 3 Live
3d runtime LoadedKernelModule r8169 2 Live
3d runtime LoadedKernelModule sp5100_tco 1 Live
3d runtime LoadedKernelModule vfio ...
```
talosctl get loadedkernelmodules
NODE NAMESPACE TYPE ID VERSION STATE
3d runtime LoadedKernelModule ahci 9 Live
3d runtime LoadedKernelModule intel_rapl_common 2 Live
3d runtime LoadedKernelModule intel_rapl_msr 2 Live
3d runtime LoadedKernelModule k10temp 1 Live
3d runtime LoadedKernelModule libahci 1 Live
3d runtime LoadedKernelModule nvme 3 Live
3d runtime LoadedKernelModule r8169 2 Live
3d runtime LoadedKernelModule sp5100_tco 1 Live
3d runtime LoadedKernelModule vfio ...
rumpli • Apr 30, 2026
Although the config references:
CONFIG_CRYPTO_AEAD=y
CONFIG_CRYPTO_AEAD2=y
CONFIG_CRYPTO_USER_API_AEAD=y
I can't find the kernel module itself:
find /hostfs/lib/modules/6* | grep algif_aead
Neither in 6.12.57-talos (v1.11.5), 6.18.9-talos (v1.12.4), 6.18.18-talos (v1.12.6) nor in 6.18.24-talos (v1.12.7).
CONFIG_CRYPTO_AEAD=y
CONFIG_CRYPTO_AEAD2=y
CONFIG_CRYPTO_USER_API_AEAD=y
I can't find the kernel module itself:
find /hostfs/lib/modules/6* | grep algif_aead
Neither in 6.12.57-talos (v1.11.5), 6.18.9-talos (v1.12.4), 6.18.18-talos (v1.12.6) nor in 6.18.24-talos (v1.12.7).
(Opened a separate issue #22 for completion)