Login

u/james4765

▲ 49 r/openshift

After working through the mitigation in our RHEL hosts, I went ahead and put together the MachineConfiguration YAML necessary to disable the vulnerable driver:

apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
metadata:
  name: 99-mitigate-cve-2026-31431-master
  labels:
    machineconfiguration.openshift.io/role: master
spec:
  config:
    ignition:
      version: 3.4.0
  kernelArguments:
    - initcall_blacklist=algif_aead_init
---
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
metadata:
  name: 99-mitigate-cve-2026-31431-worker
  labels:
    machineconfiguration.openshift.io/role: worker
spec:
  config:
    ignition:
      version: 3.4.0
  kernelArguments:
    - initcall_blacklist=algif_aead_init
reddit.com
u/james4765 — 14 days ago