Skip to content

Instantly share code, notes, and snippets.

@dmc5179

dmc5179/README.md

Created May 4, 2026 16:09
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save dmc5179/701d2f649e64544e945a860a2ffca8ae to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save dmc5179/701d2f649e64544e945a860a2ffca8ae to your computer and use it in GitHub Desktop.
Download ZIP
Process to mitigate CVE 2026-31431
Raw
README.md

Mitigation of CVE 2026-31431 for OpenShift

Create a butane configuration file for worker nodes

variant: openshift
version: 4.20.0
metadata:
  name: 99-worker-cve-2026-31431
  labels:
    machineconfiguration.openshift.io/role: worker
openshift:
  kernel_arguments:
    - initcall_blacklist=algif_aead_init

Create a butane configuration file for control plane nodes

variant: openshift
version: 4.20.0
metadata:
  name: 99-master-cve-2026-31431
  labels:
    machineconfiguration.openshift.io/role: master
openshift:
  kernel_arguments:
    - initcall_blacklist=algif_aead_init

Convert butane config to machine config

butane 99-master-cve-2026-31431.bu -o 99-master-cve-2026-31431.yaml
butane 99-worker-cve-2026-31431.bu -o 99-worker-cve-2026-31431.yaml

Apply machine configs to OpenShift

oc create -f 99-master-cve-2026-31431.yaml

oc create -f 99-worker-cve-2026-31431.yaml
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment