Just for what it's worth, I just pushed an eBPF-based workaround for people who are running kernels in which AF_ALG is linked directly into the kernel and not as a module: https://github.com/Dabbleam/CVE-2026-31431-mitigation

I am running this in production right now and it mitigates the attack, with no unexpected side-effects as far as I can see.