This is a short PSA (Public Service Announcement) on how I dealt with the Copy Fail vulnerability. This will be updated as soon as the updated kernel packages are made available. This is a pragmatic post on how to deploy a mitigiation RIGHT NOW. Do this until the kernel updates are published On your Linux machine add initcall_blacklist=algif_aead__init to your kernel boot commandline (typically in grub). Reboot. You are now safe until the updated kernel packages become available. For distributions with the grubby command this is done as root with # grubby --update-kernel=ALL --args="initcall_blacklist=algif_aead_init" This mitigation comes courtesy of Red Hat. Our engineers keep you safe :) Some more details from our CVE page on CVE-2026-31431 at https://access.redhat.com/security/cve/cve-2026-31431 Mitigation Though the affected module cannot be blacklisted, the affected functions themselves can be using the following boot arguments: initcall_blacklist=algif_aead_init Please see…
No comments yet. Log in to reply on the Fediverse. Comments will appear here.