Copy Fail – CVE-2026-31431
(copy.fail)
from cyrano@piefed.social to selfhosted@lemmy.world on 30 Apr 21:28
https://piefed.social/c/selfhosted/p/2026153/copy-fail-cve-2026-31431
from cyrano@piefed.social to selfhosted@lemmy.world on 30 Apr 21:28
https://piefed.social/c/selfhosted/p/2026153/copy-fail-cve-2026-31431
cross-posted from: lemmy.bestiver.se/post/1076650
threaded - newest
Tested on Ubuntu 24.04. Security patching from Ubuntu does fix it. Scary vulnerability
It looks like the fix is just disabling the algif_aead kernel module. That prevented the proof of concept script from working on everything I tested it on. Hopefully they will get some kernel updates out soon.
They have shipped out an update mitigation for the issue. ubuntu.com/…/copy-fail-vulnerability-fixes-availa…
sudo apt update && sudo apt upgradeand after that, also do the steps listed on that page for running
rmmodand grepping for the affected module unloadedDo the sysctl fix and you’re fine to wait for a patch.