A local privilege escalation (LPE) vulnerability affecting the Linux kernel has been publicly disclosed on April 29, 2026. The vulnerability has been assigned CVE ID CVE-2026-31431, also know as "Copy Fail".
The vulnerable component is a kernel module that provides cryptographic functions name algif_aead. It lets any unprivileged local user gain elevated access by exploiting improper memory handling. It becomes critical when combined with initial access methods like SSH, CI jobs, or container footholds.
Impacted Systems
The vulnerability affects virtually all Linux distributions running kernels released from 2017, Linux distributions such as and not limited to Almalinux, RHEL, Ubuntu and more.
Mitigation
If your Linux distribution has not yet released a patch, you can mitigate the issue by disabling algif_aead in the kernel and rebooting your system.
Ubuntu-
echo "install algif_aead /bin/true" > /etc/modprobe.d/cve-2026-31431.conf
reboot
CloudLinux 9 and 10, Almalinux-
grubby --update-kernel=ALL --args="initcall_blacklist=algif_aead_init"
reboot
Fix
Certain operating systems have released patches to update the kernel and fix this issue. Please check the guidelines on the respective OS websites listed below. All customers are advised to verify and update their system kernel to a patched version as soon as possible.
AlmaLinux-
https://almalinux.org/blog/2026-05-01-cve-2026-31431-copy-fail/
Ubuntu-
https://ubuntu.com/blog/copy-fail-vulnerability-fixes-available
Yeahhost Server Team
vendredi, mai 1, 2026