{"id":1436,"date":"2026-05-02T09:11:00","date_gmt":"2026-05-02T02:11:00","guid":{"rendered":"https:\/\/www.whplus.com\/blog\/2026\/05\/02\/copy-fail-cve-2026-31431-patches-released.html"},"modified":"2026-05-02T09:11:00","modified_gmt":"2026-05-02T02:11:00","slug":"copy-fail-cve-2026-31431-patches-released","status":"publish","type":"post","link":"https:\/\/www.whplus.com\/blog\/2026\/05\/02\/copy-fail-cve-2026-31431-patches-released.html","title":{"rendered":"Copy Fail (CVE-2026-31431) Patches Released"},"content":{"rendered":"

On April 29, the team at Xint Code disclosed<\/a> a Linux kernel flaw they have named Copy Fail, tracked as CVE-2026-31431<\/a>. The bug lives in the kernel\u2019s crypto subsystem \u2014 a logic flaw in authencesn<\/strong> <\/em>chained through AF_ALG<\/strong><\/em> and splice()<\/strong><\/em> \u2014 and it lets any unprivileged local user escalate to root with a 732-byte exploit that the researchers report works unmodified across every mainstream distribution built since 2017. Every supported AlmaLinux release is affected.<\/p>\n

If you run AlmaLinux on a multi-tenant host, container build farm, CI runner, or any system where untrusted users can get a shell, this one matters.<\/p>\n

More information about the vulnerability:<\/p>\n

https:\/\/copy.fail\/<\/a>
https:\/\/xint.io\/blog\/copy-fail-linux-distributions<\/a>
https:\/\/github.com\/theori-io\/copy-fail-CVE-2026-31431<\/a>
https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2026-31431<\/a><\/p>\n

Update: Patched kernels are now in production<\/strong><\/p>\n

2026-05-01 21:07 UTC \u2014 The patched kernels are now rolling out to production repositories\/mirrors. You no longer need to enable the testing repo to get them. Just run:<\/p>\n

sudo dnf clean metadata && sudo dnf upgrade <\/strong>
sudo reboot<\/strong><\/code><\/p>\n

Most mirrors have a sync frequency of 3 hours. If the updates are not available to you yet we recommend trying again in about an hour.<\/p>\n

The testing-repo instructions further down in this post remain for reference but are no longer the recommended path.<\/p>\n

The kernels released to production repositories are bit for bit identical to those from testing. We\u2019d like to thank everyone who helped with testing – it was the best involvement we\u2019ve had for a community call for testing to date and contributed to the speed of getting these patches into production repositories!<\/p>\n

Errata is available for all three supported AlmaLinux versions:
8: https:\/\/errata.almalinux.org\/8\/ALSA-2026-A001.html <\/a>
9: https:\/\/errata.almalinux.org\/9\/ALSA-2026-A002.html<\/a>
10: https:\/\/errata.almalinux.org\/10\/ALSA-2026-A003.html<\/a><\/p>\n

Sumber:\u00a0https:\/\/almalinux.org\/blog\/2026-05-01-cve-2026-31431-copy-fail\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

On April 29, the team at Xint Code disclosed a Linux kernel flaw they have named Copy Fail, tracked as CVE-2026-31431. The bug lives in the kernel\u2019s crypto subsystem \u2014 a logic flaw in authencesn chained through AF_ALG and splice() \u2014 and it lets any unprivileged local user escalate to root with a 732-byte exploit\u2026 Read More »<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"registered_only","ping_status":"1","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-1436","post","type-post","status-publish","format-standard","hentry","category-news"],"aioseo_notices":[],"aioseo_head":"\n\t\t\n\t\n\t\n\t\n\t\n\t\n\t\n\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t