{"id":1436,"date":"2026-05-02T09:11:00","date_gmt":"2026-05-02T02:11:00","guid":{"rendered":"https:\/\/www.whplus.com\/blog\/2026\/05\/02\/copy-fail-cve-2026-31431-patches-released.html"},"modified":"2026-05-02T09:11:00","modified_gmt":"2026-05-02T02:11:00","slug":"copy-fail-cve-2026-31431-patches-released","status":"publish","type":"post","link":"https:\/\/www.whplus.com\/blog\/2026\/05\/02\/copy-fail-cve-2026-31431-patches-released.html","title":{"rendered":"Copy Fail (CVE-2026-31431) Patches Released"},"content":{"rendered":"<p>On April 29, the team at <a href=\"https:\/\/copy.fail\/\">Xint Code disclosed<\/a> a Linux kernel flaw they have named Copy Fail, tracked as <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2026-31431\">CVE-2026-31431<\/a>. The bug lives in the kernel\u2019s crypto subsystem \u2014 a logic flaw in <em><strong>authencesn<\/strong> <\/em>chained through <em><strong>AF_ALG<\/strong><\/em> and <em><strong>splice()<\/strong><\/em> \u2014 and it lets any unprivileged local user escalate to root with a 732-byte exploit that the researchers report works unmodified across every mainstream distribution built since 2017. Every supported AlmaLinux release is affected.<\/p>\n<p>If you run AlmaLinux on a multi-tenant host, container build farm, CI runner, or any system where untrusted users can get a shell, this one matters.<\/p>\n<p>More information about the vulnerability:<\/p>\n<p><a href=\"https:\/\/copy.fail\/\">https:\/\/copy.fail\/<\/a><br \/><a href=\"https:\/\/xint.io\/blog\/copy-fail-linux-distributions\">https:\/\/xint.io\/blog\/copy-fail-linux-distributions<\/a><br \/><a href=\"https:\/\/github.com\/theori-io\/copy-fail-CVE-2026-31431\">https:\/\/github.com\/theori-io\/copy-fail-CVE-2026-31431<\/a><br \/><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2026-31431\">https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2026-31431<\/a><\/p>\n<p><strong>Update: Patched kernels are now in production<\/strong><\/p>\n<p>2026-05-01 21:07 UTC \u2014 The patched kernels are now rolling out to production repositories\/mirrors. You no longer need to enable the testing repo to get them. Just run:<\/p>\n<p><code><strong>sudo dnf clean metadata &amp;&amp; sudo dnf upgrade <\/strong><br \/><strong>sudo reboot<\/strong><\/code><\/p>\n<p>Most mirrors have a sync frequency of 3 hours. If the updates are not available to you yet we recommend trying again in about an hour.<\/p>\n<p>The testing-repo instructions further down in this post remain for reference but are no longer the recommended path.<\/p>\n<p>The kernels released to production repositories are bit for bit identical to those from testing. We\u2019d like to thank everyone who helped with testing &#8211; it was the best involvement we\u2019ve had for a community call for testing to date and contributed to the speed of getting these patches into production repositories!<\/p>\n<p>Errata is available for all three supported AlmaLinux versions: <br \/>8: <a href=\"https:\/\/errata.almalinux.org\/8\/ALSA-2026-A001.html\">https:\/\/errata.almalinux.org\/8\/ALSA-2026-A001.html <\/a><br \/>9: <a href=\"https:\/\/errata.almalinux.org\/9\/ALSA-2026-A002.html\">https:\/\/errata.almalinux.org\/9\/ALSA-2026-A002.html<\/a><br \/>10: <a href=\"https:\/\/errata.almalinux.org\/10\/ALSA-2026-A003.html\">https:\/\/errata.almalinux.org\/10\/ALSA-2026-A003.html<\/a><\/p>\n<p>Sumber:\u00a0<a href=\"https:\/\/almalinux.org\/blog\/2026-05-01-cve-2026-31431-copy-fail\/\">https:\/\/almalinux.org\/blog\/2026-05-01-cve-2026-31431-copy-fail\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>On April 29, the team at Xint Code disclosed a Linux kernel flaw they have named Copy Fail, tracked as CVE-2026-31431. The bug lives in the kernel\u2019s crypto subsystem \u2014 a logic flaw in authencesn chained through AF_ALG and splice() \u2014 and it lets any unprivileged local user escalate to root with a 732-byte exploit\u2026 <span class=\"read-more\"><a href=\"https:\/\/www.whplus.com\/blog\/2026\/05\/02\/copy-fail-cve-2026-31431-patches-released.html\">Read More &raquo;<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"registered_only","ping_status":"1","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-1436","post","type-post","status-publish","format-standard","hentry","category-news"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.whplus.com\/blog\/wp-json\/wp\/v2\/posts\/1436","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.whplus.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.whplus.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.whplus.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.whplus.com\/blog\/wp-json\/wp\/v2\/comments?post=1436"}],"version-history":[{"count":0,"href":"https:\/\/www.whplus.com\/blog\/wp-json\/wp\/v2\/posts\/1436\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.whplus.com\/blog\/wp-json\/wp\/v2\/media?parent=1436"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.whplus.com\/blog\/wp-json\/wp\/v2\/categories?post=1436"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.whplus.com\/blog\/wp-json\/wp\/v2\/tags?post=1436"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}