CopyFail

https://copy.fail/

CVE-2026-31431 - If your kernel was built between 2017 and the patch — which covers essentially every mainstream Linux distribution — you're in scope.

Copy Fail requires only an unprivileged local user account — no network access, no kernel debugging features, no pre-installed primitives. The kernel crypto API (AF_ALG) ships enabled in essentially every mainstream distro's default config, so the entire 2017 → patch window is in play out of the box.

Disable algif_aead module

   1 sudo bash
   2 echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf
   3 rmmod algif_aead

-  ⇤ ← Revision 3 as of 2026-05-03 21:32:39 → 
  Size: 676
  Editor: vitor
  Comment:
+   ← Revision 4 as of 2026-05-03 21:37:19 → ⇥
  Size: 693
  Editor: vitor
  Comment:
-Deletions are marked like this.
+Additions are marked like this.
 Line 6:
-If your kernel was built between 2017 and the patch — which covers essentially every mainstream Linux distribution — you're in scope.
+CVE-2026-31431 - If your kernel was built between 2017 and the patch — which covers essentially every mainstream Linux distribution — you're in scope.