Home » Forum » Trisquel users
Submitted by Alexander_R on Thu, 04/30/2026 - 13:16

copy.fail

5 replies [Last post]
Thu, 04/30/2026 - 13:16
Alexander_R
Alexander_R
Offline
Joined: 04/30/2026

Hello,

As far as I can tell, the copy.fail (https://copy.fail/) vulnerability (CVE-2026-31431) is still not patched. I am running fully updated Trisquel 12 and the local exploit works.

I fully appreciate that this is not a critical issue for single-user laptop systems but it still can, at least in theory, lead to a remote root exploit if chained with another non-root remote execution vulnerability.

Am I missing something?

Thanks in advance,

Alexander

Top
  • Login or register to post comments
  • +1
    0
    -1
    Please use the rating system to mark posts that go against the Community Guidelines
Thu, 04/30/2026 - 21:02
#1
tonino
tonino
Offline
Joined: 03/13/2026

Known mitigation for Ubuntu:
https://github.com/theori-io/copy-fail-CVE-2026-31431/issues/35#issuecomment-4353529712

General situation of the kernel patch:
https://github.com/theori-io/copy-fail-CVE-2026-31431/issues/35#issuecomment-4353811173

Top
  • Login or register to post comments
  • +1
    -1
    -1
    Please use the rating system to mark posts that go against the Community Guidelines
Fri, 05/01/2026 - 04:32
#2
icarolongo
icarolongo
Offline
Joined: 03/26/2011

Everything is fine with the GNU Linux-libre 7.0.2. [1]

From CVE-2026-31431 [2][3]:

unaffected from 5.10.254
unaffected from 5.15.204
unaffected from 6.1.170
unaffected from 6.6.137
unaffected from 6.12.85
unaffected from 6.18.22
unaffected from 6.19.12
unaffected from 7.0

[1] https://www.fsfla.org/ikiwiki/selibre/linux-libre/freesh.en.html
[2] https://app.opencve.io/cve/CVE-2026-31431
[3] https://cveawg.mitre.org/api/cve/CVE-2026-31431

CVE-2026-31431-unaffected-trisquel-gnu-linux-libre-7.0.2.jpg
Top
  • Login or register to post comments
  • +1
    +1
    -1
    Please use the rating system to mark posts that go against the Community Guidelines
Sat, 05/02/2026 - 11:03
#3
Ark74
Ark74

I am a member!

I am a translator!

Offline
Joined: 07/15/2009

Mitigations have landed from upstream, please keep your system up to date.

You can apply this small mitigation command for immediate action,

echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif-aead.conf
rmmod algif_aead 2>/dev/null

Source: https://copy.fail/

Regards

Top
  • Login or register to post comments
  • +1
    0
    -1
    Please use the rating system to mark posts that go against the Community Guidelines
Sun, 05/03/2026 - 03:37
#4
useresu
useresu
Offline
Joined: 04/18/2026 
$ sudo rmmod algif_aead
rmmod: ERROR: Module algif_aead is not currently loaded

Does this mean that the system not running algif_aead could not be exploited already?

Top
  • Login or register to post comments
  • +1
    0
    -1
    Please use the rating system to mark posts that go against the Community Guidelines
Sun, 05/03/2026 - 03:43
#5
useresu
useresu
Offline
Joined: 04/18/2026

In: https://arstechnica.com/security/2026/04/as-the-most-severe-linux-threat-in-years-surfaces-the-world-scrambles/

[...] Theori said that it discovered the vulnerability after its researcher, Taeyang Lee, found surface area in the crypto subsystem (specifically, splice() hands page-cache pages and scatterlist page provenance) had been underexplored. [Cont.]

That is about standard methodology in researching vulnerabilities, isn't it?

[Cont.] Using its AI-powered Xint code security tool, the researchers then found the bug after about an hour of scan time. The company said it has also developed an exploit that uses CopyFail to break out of Kubernetes containers. [...]
Top
  • Login or register to post comments
  • +1
    0
    -1
    Please use the rating system to mark posts that go against the Community Guidelines