Critical Linux Security Vulnerability - CopyFail CVE-2026-31431

Mitigation Steps and Support

VENDOR ADVISORY: https://www.cve.org/CVERecord?id=CVE-2026-31431

ISO ADVISORY: View the most up‑to‑date ISO release 

PLATFORMS AFFECTED: Linux kernels distributed from 2017 through April 2026

SEVERITY: Urgent

IMPACT: Local privilege escalation with published proof-of-concept code

DETAILS:

On Wednesday, April 29, 2026, a zero-day Linux vulnerability known as CopyFail (CVE-2026-31431) was disclosed. This affects a wide range of Linux kernels distributed from 2017 through April 2026, and a public proof-of-concept exploit has been released.

What's Happening?

SCS Computing Facilities (SCSCF) is currently working in partnership with CMU Computing Services and the Information Security Office (ISO) to identify and prioritize system vulnerability mitigation while we await vendor resolution. 

Systems without CrowdStrike are being prioritized due to reduced visibility into potential exploitation. Systems with CrowdStrike may have additional monitoring coverage in the interim. If you are unsure whether your CMU-owned system has Crowdstrike intalled, contact us for more information.

What You Need to Do

Systems Enrolled in SCS Software Support

SCSCF is actively remediating supported systems and no action is required from users at this time. 

Current status:

• Clusters - Complete
• Project Servers - In progress
• Desktop Systems - In progress

Systems Not Enrolled in SCS Software Support

If you manage your own Linux systems, detailed steps to remediate this vulnerability are available on our website at: https://computing.cs.cmu.edu/desktop/linux-copyfail-vulnerability-remediation

Need Help?

If you have questions about your system’s support status or need assistance, please contact SCS Computing Facilities at 412‑268‑4231, submit a ticket, or email help@cs.cmu.edu.

We will continue to update this alert as more information becomes available.