Copy Fail is a new local privilege escalation and container escape found by Xint Code.
The vulnerability affects kernels built between 2017 and 2026.
At the time of writing, Debian GNU/Linux does not have a patch ready for Copy Fail.
While we wait for a patch, the following configuration change will mitigate the security risk by blacklisting the affected kernel module:
Create a new file in /etc/modprobe.d/cve-2026-31431-mitigation.conf with the following lines:
blacklist algif_aead
install algif_aead /bin/false
Then run:
update-initramfs -u
Reboot the machine.
When the machine comes backup, verify that the exploit no longer works.
If you have any questions on how to apply this mitigation or are unsure if you are affected, or if you have any other questions, our expert Linux consultants are ready to help. Contact us and talk to an expert today.
