On April 29, the team at Xint Code disclosed a Linux kernel flaw they have named Copy Fail, tracked as CVE-2026-31431. The bug lives in the kernel’s crypto subsystem — a logic flaw in authencesn chained through AF_ALG and splice() — and it lets any unprivileged local user escalate to root with a 732-byte exploit that the researchers report works unmodified across every mainstream distribution built since 2017. Every supported AlmaLinux release is affected.

If you run AlmaLinux on a multi-tenant host, container build farm, CI runner, or any system where untrusted users can get a shell, this one matters.

More information about the vulnerability:

https://copy.fail/
https://xint.io/blog/copy-fail-linux-distributions
https://github.com/theori-io/copy-fail-CVE-2026-31431
https://nvd.nist.gov/vuln/detail/CVE-2026-31431

Update: Patched kernels are now in production

2026-05-01 21:07 UTC — The patched kernels are now rolling out to production repositories/mirrors. You no longer need to enable the testing repo to get them. Just run:

sudo dnf clean metadata && sudo dnf upgrade
sudo reboot

Most mirrors have a sync frequency of 3 hours. If the updates are not available to you yet we recommend trying again in about an hour.

The testing-repo instructions further down in this post remain for reference but are no longer the recommended path.

The kernels released to production repositories are bit for bit identical to those from testing. We’d like to thank everyone who helped with testing - it was the best involvement we’ve had for a community call for testing to date and contributed to the speed of getting these patches into production repositories!

Errata is available for all three supported AlmaLinux versions:
8: https://errata.almalinux.org/8/ALSA-2026-A001.html
9: https://errata.almalinux.org/9/ALSA-2026-A002.html
10: https://errata.almalinux.org/10/ALSA-2026-A003.html

Sumber: https://almalinux.org/blog/2026-05-01-cve-2026-31431-copy-fail/

Saturday, May 2, 2026

« Back

Powered by WHMCompleteSolution