What Is Copy Fail (CVE-2026-31431) and How to Protect a Linux VPS

11 hours ago
nikolay
2 minutes

Linux Vulnerability Recommendations

1. What Happened

On April 29, 2026, a critical Linux zero-day vulnerability called Copy Fail — CVE-2026-31431 — was published.

The issue is related to the algif_aead kernel module and may allow local privilege escalation to root access.

In simple terms, a user or process with access to the system could potentially gain full control over the server.

2. Which Systems May Be Vulnerable

The issue affects several Linux distributions, including:

  • Ubuntu
  • Debian
  • AlmaLinux
  • Rocky Linux
  • CentOS Stream
  • Fedora
  • openSUSE

Kernel updates have already been released for most popular systems.

3. What Is Recommended

There are 2 main protection options.

Option 1 — Update the System (Recommended)

Install the latest kernel updates and reboot the server.

For Ubuntu / Debian

apt update
apt upgrade -y
reboot

For AlmaLinux / Rocky / CentOS

dnf update -y
reboot

Option 2 — Temporarily Disable the algif_aead Module

If you cannot update the server immediately:

modprobe -r algif_aead

To block automatic loading:

echo "blacklist algif_aead" >> /etc/modprobe.d/blacklist.conf

After this, it is recommended to reboot the server.

4. How to Check the Kernel Version

uname -r

5. How to Properly Update a VPS

Before updating, it is recommended to:

  • create a backup
  • check available disk space
  • make sure SSH access is available

Step-by-Step Update

Update the package list

apt update

Install updates

apt upgrade -y

Update the kernel and system packages

apt full-upgrade -y

Reboot

reboot

6. Verification After the Update

After reboot:

uname -r

Also check:

  • whether websites are working
  • whether services are starting correctly
  • nginx/apache/mysql/docker status
Leave a Reply 0

Your email address will not be published. Required fields are marked *