#Tag · Bonfire social

@jwildeboer@social.wildeboer.net · 3 days ago

Ah, the #copyfail clickbait posts are coming. Here’s my serious contribution. On your Linux machine add

initcall_blacklist=algif_aead_init

to your kernel boot commandline (typically in grub). Reboot. You are now safe until the updated kernel packages become available. For distributions with the `grubby` command this is done as root with

# grubby --update-kernel=ALL --args="initcall_blacklist=algif_aead_init"

This mitigation comes courtesy of Red Hat. Our engineers keep you safe :)

1/4

Copyfail on Linux? Stay calm and read this.

Jan Wildeboer 😷:krulorange:

@jwildeboer@social.wildeboer.net · 2 days ago

Here is @Larvitz gist that gives you an Ansible playbook to deploy the mitigation on (big) fleets: https://burningboard.net/@Larvitz/116498775760655365

3/4

Jan Wildeboer 😷:krulorange:

@jwildeboer@social.wildeboer.net replied · 2 days ago

The TL;DR of #CopyFail in my opinion: Due to an unusual (I personally think irresponsible) disclosure, we sysadmins are now dealing with having to push out an immediate mitigation until the updated kernel packages become available. I am trying to help in a pragmatic way. This too will pass, but it also shows that running Linux servers comes with responsibilities to protect your machines and users.

4/4

Jan Wildeboer 😷:krulorange:

@jwildeboer@social.wildeboer.net · 3 days ago

Ah, the #copyfail clickbait posts are coming. Here’s my serious contribution. On your Linux machine add

initcall_blacklist=algif_aead_init

to your kernel boot commandline (typically in grub). Reboot. You are now safe until the updated kernel packages become available. For distributions with the `grubby` command this is done as root with

# grubby --update-kernel=ALL --args="initcall_blacklist=algif_aead_init"

This mitigation comes courtesy of Red Hat. Our engineers keep you safe :)

1/4

Larvitz :fedora:

@Larvitz@burningboard.net · 3 days ago

Fresh gist: mitigating CVE-2026-31431 ("Copy Fail") on RHEL 8/9/10 with a tiny Ansible playbook.

It blacklists algif_aead via a kernel boot arg (initcall_blacklist=algif_aead_init), reboots only when needed, and asserts the mitigation actually stuck after reboot. Idempotent & safe to re-run.

https://codeberg.org/Larvitz/gists/src/branch/main/2026/20260501-CVE-2026-31431_RHEL_Mitigation.md

#Ansible #RHEL #Linux #InfoSec #SysAdmin #DevOps #CVE #CVE_2026_31431 #copyfail

Codeberg.org

gists/2026/20260501-CVE-2026-31431_RHEL_Mitigation.md at main

gists - Just some gists in Markdown, I wanted to share

Aral Balkan

@aral@mastodon.ar.al · 4 days ago

RE: https://infosec.exchange/@patrickcmiller/116497719012673276

“The realistic threat chain looks like this. An attacker exploits a known WordPress plugin vulnerability and gets shell access as www-data. They run the copy.fail PoC. They are now root on the host. Every other tenant is suddenly reachable, in the way I walked through in this hack post-mortem. The vulnerability does not get the attacker onto the box; it changes what happens in the next ten seconds after they land there.”

#CopyFail #linux #exploit