Discuss
Curious if someone is working on the changes needed to fix https://copy.fail/ or is it just a case ‘waiting on debian to fix it’ kind of issue? (I assume it’s the latter, but figured it’d open a discussion thread just in case)
3 Likes
I wonder too. I suppose it’s prudent to follow the advice in the meantime?
For immediate mitigation, block AF_ALG socket creation via seccomp or blacklist the algif_aead module:
echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif-aead.conf
rmmod algif_aead 2>/dev/null
We’re waiting for an upstream fix: CVE-2026-31431
The fix is now available, just update your system
3 Likes
Update AND reboot, it seems. Otherwise the affected kernel will keep running.