The kernel module is still marked as disabled: # cat /etc/modprobe.d/disable-algif_aead.conf # Disable algif_aead module due to CVE-2026-31431 (AKA copy.fail) # This will likely be re-enabled in a subsequent update once an updated # kernel has been deployed. # Blacklisting the module isn't sufficient, we need to do as below: install algif_aead /bin/false
These modules are required if you run ipsec. I removed 'disable-algif_aead.conf', rebooted, and tested the exploits. They didn't work anymore. Expected behavior seems that this workaround is removed again. # cat /etc/lsb-release && echo && uname -a DISTRIB_ID=Ubuntu DISTRIB_RELEASE=24.04 DISTRIB_CODENAME=noble DISTRIB_DESCRIPTION="Ubuntu 24.04.4 LTS" Linux ubuntu2404 6.8.0-124-generic #124-Ubuntu SMP PREEMPT_DYNAMIC Tue May 26 13:00:45 UTC 2026 x86_64 x86_64 x86_64 GNU/Linux -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2150686 Title: Copy-fail (CVE-2026-31431) still exploitable in Ubuntu24 linux- image-6.8.0-110-generic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2150686/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
