Copy Fail (CVE-2026-31431): Patching kernels without rebooting
Most kernel CVEs follow a predictable rhythm for hosting providers: read the advisory, schedule a maintenance window, reboot during off-peak. Copy Fail (CVE-2026-31431) breaks that rhythm. It's a deterministic vulnerability, universal across Linux distributions, and lets a single compromised account on a shared host pivot to root over every other account on the same node. CISA added it to the actively-exploited list with a May 15 federal patch deadline. A severe combination for shared hosting: high impact on multi-tenant servers, and a fix that requires a reboot on every box.
CVE-2026-31431 (Copy Fail): Kernel Update on CloudLinux
CVE-2026-31431 (Copy Fail) is a Linux kernel local privilege escalation vulnerability in the algif_aead module (AF_ALG). Any unprivileged local user can gain root via a 732-byte Python exploit. All kernels since 2017 are affected.
CVE-2026-31431 (Copy Fail): Mitigation and Upcoming Patches for CloudLinux
Update on 2026-05-01
A follow-up advisory with full update instructions has been published here.
CVE-2026-31431 (Copy Fail) is a Linux kernel local privilege escalation in the algif_aead module (AF_ALG). Any unprivileged local user can gain root via a 732-byte Python exploit. All Linux kernels since 2017 are affected.
Explore Extended Lifecycle support for CentOS®6 in detail with LearnLinux TV
