1. Home
2. Questions
3. Unanswered
4. AI Assist
5. Tags
7. Chat
8. Users
10. Companies
Stack Internal

Stack Overflow for Teams is now called Stack Internal. Bring the best of human thought and AI automation together at your work.
Try for free Learn more
Stack Internal
Bring the best of human thought and AI automation together at your work. Learn more

Timeline for How do I fix CVE-2026-31431 on Ubuntu 24.04 LTS?

Current License: CC BY-SA 4.0

Post Revisions

18 events

when toggle format	what		by	license	comment
1 hour ago	answer	added	Cromefire_		timeline score: 2
8 hours ago	comment	added	guiverc		ubuntu.com//blog/copy-fail-vulnerability-fixes-available maybe worth a read, when you can get to it (of course; infrastructure issues being worked on)
8 hours ago	comment	added	Daniel T		@Paul I edited the question to mention the harm
8 hours ago	history	edited	Daniel T	CC BY-SA 4.0	added 48 characters in body
11 hours ago	comment	added	Paul		Might any hard come to anyone from linking to an exploit script?
18 hours ago	history	became hot network question
yesterday	comment	added	Daniel T		The specific PoC exploit appears to make `/bin/su` immediately run a shell. It uses setuid to work, so disabling that in fstab or setting NoNewPrivileges will stop the PoC. The PoC didn't escape my Docker container. However, their GitHub said the underlying vulnerability is page cache corruption and running the PoC poisons /bin/su until up to reboot, so the exploit can be modified to target /usr/lib/systemd/systemd-executor, and wait for a systemd.timer to trigger, and this won't be patched by nosuid
yesterday	comment	added	Andrei Borzenkov		@Rinzwind Yes, `linux-hwe-6.8` package is in 22.04 release. The 24.04 has 6.8 as base kernel, not as HWE.
yesterday	answer	added	janw		timeline score: 14
yesterday	comment	added	Daniel T		Please post the algif_aead disablement as an answer
yesterday	comment	added	Rinzwind		@AndreiBorzenkov not acc. to ubuntu.com/security/CVE-2026-31431 for 6.8 only 22.04
yesterday	comment	added	janw		Update: We noticed that the Copy Fail website suggests disabling the `algif_aead` module (link). We have tested this and it prevents the exploit; we are now checking whether it breaks one of our applications.
yesterday	comment	added	Andrei Borzenkov		@guiverc Is not it "linux 24.04 LTS noble Vulnerable"?
yesterday	history	edited	janw	CC BY-SA 4.0	added 176 characters in body
yesterday	comment	added	janw		We tested the PoC, and it worked on our system (which is fully patched). I've edited the question.
yesterday	comment	added	guiverc		I don't see the GA kernel of 24.04 (noble) mention in ubuntu.com/security/CVE-2026-31431 ; why do you think you're vulnerable?
S yesterday	review	First questions
yesterday
S yesterday	history	asked	janw	CC BY-SA 4.0