Skip to main content
Ask Ubuntu

Return to Answer

Post Timeline

Typo
Source Link
Cromefire_
Cromefire_
  • 21
  • 1
  • 3

While the website may be down, the security email list continues to work apparently and they have emaiedemailed about a mitigation there onin an email from 30.04.2026 18:06 CET.

While the website may be down, the security email list continues to work apparently and they have emaied about a mitigation there on 30.04.2026 18:06 CET.

While the website may be down, the security email list continues to work apparently and they have emailed about a mitigation there in an email from 30.04.2026 18:06 CET.

Don't mark package as manually installed
Source Link
Cromefire_
Cromefire_
  • 21
  • 1
  • 3
sudo apt update && sudo apt install --only-upgrade kmod
sudo rmmod algif_aead

sudo apt update && sudo apt install kmod
sudo rmmod algif_aead

sudo apt update && sudo apt install --only-upgrade kmod
sudo rmmod algif_aead
Verified mitigation and when it is in effect
Source Link
Cromefire_
Cromefire_
  • 21
  • 1
  • 3
~$ sudo apt update && sudo apt upgradeinstall kmod
sudo rmmod algif_aead

I've not been able to verify what happensThe mitigation works effectively and without a reboot or before installing(given that update yet, but after installation the exploit no longer works on my test servermodule wasn't loaded at all or rmmod was used like suggested above), though a reboot is probably recommended:

wget https://github.com/theori-io/copy-fail-CVE-2026-31431/raw/main/copy_fail_exp.py -O /tmp/copy_fail_exp.py
python3 /tmp/copy_fail_exp.py

Result:

~$ python3 copy_fail_exp.py                         
Traceback (most recent call last):                                             
  File "/tmp/copy_fail_exp.py", line 9, in <module>                            
    while i<len(e):c(f,i,e[i:i+4]);i+=4                                        
                   ^^^^^^^^^^^^^^^                                             
  File "/tmp/copy_fail_exp.py", line 5, in c                                   
    a=s.socket(38,5,0);a.bind(("aead","authencesn(hmac(sha256),cbc(aes))"));h=2
79;v=a.setsockopt;v(h,1,d('0800010000000010'+'0'*64));v(h,5,None,4);u,_=a.accep
t();o=t+4;i=d('00');u.sendmsg([b"A"*4+c],[(h,3,i*4),(h,2,b'\x10'+i*19),(h,4,b'\
x08'+i*3),],32768);r,w=g.pipe();n=g.splice;n(f,w,o,offset_src=0);n(r,u.fileno()
,o)                                                                            
                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^    
FileNotFoundError: [Errno 2] No such file or directory

~$ sudo apt update && sudo apt upgrade kmod

I've not been able to verify what happens without a reboot or before installing that update yet, but after installation the exploit no longer works on my test server:

~$ python3 copy_fail_exp.py                         
Traceback (most recent call last):                                             
  File "/tmp/copy_fail_exp.py", line 9, in <module>                            
    while i<len(e):c(f,i,e[i:i+4]);i+=4                                        
                   ^^^^^^^^^^^^^^^                                             
  File "/tmp/copy_fail_exp.py", line 5, in c                                   
    a=s.socket(38,5,0);a.bind(("aead","authencesn(hmac(sha256),cbc(aes))"));h=2
79;v=a.setsockopt;v(h,1,d('0800010000000010'+'0'*64));v(h,5,None,4);u,_=a.accep
t();o=t+4;i=d('00');u.sendmsg([b"A"*4+c],[(h,3,i*4),(h,2,b'\x10'+i*19),(h,4,b'\
x08'+i*3),],32768);r,w=g.pipe();n=g.splice;n(f,w,o,offset_src=0);n(r,u.fileno()
,o)                                                                            
                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^    
FileNotFoundError: [Errno 2] No such file or directory

sudo apt update && sudo apt install kmod
sudo rmmod algif_aead

The mitigation works effectively and without a reboot (given that the module wasn't loaded at all or rmmod was used like suggested above), though a reboot is probably recommended:

wget https://github.com/theori-io/copy-fail-CVE-2026-31431/raw/main/copy_fail_exp.py -O /tmp/copy_fail_exp.py
python3 /tmp/copy_fail_exp.py

Result:

Traceback (most recent call last):                                             
  File "/tmp/copy_fail_exp.py", line 9, in <module>                            
    while i<len(e):c(f,i,e[i:i+4]);i+=4                                        
                   ^^^^^^^^^^^^^^^                                             
  File "/tmp/copy_fail_exp.py", line 5, in c                                   
    a=s.socket(38,5,0);a.bind(("aead","authencesn(hmac(sha256),cbc(aes))"));h=2
79;v=a.setsockopt;v(h,1,d('0800010000000010'+'0'*64));v(h,5,None,4);u,_=a.accep
t();o=t+4;i=d('00');u.sendmsg([b"A"*4+c],[(h,3,i*4),(h,2,b'\x10'+i*19),(h,4,b'\
x08'+i*3),],32768);r,w=g.pipe();n=g.splice;n(f,w,o,offset_src=0);n(r,u.fileno()
,o)                                                                            
                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^    
FileNotFoundError: [Errno 2] No such file or directory
Formatting
Source Link
Cromefire_
Cromefire_
  • 21
  • 1
  • 3
Added a bit more detail on mitigation
Source Link
Cromefire_
Cromefire_
  • 21
  • 1
  • 3
Source Link
Cromefire_
Cromefire_
  • 21
  • 1
  • 3