The issue should be mitigated for now thanks to USN-8226-1 and USN-8226-2. It more or less applies the same mitigations suggested by the researchers, but right in kmod and through an update. While the website may be down, the security email list continues to work apparently.
The description of this USN reads:
kmod has been updated to block loading of the algif_aead kernel module.
It suggest the following updates:
Ubuntu 25.10 kmod 34.2-2ubuntu1.1
Ubuntu 24.04 LTS kmod
31+20240202-2ubuntu7.2Ubuntu 22.04 LTS kmod 29-1ubuntu1.1
Ubuntu 20.04 LTS kmod 27-1ubuntu2.1+esm1 Available with Ubuntu Pro
Ubuntu 18.04 LTS kmod 24-1ubuntu3.5+esm1 Available with Ubuntu Pro
Ubuntu 16.04 LTS kmod 22-1ubuntu5.2+esm1 Available with Ubuntu Pro
Ubuntu 14.04 LTS kmod 15-0ubuntu7+esm1 Available with Ubuntu Pro
This mitigation can be applied using:
~$ sudo apt update && sudo apt upgrade kmod
I've not been able to verify what happens without a reboot or before installing that update yet, but after installation the exploit no longer works on my test server:
~$ python3 copy_fail_exp.py
Traceback (most recent call last):
File "/tmp/copy_fail_exp.py", line 9, in <module>
while i<len(e):c(f,i,e[i:i+4]);i+=4
^^^^^^^^^^^^^^^
File "/tmp/copy_fail_exp.py", line 5, in c
a=s.socket(38,5,0);a.bind(("aead","authencesn(hmac(sha256),cbc(aes))"));h=2
79;v=a.setsockopt;v(h,1,d('0800010000000010'+'0'*64));v(h,5,None,4);u,_=a.accep
t();o=t+4;i=d('00');u.sendmsg([b"A"*4+c],[(h,3,i*4),(h,2,b'\x10'+i*19),(h,4,b'\
x08'+i*3),],32768);r,w=g.pipe();n=g.splice;n(f,w,o,offset_src=0);n(r,u.fileno()
,o)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
FileNotFoundError: [Errno 2] No such file or directory
It looks like binding to an aead socket was successfully prevented.
They link the following blog and notices (may be not reachable now, but for future reference):
- https://ubuntu.com/blog/copy-fail-vulnerability-fixes-available
- https://ubuntu.com/security/notices/USN-8226-1
- https://ubuntu.com/security/notices/USN-8226-2
Kernel patches will probably become available in the near future as well, but due to the current state of the websites it is rather hard to get up-to-date information and I've yet to receive an email about it.