As a temporary mitigation, the Copy Fail website [suggests disabling the `algif_aead` module](https://copy.fail/#mitigation):
```
echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf
rmmod algif_aead 2>/dev/null || true
```

We tested that and it prevented the PoC exploit. This mitigation may come with some caveats in very specific configurations (see link), but in our case everything appears to work normally.