Revision cc4dbc11-8e91-4e11-8a65-6cc115e940fd

While the website may be down, the security email list continues to work apparently and they have emaied about a mitigation there on 30.04.2026 18:06 CET.

The issue should be mitigated for now thanks to USN-8226-1 and USN-8226-2. It more or less applies the same mitigations suggested by the researchers, but right in `kmod` and through an update, the upside being that the kernel module will probably be reactivated when the issue has been fully patched, without any manual intervention besides needing to apply updates.

The description of this USN reads:

> kmod has been updated to block loading of the algif_aead kernel
> module.

It suggest the following updates:

> Ubuntu 25.10   kmod                            34.2-2ubuntu1.1
> 
> Ubuntu 24.04 LTS   kmod                           
> 31+20240202-2ubuntu7.2
> 
> Ubuntu 22.04 LTS   kmod                            29-1ubuntu1.1
> 
> Ubuntu 20.04 LTS   kmod                            27-1ubuntu2.1+esm1
>                                   Available with Ubuntu Pro
> 
> Ubuntu 18.04 LTS   kmod                            24-1ubuntu3.5+esm1
>                                   Available with Ubuntu Pro
> 
> Ubuntu 16.04 LTS   kmod                            22-1ubuntu5.2+esm1
>                                   Available with Ubuntu Pro
> 
> Ubuntu 14.04 LTS   kmod                            15-0ubuntu7+esm1
>                                   Available with Ubuntu Pro

This mitigation can be applied using:
```bash
~$ sudo apt update && sudo apt upgrade kmod
```

I've not been able to verify what happens without a reboot or before installing that update yet, but after installation the exploit no longer works on my test server:

    ~$ python3 copy_fail_exp.py                         
    Traceback (most recent call last):                                             
      File "/tmp/copy_fail_exp.py", line 9, in <module>                            
        while i<len(e):c(f,i,e[i:i+4]);i+=4                                        
                       ^^^^^^^^^^^^^^^                                             
      File "/tmp/copy_fail_exp.py", line 5, in c                                   
        a=s.socket(38,5,0);a.bind(("aead","authencesn(hmac(sha256),cbc(aes))"));h=2
    79;v=a.setsockopt;v(h,1,d('0800010000000010'+'0'*64));v(h,5,None,4);u,_=a.accep
    t();o=t+4;i=d('00');u.sendmsg([b"A"*4+c],[(h,3,i*4),(h,2,b'\x10'+i*19),(h,4,b'\
    x08'+i*3),],32768);r,w=g.pipe();n=g.splice;n(f,w,o,offset_src=0);n(r,u.fileno()
    ,o)                                                                            
                           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^    
    FileNotFoundError: [Errno 2] No such file or directory

It looks like binding to an `aead` socket was successfully prevented.

They link the following blog and notices (may be not reachable now, but for future reference):
- https://ubuntu.com/blog/copy-fail-vulnerability-fixes-available
- https://ubuntu.com/security/notices/USN-8226-1
- https://ubuntu.com/security/notices/USN-8226-2

Kernel patches will probably become available in the near future as well, but due to the current state of the websites it is rather hard to get up-to-date information and I've yet to receive an email about it.