Re: Copy Fail Exploit

Thu, 30 Apr 2026 06:21:34 -0700 



Le 30/04/2026 à 11:56, Ludovic Courtès a écrit :

Hi!

(Cc: kernel team.)

Gary Johnson <[email protected]> skribis:


My apologies if I've missed announcements related to this, but have we updated 
our Linux kernel yet to patch against the recent Copy Fail exploit?

https://copy.fail/


I was looking at it just now.  There are more details in their post:

   https://xint.io/blog/copy-fail-linux-distributions

But I only found the list of Linux versions that include a fix in this
post:

   https://seclists.org/oss-sec/2026/q2/281

 From what I can see 6.19.12 and 6.18.22, which we currently ship,
include the fix.

Other versions are likely vulnerable:

--8<---------------cut here---------------start------------->8---
$ guix package -A linux-libre$
linux-libre     6.6.134         out     gnu/packages/linux.scm:1014:2
linux-libre     6.19.12         out     gnu/packages/linux.scm:1014:2
linux-libre     6.18.22         out     gnu/packages/linux.scm:1014:2
linux-libre     6.12.81         out     gnu/packages/linux.scm:1014:2
linux-libre     6.1.168         out     gnu/packages/linux.scm:1014:2
linux-libre     5.15.202        out     gnu/packages/linux.scm:1014:2
linux-libre     5.10.252        out     gnu/packages/linux.scm:1014:2
$ guix describe |grep -A2 guix
   guix ecda809
     repository URL: https://git.guix.gnu.org/guix.git
     branch: master
     commit: ecda809fd454fa1574616ecfcd695678238e3aca
--8<---------------cut here---------------end--------------->8---

Looks like we’re providing the offending facility as a module:

--8<---------------cut here---------------start------------->8---
$ zgrep CONFIG_CRYPTO_USER_API_AEAD /proc/config.gz
CONFIG_CRYPTO_USER_API_AEAD=m
$ uname -sr
Linux 6.18.22-gnu
--8<---------------cut here---------------end--------------->8---

Thus one should be able to “rmmod algif_aead” and be done with it.

Thoughts?

Ludo’.




I would like to alert system administrators that 
the mitigation announced on the copy.fail site is 
not sufficient: Simply rmmod or checking with 
lsmod is not enough to confirm the absence of the 
problematic module, as it could be builtin into 
the kernel.


To verify its presence in memory, please run:


# grep algif_aead /lib/modules/$(uname 
-r)/modules.builtin



If the output includes 
kernel/crypto/algif_aead.ko, the module is 
present, and a system reboot is required to remove 
it from memory after adding a modprobe file.


Best regards,

Medernach Emmanuel
























					Reply via email to