On 2026-04-30 11:56, Ludovic Courtès wrote:
Hi!
(Cc: kernel team.)
Gary Johnson <[email protected]> skribis:
My apologies if I've missed announcements related to this, but have we
updated our Linux kernel yet to patch against the recent Copy Fail
exploit?
https://copy.fail/
I was looking at it just now. There are more details in their post:
https://xint.io/blog/copy-fail-linux-distributions
But I only found the list of Linux versions that include a fix in this
post:
https://seclists.org/oss-sec/2026/q2/281
From what I can see 6.19.12 and 6.18.22, which we currently ship,
include the fix.
Other versions are likely vulnerable:
--8<---------------cut here---------------start------------->8---
$ guix package -A linux-libre$
linux-libre 6.6.134 out gnu/packages/linux.scm:1014:2
linux-libre 6.19.12 out gnu/packages/linux.scm:1014:2
linux-libre 6.18.22 out gnu/packages/linux.scm:1014:2
linux-libre 6.12.81 out gnu/packages/linux.scm:1014:2
linux-libre 6.1.168 out gnu/packages/linux.scm:1014:2
linux-libre 5.15.202 out gnu/packages/linux.scm:1014:2
linux-libre 5.10.252 out gnu/packages/linux.scm:1014:2
$ guix describe |grep -A2 guix
guix ecda809
repository URL: https://git.guix.gnu.org/guix.git
branch: master
commit: ecda809fd454fa1574616ecfcd695678238e3aca
--8<---------------cut here---------------end--------------->8---
Looks like we’re providing the offending facility as a module:
--8<---------------cut here---------------start------------->8---
$ zgrep CONFIG_CRYPTO_USER_API_AEAD /proc/config.gz
CONFIG_CRYPTO_USER_API_AEAD=m
$ uname -sr
Linux 6.18.22-gnu
--8<---------------cut here---------------end--------------->8---
Thus one should be able to “rmmod algif_aead” and be done with it.
Thoughts?
Ludo’.
Hi!
I found out that the following latest versions contain backported fix:
5.10.254
5.15.204
6.1.170
6.6.137
6.12.85
