If you are running a kernel with those functions loaded via a kernel module, you can rmmod the kernel module and black list it so it doesn't get loaded again. RHEL and RHEL-alikes have that function compiled into the kernel so the only mitigation is blocking those kernel calls via the kernel boot options. Red Hat's CVE response page <https://access.redhat.com/security/cve/cve-2026-31431> has the kernel boot options to add to block them at that level. Of course, this requires a reboot.
IMO, if you are not comfortable do this then I wouldn't recommend running the whole OS to support your customer's website. Kent On Mon, May 4, 2026 at 12:53 PM Michael L <[email protected]> wrote: > Hello NLUG, > Running Ubuntu server for website. I got the following Action > Required email from our webdev consultants who also offer server > maintenance; they're recommending KernelCare as a possible service in the > event I'm not comfortable doing this myself. > > I haven't tried to implement the fix yet, so don't know if I'm capable yet > or not; guessing Canonical will soon incorporate patch as part of sudo apt > update. .. Just thought I'd mention this. Will of course take NLUG input. > > Thanks a million for all of NLUG's help in helping me get this far. Linux > has saved us a between $150,000 and $250,000 since Howard White got us > started in Aug.2018. > M > > > > > > > Dear Valued Customer, > > > > We would like to inform you of a recently disclosed high-severity Linux > kernel vulnerability, CVE-2026-31431 ("Copy Fail"). This issue affects a > wide range of Linux distributions running kernels released since 2017, > including CloudLinux, AlmaLinux, Ubuntu, Debian, and others. > > > > We continuously monitor such advisories and proactively assess their > impact across managed environments to ensure timely guidance and mitigation. > > > > --- > > Summary > > - Affects multiple Linux distributions and kernel versions > > - Allows privilege escalation to root from a local user account > > - Requires local access (not directly exploitable remotely) > > - Public exploit is available > > - Fixes are being released by vendors and live-patching providers > > --- > > > > Recommended Option 1: KernelCare Live Patching (Fastest & Least > Disruptive) > > The quickest way to protect your server is by using KernelCare, which > applies a live patch to the running kernel. > > > > - Mitigates the vulnerability without requiring an immediate reboot > > - Provides protection while vendor updates are being rolled out > > - A reboot may still be scheduled later if a full kernel upgrade is > applied > > > > You can review and obtain KernelCare here: > > > https://tuxcare.com/enterprise-live-patching-services/kernelcare-enterprise/ > > > > If you prefer, our team can handle the installation and configuration > for you - simply reply to this email. > > > > Note: While we have seen effective results with KernelCare in similar > environments, we recommend reviewing its features, pricing, and suitability > for your requirements before proceeding. > > > > --- > > Recommended Option 2: Install Official Vendor Kernel Updates > > You may alternatively apply the vendor-provided patched kernel using > your package manager. > > > > Steps: > > 1. Update the system: > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > # For CloudLinux / AlmaLinux / RHEL-based systems > > sudo dnf update kernel -y > > # For Ubuntu / Debian systems > > sudo apt update && sudo apt upgrade -y > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > 2. Reboot the server to activate the updated kernel: > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > sudo reboot > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > Updates are already available or being rolled out across distributions. > Availability may vary depending on your OS version and mirror > synchronisation. > > > > --- > > Temporary Workaround (If Patch Not Yet Available) > > If a patched kernel is not immediately available, a temporary mitigation > can be applied to reduce exposure by disabling the affected interface. > > > > For CloudLinux, AlmaLinux, Rocky, CentOS, and RHEL-based systems: > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > sudo grubby --update-kernel=ALL > --args="initcall_blacklist=algif_aead_init" > > sudo reboot > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > > > For Ubuntu and Debian systems: > > Edit the GRUB configuration: > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > sudo nano /etc/default/grub > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > Add the following parameter: > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > GRUB_CMDLINE_LINUX="initcall_blacklist=algif_aead_init" > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > Then apply the changes and reboot: > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > sudo update-grub > > sudo reboot > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > This mitigation disables the vulnerable interface and effectively blocks > the currently known exploit path. > > It does not impact common services such as SSH, OpenSSL, or IPsec. > > > > --- > > Important Considerations > > A kernel update modifies the core of the operating system. While such > updates are routinely handled, there remains a small possibility of issues > such as temporary service disruption or, in rare cases, boot failure. > > > > We recommend scheduling this activity during a planned maintenance > window to minimise impact. > > > > - Estimated duration: 1-2 hours > > - Downtime is expected during reboot > > - In rare scenarios, console/KVM access from your hosting provider may > be required for recovery > > > > Our team routinely performs kernel upgrades across a large number of > environments and follows best practices to minimise risk. Should any issues > arise, we will assist with investigation and resolution. Please note that > extended troubleshooting, if required, may involve additional effort. > > > > --- > > Execution Advisory > > The commands and procedures outlined above should be carried out by > individuals with appropriate system administration experience. > > > > Improper execution may lead to service disruption, boot issues, or > configuration inconsistencies. Outcomes can vary depending on the server > environment, kernel version, and installed software. > > > > If you are not fully confident in performing these actions, we strongly > recommend seeking professional assistance. Our team will be happy to handle > the implementation safely for you. > > > > --- > > Next Steps > > Please review the options above and let us know how you would like to > proceed. We can assist with: > > > > - Installing and configuring KernelCare > > - Performing the vendor kernel update > > - Applying the temporary workaround > > > > Kindly share your preferred option along with a suitable maintenance > window, and we will schedule the activity accordingly. > > > > --- > > Thank you for your continued trust in Bobcares. > > > > Best regards, > > Infrastructure Management Services, > > Bobcares > > -- > -- > You received this message because you are subscribed to the Google Groups > "NLUG" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/nlug-talk?hl=en > > --- > You received this message because you are subscribed to the Google Groups > "NLUG" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion visit > https://groups.google.com/d/msgid/nlug-talk/CALdmzXZXKx0UiS5%2BsBM2CQYhEK6WxuGv5OzA8X3ctqE-Lu%3D3sA%40mail.gmail.com > <https://groups.google.com/d/msgid/nlug-talk/CALdmzXZXKx0UiS5%2BsBM2CQYhEK6WxuGv5OzA8X3ctqE-Lu%3D3sA%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- -- You received this message because you are subscribed to the Google Groups "NLUG" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en --- You received this message because you are subscribed to the Google Groups "NLUG" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/d/msgid/nlug-talk/CA%2B6_KC9xnYqghZhV9YXEo9sweca1XDVekvBotGCfPM%3DL6E0weA%40mail.gmail.com.
