CopyFail (CVE-2026-31431): Kernel Patches Now Available for Rocky Linux
I put this advisory out for Rocky Linux because CopyFail (CVE-2026-31431) is one of those you do not want to sit on. It is a high-severity local privilege escalation in the Linux kernel, the exploit is public, and researchers have shown it works reliably across distributions with no race conditions. Patched kernels are available now for Rocky Linux 8.10, 9.7, and 10.1, so the short version is: update your kernel and reboot.
Originally published on Rocky Linux Read the full article →A few things I wanted people to walk away with:
- Patch and reboot, do not wait. Run
sudo dnf --refresh update 'kernel*'thensudo reboot, and confirm withuname -rthat you are on a fixed build. - File integrity tools will not save you here. The exploit corrupts an in-memory copy of a setuid binary in the page cache without touching anything on disk, which is why patching is the real fix.
- Do not bother trying to disable the module on Rocky. On Rocky Linux,
algif_aeadis compiled into the kernel image, not a loadable module, so the kernel update is the correct and only fix.
Treat this as actively exploited and get your systems patched today.