5 minute read
Copy Fail: what you need to know and how to stay protected
A newly disclosed vulnerability in the Linux kernel, referred to as CVE-2026-31431 (Copy Fail), has been making waves across the industry.
And for good reason: it allows a local user to escalate privileges to root access within seconds on most major Linux distributions.
At Tilaa, we take security seriously.
In this blog, we’ll explain what’s going on, what the risks are and (most importantly) what you can do about it.
We’ll also share how we have already addressed this issue from Tilaa’s side.
What is the Copy Fail bug?
The Copy Fail vulnerability originates from code introduced in Linux kernel 4.14 back in 2017. Despite being present for nearly nine years, it remained unnoticed until its public disclosure in 2026.
Now that a reliable public exploit is available, the risk is no longer theoretical, it’s practical and immediate.
Who is affected?
This vulnerability impacts a broad range of systems:
All Linux systems running kernels from 4.14 up to 7.0
This means all Linux VPS installed via My Tilaa before 4 May 2026 are affected.
Especially if one of the below applies to you:
- Multi-user environments and shared systems
- Container hosts (especially LXC environments)
If your system hasn’t been patched, it should be considered vulnerable.
What can you do right now?
If you manage your own systems, applying updates or mitigations is critical. Below are the official resources per distribution:
Distribution-specific fixes
- Arch Linux
https://security.archlinux.org/CVE-2026-31431 - Debian
https://security-tracker.debian.org/tracker/CVE-2026-31431 - Ubuntu
https://ubuntu.com/blog/copy-fail-vulnerability-fixes-available - Gentoo
https://bugs.gentoo.org/show_bug.cgi?id=CVE-2026-31431 - AlmaLinux
https://almalinux.org/blog/2026-05-01-cve-2026-31431-copy-fail/ - Rocky Linux / RHEL-based
https://access.redhat.com/security/cve/cve-2026-31431
Special note: CentOS 8 (End of Life)
CentOS 8 does not have an official fix. If upgrading is not an option, apply this mitigation:
grubby --update-kernel=ALL --args="initcall_blacklist=algif_aead_init"
reboot
How to verify if your system is safe
Run the following checks:
RHEL-based systems
rpm -q --changelog kernel-core | grep -i '31431\|algif_aead\|Copy Fail'
Debian / Ubuntu
modprobe -n -v algif_aead
Expected output:
install /bin/false
Tilaa’s approach: proactive, secure and future-proof
At Tilaa, we don’t just react, we anticipate.
✅ All VPS deployments after 4 May 2026 are not vulnerable (images have been rebuilt)
This means that new environments are secure by design and existing ones are actively being improved.
Final thoughts
Any Linux system running an unpatched kernel between 4.14 and 7.0 should be considered vulnerable. With a working exploit already available, immediate action is strongly recommended.
At Tilaa, we make sure our customers don’t have to worry about these risks. By combining proactive security updates with a forward-thinking infrastructure strategy, we keep your environments safe—so you can focus on what matters.
If you have questions or want help securing your systems, we’re here for you.
Share this article
Back to the overview
