## https://sploitus.com/exploit?id=29D90A9C-E8E8-5B0B-A9DA-F15DBC31723E
# *Copy Fail* exploit mitigation
CVE-2026-31431 (also known as Copy Fail) is a local privilege escalation (LPE)
vulnerability that can be easily exploited by any authenticated user on the system.
Unlike many LPE vulnerabilities, Copy Fail is very reliable and easy to exploit
with only a standard user account.
Copy Fail is especially dangerous for any system where multiple users share a kernel.
## References
-
-
## Mitigation
To mitigate this vulnerability, we have a DaemonSet manifest prepared in this repository.
See `k8s/copy-fail-ds.yaml` for details.
This manifest disables the affected kernel module, algif_aead,
which is used for hardware-accelerated cryptography.
Please be aware that applying this mitigation may impact workloads that rely
on hardware-accelerated cryptographic functions.
We strongly advise testing the mitigation on a single node before applying it more broadly.
You can do this by using the pod definition and setting nodeName,
which bypasses the scheduler and runs the pod only on the specified node.
See `k8s/copy-fail-pod.yaml` for details.
### Steps to apply the mitigation
Use the DaemonSet manifest and set `nodeName` to test on a single node.
Verify the fix by checking the pod output, which should display:
```
install algif_aead /bin/false
Affected module is NOT loaded, reboot is NOT required.
Fix applied successfully.
```
**If the script indicates that a reboot is required, please restart the affected node.**