## https://sploitus.com/exploit?id=7F367459-9F39-5D81-BED0-4C40EF010AF1
# Copy Fail Safe Check
Read-only Linux safety check for **CVE-2026-31431 / Copy Fail**.
This tool checks whether the known `algif_aead`-based Copy Fail attack path appears to be mitigated on a Linux system.
## Safety
This script is defensive only.
It does **not**:
- run exploit code
- modify the system
- download additional payloads
- attempt privilege escalation
Do **not** run public exploit code on production systems.
## Usage
Clone this repository:
```bash
git clone https://github.com/waltrone1/copyfail-safe-check.git
cd copyfail-safe-check
chmod +x copyfail-safe-check.sh
./copyfail-safe-check.sh
```
Or download only the script:
```bash
curl -O https://raw.githubusercontent.com/waltrone1/copyfail-safe-check/main/copyfail-safe-check.sh
chmod +x copyfail-safe-check.sh
./copyfail-safe-check.sh
```
If `curl` is not available:
```bash
wget https://raw.githubusercontent.com/waltrone1/copyfail-safe-check/main/copyfail-safe-check.sh
chmod +x copyfail-safe-check.sh
./copyfail-safe-check.sh
```
## How to read the result
### All safe
```text
ALL SAFE - NO ACTION REQUIRED
Machine-readable status: OK_MITIGATED
```
The system appears to be protected against the checked Copy Fail attack path.
No further action is required right now.
### Protected, but reboot required
```text
PROTECTED NOW - REBOOT REQUIRED
Machine-readable status: MITIGATED_REBOOT_REQUIRED
```
The system appears to be protected for now, but a reboot is required so installed kernel or system updates become active.
Recommended action:
```bash
sudo reboot
```
After the reboot, run the check again:
```bash
./copyfail-safe-check.sh
```
### Action required
```text
ACTION REQUIRED - MODULE IS LOADED
```
or:
```text
ACTION REQUIRED - MODULE IS LOADABLE
```
The system should be reviewed and secured.
Recommended action:
- update kernel and relevant packages
- apply vendor-recommended mitigations if needed
- reboot if required
- run this check again afterwards
### Manual review required
```text
MANUAL REVIEW REQUIRED
```
The script could not clearly determine the protection status.
Review the full output manually.
## References
The following links are provided for background information only.
Do **not** run public exploit code on production systems.
- Copy Fail project page: https://copy.fail/
- Ubuntu CVE page: https://ubuntu.com/security/CVE-2026-31431
- Debian Security Tracker: https://security-tracker.debian.org/tracker/CVE-2026-31431
- CERT-EU advisory: https://cert.europa.eu/publications/security-advisories/2026-005/
## Disclaimer
This tool is a defensive helper for administrators.
It does not guarantee that a system is fully secure. Always follow your Linux distribution vendor's official security advisories and patch guidance.
## Maintainer
Maintained by [@waltrone1](https://github.com/waltrone1).