A local privilege escalation (LPE) vulnerability affecting the Linux kernel has been publicly disclosed on April 29, 2026. The vulnerability has been assigned CVE ID CVE-2026-31431 and is referred to as Copy Fail. The affected component is a kernel module that provides hardware-accelerated cryptographic functions: algif_aead. The vulnerability affects all Ubuntu releases before Resolute (26.04).The vulnerability has a CVSS 3.1 score of 7.8, corresponding to a severity of HIGH.The Ubuntu Security Team has released mitigations which disable the affected Linux kernel module in the kmod package. Linux kernel packages which implement the proposed patch will be released.ImpactDeployments without container workloadsOn hosts that do not run container workloads, the vulnerability allows a local user to elevate privileges to the root user. The published exploit executes in this type of deployment.Container deploymentsIn container deployments that may execute potentially-malicious workloads, the vulnerability may facilitate container escape scenarios. A proof-of-concept exploit has not been published yet.Mitigation regression riskThe mitigation disables a kernel module that is used for hardware-accelerated cryptography. Applications should gracefully fallback to userspace cryptographic functions, but there is a risk that some do not have this functionality.Similarly, already running applications may be affected if the module is disabled and unloaded and a reboot may be required to trigger the fallback functionality.Affected releasesThe vulnerability fix will be distributed through the Linux kernel image packages. A mitigation which disables the affected module is distributed through the kmod package. The mitigation will not be necessary once the kernel is updated.ReleasePackage NameFixed VersionTrusty (14.04)linuxOnly 4.15 kernel versions affected.3.13 and 4.4 kernel kernel versions are not affected.kmod15-0ubuntu7+esm1Xenial (16.04)linuxOnly 4.15 kernel versions affected.4.4 kernel kernel versions are not affected.kmod22-1ubuntu5.2+esm1Bionic (18.04)linuxAffectedkmod24-1ubuntu3.5+esm1Focal (20.04)linuxAffectedkmod27-1ubuntu2.1+esm1Jammy (22.04)linuxAffectedkmod29-1ubuntu1.1Noble (24.04)linuxAffectedkmod31+20240202-2ubuntu7.2Questing (25.10)linuxAffectedkmod34.2-2ubuntu1.1Resolute (26.04)linuxNot affectedkmodNo update neededHow to check if you are impactedOn your system, run the following command to get the version of the currently running kernel and compare the listed version to the corresponding table above.uname -rThe list of installed kernel packages can be obtained using the following command:dpkg -l 'linux-image*' | grep ^iiTo obtain the version of the kmod package that contains the mitigation, run the following command and compare the listed version to the table above.dpkg -l kmodSecurity updatesWe recommend you upgrade all packages:sudo apt update && sudo apt upgradeIf this is not possible, the affected component can be targeted:sudo apt update && sudo apt install --only-upgrade kmodThe unattended-upgrades feature is enabled by default for Ubuntu 16.04 LTS onwards. This service: Applies new security updates every 24 hours automatically.If you have this enabled, the patches above will be automatically applied within 24 hours of being available.Rebooting the system will ensure that the mitigation is applied, irrespective of the current state. If this is not possible, ensuring the module is not loaded will suffice and not require a system reboot.In order to avoid a reboot, first unload the module, in case it is already loaded:sudo rmmod algif_aead 2>/dev/null Check whether the module is still loaded:grep -qE '^algif_aead ' /proc/modules && echo "Affected module is loaded" || echo "Affected module is NOT loaded"Unloading the module could affect currently running applications. Similarly, if it is currently in use, removing the module might fail. In these instances, reboot the system should trigger the applications to fallback to non-accelerated cryptographic functions:sudo rebootManual mitigation (alternative)If you cannot apply the userspace mitigation through an upgrade of the kmod package, you can configure it manually on your system using the instructions in this section.Block the module by creating a /etc/modprobe.d/manual-disable-algif_aead.conf file. This is the same action that the kmod update performs.echo "install algif_aead /bin/false" | sudo tee /etc/modprobe.d/manual-disable-algif_aead.confUnload the module, in case it is already loaded:sudo rmmod algif_aead 2>/dev/null Check whether the module is still loaded:grep -qE '^algif_aead ' /proc/modules && echo "Affected module is loaded" || echo "Affected module is NOT loaded"Unloading the module could affect currently running applications. Similarly, if it is currently in use, removing the module might fail. In these instances, a system reboot should trigger the applications to fallback to non-accelerated cryptographic functions:sudo rebootDisabling the mitigationIf you have the kmod mitigation installed and wish to disable it due to application compatibility issues, you can comment out the module disabling configuration file and reboot the host:sudo sed -i 's/^/#/' /etc/modprobe.d/disable-algif_aead.confsudo reboot