oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE-2026-31431: CopyFail: linux local privilege scalation

From: nightmare.yeah27 () aceecat org
Date: Sat, 2 May 2026 21:43:21 -0700
On Sun, May 03, 2026 at 07:43:56AM +1000, Brian May wrote:


But I heard some enterprise kernels came with the code compiled into the
kernel, and these required a kernel command line option and a reboot to
fix.


VPSs provided by Linode/Akamai have the "option" (see below) to boot
their kernel, so that no kernel package needs even to be installed in
the image.  That kernel is monolithic, and as far as I can see there
isn't a way to pass kernel options, either. As of today, the kernel
build options relevant to this bug seem to be still enabled, and
Akamai has this to say about it:

https://status.linode.com/incidents/msqh44ktjp9g

In the past, I have tried using distro or self compiled kernels
instead which is possible in theory, but I have found in that case
there was a non-negligible chance of the system not coming back from
reboot.

-- 
Ian
Previous By Date Next
Previous By Thread Next

Current thread: