CVE-2026-31431 (CopyFail)
CVE-2026-31431 (CopyFail)
Published: April 30, 2026
CVE-2026-31431, known as CopyFail, is a Linux kernel vulnerability in the algif_aead crypto module with a CVSS score of 7.8 (High). A local unprivileged user can exploit it to escalate to root. The vulnerability affects every Linux kernel since 2017 across all major distributions, and a public proof-of-concept exists.
Are you affected?
Yes. Anyscale-distributed AMIs and cloud images contain affected kernels, as does virtually every unpatched Linux system. If you run Anyscale on your own Kubernetes cluster, your node OS images are your responsibility to patch.
Risk for Ray clusters
Ray workers run as the ray user, not root. On Anyscale-distributed images, the ray user has sudo available for legitimate workload needs. A job submitter who can run arbitrary code already has a direct path to root on the node.
For typical Ray deployments, the marginal risk that CopyFail adds above this existing baseline is low. Anyscale still recommends the mitigation as defense-in-depth, particularly for hosts with non-Ray workloads, operator SSH access, or sidecar processes running as a different user.
Mitigation
Disable the vulnerable module on every Ray node:
echo "install algif_aead /bin/false" | sudo tee /etc/modprobe.d/disable-algif_aead.conf
sudo rmmod algif_aead 2>/dev/null || true
To verify, run lsmod | grep algif_aead. The command should return no output.
Apply the mitigation across a cluster
Use a Ray job to apply the mitigation across all nodes:
import ray, subprocess
@ray.remote(num_cpus=0)
def mitigate():
# Persist across reboots
persist = subprocess.run(
["sudo", "tee", "/etc/modprobe.d/disable-algif_aead.conf"],
input="install algif_aead /bin/false\n",
capture_output=True, text=True
)
if persist.returncode != 0:
return {"ok": False, "step": "persist", "err": persist.stderr}
# Unload from running kernel (ok if already unloaded)
subprocess.run(["sudo", "rmmod", "algif_aead"], capture_output=True)
# Verify
loaded = subprocess.run(["lsmod"], capture_output=True, text=True)
if "algif_aead" in loaded.stdout:
return {"ok": False, "step": "verify", "err": "module still loaded"}
return {"ok": True}
nodes = [n for n in ray.nodes() if n["Alive"]]
results = ray.get([
mitigate.options(resources={f"node:{n['NodeManagerAddress']}": 0.01}).remote()
for n in nodes
])
print(f"Mitigated: {sum(1 for r in results if r['ok'])}/{len(results)}")
for r in results:
if not r["ok"]: print(r)
New nodes from autoscaling won't have the mitigation applied. Add this to your node-init hooks until the patched image is available.
Kubernetes deployments
Anyscale doesn't distribute Kubernetes node images. Host kernels are your responsibility. Disable the algif_aead module via a privileged DaemonSet or your node configuration management. Track your cloud provider's patched node image release. EKS, GKE, and AKS publish patched images on their own cadences. Roll your nodes when patched images are available.
Patched image timeline
Target: May 7, 2026. A patched kernel will ship as part of the Ubuntu 24.04 image release. The one-week timeline reflects required stability validation for kernel changes. The mitigation above is a complete fix. Customers who apply it won't be exposed to CopyFail regardless of when the patched image ships.
If you require a patched kernel sooner for compliance or contractual reasons, contact Anyscale support.