--- title: "CVE-2026-31431 (CopyFail)" description: "Security advisory for CVE-2026-31431 (CopyFail), a Linux kernel vulnerability affecting Anyscale-distributed images. Includes mitigation guidance for Ray clusters and Kubernetes deployments." --- # CVE-2026-31431 (CopyFail) **Published:** April 30, 2026 CVE-2026-31431, known as CopyFail, is a Linux kernel vulnerability in the `algif_aead` crypto module with a CVSS score of 7.8 (High). A local unprivileged user can exploit it to escalate to root. The vulnerability affects every Linux kernel since 2017 across all major distributions, and a public proof-of-concept exists. ## Are you affected? Yes. Anyscale-distributed AMIs and cloud images contain affected kernels, as does virtually every unpatched Linux system. If you run Anyscale on your own Kubernetes cluster, your node OS images are your responsibility to patch. ## Risk for Ray clusters Ray workers run as the `ray` user, not root. On Anyscale-distributed images, the `ray` user has `sudo` available for legitimate workload needs. A job submitter who can run arbitrary code already has a direct path to root on the node. :::note For typical Ray deployments, the marginal risk that CopyFail adds above this existing baseline is low. Anyscale still recommends the mitigation as defense-in-depth, particularly for hosts with non-Ray workloads, operator SSH access, or sidecar processes running as a different user. ::: ## Mitigation Disable the vulnerable module on every Ray node: ```bash echo "install algif_aead /bin/false" | sudo tee /etc/modprobe.d/disable-algif_aead.conf sudo rmmod algif_aead 2>/dev/null || true ``` To verify, run `lsmod | grep algif_aead`. The command should return no output. ## Apply the mitigation across a cluster Use a Ray job to apply the mitigation across all nodes: ```python import ray, subprocess @ray.remote(num_cpus=0) def mitigate(): # Persist across reboots persist = subprocess.run( ["sudo", "tee", "/etc/modprobe.d/disable-algif_aead.conf"], input="install algif_aead /bin/false\n", capture_output=True, text=True ) if persist.returncode != 0: return {"ok": False, "step": "persist", "err": persist.stderr} # Unload from running kernel (ok if already unloaded) subprocess.run(["sudo", "rmmod", "algif_aead"], capture_output=True) # Verify loaded = subprocess.run(["lsmod"], capture_output=True, text=True) if "algif_aead" in loaded.stdout: return {"ok": False, "step": "verify", "err": "module still loaded"} return {"ok": True} nodes = [n for n in ray.nodes() if n["Alive"]] results = ray.get([ mitigate.options(resources={f"node:{n['NodeManagerAddress']}": 0.01}).remote() for n in nodes ]) print(f"Mitigated: {sum(1 for r in results if r['ok'])}/{len(results)}") for r in results: if not r["ok"]: print(r) ``` :::caution New nodes from autoscaling won't have the mitigation applied. Add this to your node-init hooks until the patched image is available. ::: ## Kubernetes deployments Anyscale doesn't distribute Kubernetes node images. Host kernels are your responsibility. Disable the `algif_aead` module via a privileged DaemonSet or your node configuration management. Track your cloud provider's patched node image release. EKS, GKE, and AKS publish patched images on their own cadences. Roll your nodes when patched images are available. ## Patched image timeline **Target: May 7, 2026.** A patched kernel will ship as part of the Ubuntu 24.04 image release. The one-week timeline reflects required stability validation for kernel changes. The mitigation above is a complete fix. Customers who apply it won't be exposed to CopyFail regardless of when the patched image ships. If you require a patched kernel sooner for compliance or contractual reasons, contact [Anyscale support](mailto:support@anyscale.com). ## References - [CVE-2026-31431 disclosure](https://xint.io/blog/copy-fail-linux-distributions) - [Container and multi-tenant analysis](https://www.bugcrowd.com/blog/what-we-know-about-copy-fail-cve-2026-31431/) --- Previous: [Compare Anyscale base images](/reference/base-images/compare.md) | Next: [API reference archive](/ref.md)