Hello NLUG,
Running Ubuntu server for website. I got the following Action
Required email from our webdev consultants who also offer server
maintenance; they're recommending KernelCare as a possible service in the
event I'm not comfortable doing this myself.
I haven't tried to implement the fix yet, so don't know if I'm capable yet
or not; guessing Canonical will soon incorporate patch as part of sudo apt
update. .. Just thought I'd mention this. Will of course take NLUG input.
Thanks a million for all of NLUG's help in helping me get this far. Linux
has saved us a between $150,000 and $250,000 since Howard White got us
started in Aug.2018.
M
> Dear Valued Customer,
>
> We would like to inform you of a recently disclosed high-severity Linux
kernel vulnerability, CVE-2026-31431 ("Copy Fail"). This issue affects a
wide range of Linux distributions running kernels released since 2017,
including CloudLinux, AlmaLinux, Ubuntu, Debian, and others.
>
> We continuously monitor such advisories and proactively assess their
impact across managed environments to ensure timely guidance and mitigation.
>
> ---
> Summary
> - Affects multiple Linux distributions and kernel versions
> - Allows privilege escalation to root from a local user account
> - Requires local access (not directly exploitable remotely)
> - Public exploit is available
> - Fixes are being released by vendors and live-patching providers
> ---
>
> Recommended Option 1: KernelCare Live Patching (Fastest & Least
Disruptive)
> The quickest way to protect your server is by using KernelCare, which
applies a live patch to the running kernel.
>
> - Mitigates the vulnerability without requiring an immediate reboot
> - Provides protection while vendor updates are being rolled out
> - A reboot may still be scheduled later if a full kernel upgrade is
applied
>
> You can review and obtain KernelCare here:
>
https://tuxcare.com/enterprise-live-patching-services/kernelcare-enterprise/
>
> If you prefer, our team can handle the installation and configuration for
you - simply reply to this email.
>
> Note: While we have seen effective results with KernelCare in similar
environments, we recommend reviewing its features, pricing, and suitability
for your requirements before proceeding.
>
> ---
> Recommended Option 2: Install Official Vendor Kernel Updates
> You may alternatively apply the vendor-provided patched kernel using your
package manager.
>
> Steps:
> 1. Update the system:
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> # For CloudLinux / AlmaLinux / RHEL-based systems
> sudo dnf update kernel -y
> # For Ubuntu / Debian systems
> sudo apt update && sudo apt upgrade -y
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 2. Reboot the server to activate the updated kernel:
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> sudo reboot
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Updates are already available or being rolled out across distributions.
Availability may vary depending on your OS version and mirror
synchronisation.
>
> ---
> Temporary Workaround (If Patch Not Yet Available)
> If a patched kernel is not immediately available, a temporary mitigation
can be applied to reduce exposure by disabling the affected interface.
>
> For CloudLinux, AlmaLinux, Rocky, CentOS, and RHEL-based systems:
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> sudo grubby --update-kernel=ALL
--args="initcall_blacklist=algif_aead_init"
> sudo reboot
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> For Ubuntu and Debian systems:
> Edit the GRUB configuration:
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> sudo nano /etc/default/grub
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Add the following parameter:
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> GRUB_CMDLINE_LINUX="initcall_blacklist=algif_aead_init"
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Then apply the changes and reboot:
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> sudo update-grub
> sudo reboot
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> This mitigation disables the vulnerable interface and effectively blocks
the currently known exploit path.
> It does not impact common services such as SSH, OpenSSL, or IPsec.
>
> ---
> Important Considerations
> A kernel update modifies the core of the operating system. While such
updates are routinely handled, there remains a small possibility of issues
such as temporary service disruption or, in rare cases, boot failure.
>
> We recommend scheduling this activity during a planned maintenance window
to minimise impact.
>
> - Estimated duration: 1-2 hours
> - Downtime is expected during reboot
> - In rare scenarios, console/KVM access from your hosting provider may be
required for recovery
>
> Our team routinely performs kernel upgrades across a large number of
environments and follows best practices to minimise risk. Should any issues
arise, we will assist with investigation and resolution. Please note that
extended troubleshooting, if required, may involve additional effort.
>
> ---
> Execution Advisory
> The commands and procedures outlined above should be carried out by
individuals with appropriate system administration experience.
>
> Improper execution may lead to service disruption, boot issues, or
configuration inconsistencies. Outcomes can vary depending on the server
environment, kernel version, and installed software.
>
> If you are not fully confident in performing these actions, we strongly
recommend seeking professional assistance. Our team will be happy to handle
the implementation safely for you.
>
> ---
> Next Steps
> Please review the options above and let us know how you would like to
proceed. We can assist with:
>
> - Installing and configuring KernelCare
> - Performing the vendor kernel update
> - Applying the temporary workaround
>
> Kindly share your preferred option along with a suitable maintenance
window, and we will schedule the activity accordingly.
>
> ---
> Thank you for your continued trust in Bobcares.
>
> Best regards,
> Infrastructure Management Services,
> Bobcares
--
--
You received this message because you are subscribed to the Google Groups
"NLUG" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/nlug-talk?hl=en
---
You received this message because you are subscribed to the Google Groups
"NLUG" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/d/msgid/nlug-talk/CALdmzXZXKx0UiS5%2BsBM2CQYhEK6WxuGv5OzA8X3ctqE-Lu%3D3sA%40mail.gmail.com.
