Linux kernel privilege escalation vulnerability „Copy Fail“ (CVE-2026-31431)
ELEMENTS appliances are not affected by this vulnerability. The algif_aead kernel module at the root of this issue is not used by the ELEMENTS platform. As an additional precautionary measure, a software update that enforces blacklisting of the affected module is already available. Kernel updates will be offered once the patched kernels have been validated against all hardware configurations in use.
On 29 April 2026, security firm Theori publicly disclosed a high-severity local privilege escalation vulnerability in the Linux kernel, tracked as CVE-2026- 31431 and named „Copy Fail“. The vulnerability carries a CVSS 3.1 score of 7.8 (High) and affects virtually every mainstream Linux distribution running a kernel built since 2017. It allows an unprivileged local user to gain root access via a logic flaw in the algif_aead kernel module.
ELEMENTS appliances are not at risk from CVE-2026-31431. The vulnerable algif_aead kernel module is not used by the ELEMENTS software stack. To further harden this posture, we have prepared a software update that actively blacklists the affected module, preventing it from being loaded even if triggered indirectly. This update is ready and will be made available promptly.
In parallel, we are validating patched kernel packages against the full range of hardware configurations used across ELEMENTS appliance models. Once this validation is complete, kernel updates will be made available through the standard ELEMENTS update mechanism.
If you have questions about your specific ELEMENTS system or would like to schedule a security check, please contact our support team.
Read more about the vulnerability here: https://copy.fail
Original disclosure by Theori (Xint Code) CVE-2026-31431 at cve.org