Security Announcement: CVE-2026-31431 (“Copy Fail”) Linux Kernel Vulnerability

Security Announcement: CVE-2026-31431 (“Copy Fail”) Linux Kernel Vulnerability

You may be aware of CVE-2026-31431 (“Copy Fail”), a recently disclosed kernel-level vulnerability affecting many Linux systems running kernel 4.14 or newer.

This issue may allow local privilege escalation on unpatched systems. We are sharing this advisory as it may impact servers you manage. Major operating system vendors are actively releasing patches and mitigations.

We recommend all customers review their servers and apply vendor updates as soon as possible.

How to Check if Your Server May Be Affected

Connect to your server via SSH and run:

uname -r

This will display the currently running kernel version.

General Guidance

Servers may be affected if they are running:

• Linux kernel 4.14 or newer

• Older unpatched releases of supported distributions

• Multi-user hosting environments with shell access

• Shared hosting servers where local users can log in

Servers already updated to the latest vendor kernel releases or protected by KernelCare live patching may already be mitigated.

Common Operating Systems Potentially Affected

The following distributions may be impacted depending on installed kernel version and patch level:

• AlmaLinux 8 / 9 / 10

• Alpine Linux

• CloudLinux 8 / 9 / 10

• Debian 11 / 12

• Red Hat Enterprise Linux 8 / 9

• Rocky Linux 8 / 9

• SUSE Linux Enterprise

• Ubuntu 20.04 / 22.04 / 24.04

• Amazon Linux 2 / 2023

Lower Risk / Legacy Systems

Older systems using kernels below 4.14 may not be directly affected by this specific vulnerability. However, these systems may still be at risk due to age and unsupported software versions.

Examples:

• CentOS 6

• CentOS 7

• RHEL 6 / 7

Operating System Advisories

• AlmaLinux: https://almalinux.org/blog/2026-05-01-cve-2026-31431-copy-fail/

• Alpine Linux: https://security.alpinelinux.org/vuln/CVE-2026-31431

• CloudLinux: https://blog.cloudlinux.com/cve-2026-31431-copy-fail-kernel-update

• Debian: https://security-tracker.debian.org/tracker/CVE-2026-31431

• Red Hat Enterprise Linux: https://access.redhat.com/security/vulnerabilities/RHSB-2026-02

• Rocky Linux: https://kb.ciq.com/article/rocky-linux/rl-cve-2026-31431-mitigation

• SUSE: https://www.suse.com/security/cve/CVE-2026-31431.html

• Ubuntu: https://ubuntu.com/security/CVE-2026-31431

KernelCare Users

If your server uses KernelCare, live kernel patching may already provide mitigation for this vulnerability across supported distributions without requiring a reboot.

Please refer to the CloudLinux advisory above for coverage details.

Recommended Action

1. Check your kernel version using uname -r

2. Apply all available system updates

3. Reboot if a new kernel is installed

4. Verify the new kernel version after reboot

5. Contact support if you need assistance

Control Panel / Platform Advisories

• Plesk: https://support.plesk.com/hc/en-us/articles/40124635047319-Vulnerability-CVE-2026-31431

• cPanel: https://support.cpanel.net/hc/en-us/articles/40184022594071-CVE-2026-31431-copy-fail-reported-for-linux-kernels

• SolusVM: https://support.solusvm.com/hc/en-us/articles/40185887408535-Vulnerability-CVE-2026-31431

Managed Server Customers

For customers with managed servers, our support team is already working on implementing the required updates and patches where applicable.

We will contact managed server customers separately if any approvals, or scheduling details are required.

Need Assistance?

Our support team is available if you require assistance reviewing, patching, or updating your server.

Sincerely,

Softsys Hosting Support