Ubuntu 22.04 affected by CVE-2026-31431? — Has 22.04 received the fix?

qwedsaz · April 30, 2026, 8:37am

~~· OS: Ubuntu 20.04.6 LTS Server~~

~~· Current kernel: 5.4.0-XX-generic(I didn’t see the specific kernel version)~~

· Architecture: x86_64

I’m looking into CVE-2026-31431 (“Copy Fail”), a local privilege escalation vulnerability. According to public information, it affects almost all Linux distributions from 2017 onward. A local user with a shell can exploit the AF_ALG interface combined with splice() to corrupt page cache of setuid binaries, gaining root privileges. No race condition required, and a PoC has been publicly released.

Questions

~~1. Regarding the 5.15 HWE kernel: If I install linux-generic-hwe-20.04 to upgrade to the 5.15 HWE kernel, does that version still have CVE-2026-31431?~~

~~2. Regarding Livepatch: Has Canonical Livepatch released a hot fix for CVE-2026-31431 yet? If yes, which kernel versions are covered?~~

3. Regarding Ubuntu 22.04: Has Ubuntu 22.04 LTS already received the kernel patch for this vulnerability?

Thanks

bashing-om · April 30, 2026, 11:38pm

For our public:

The fix saga begins here:
https://lists.ubuntu.com/archives/kernel-team/2026-April/167446.html

-Security Team on top-

guiverc · May 1, 2026, 12:06am

I’ll refer you to the Support and Help start here page, where it clearly states and shows that only releases in standard support are on-topic here.

Your post does include some parts that do relate to on-topic releases (ie. 22.04), so I’ll edit your question and ~~strikeout~~ the off-topic components.

Actionparsnip · May 1, 2026, 12:25pm

We’ve taken to adding the boot option
initcall_blacklist=algif_aead_init

The github check script then shows the server as safe

system · May 3, 2026, 8:53am

This topic was automatically closed 18 hours after the last reply. New replies are no longer allowed.