Anything being done about NVD - CVE-2026-31431 ?

[image] filuur: But honestly I would be completely fine with Rocky not supplying extra patches as well. It’s kinda what we signed up for here It was fine in this case because there was a mitigation available. A security hole of this severity should have a much faster response if this was not…

I agree fully that this is what i signed up for. and feel the same as you do There was a mitigation for it so that likely weighed heavily for Red Hat as for how much testing would be done/delay before releasing as well as Rocky deciding to wait for RHEL packages. If we could have an option to ena…

[image] StatiC: Do rocky developers always jump on trying to patch very high severity stuff and abort it if RH gets it out before they do? Do Rocky devs wait hours day/days before putting effort in? Rocky aims to be 1:1 with RHEL, which has always been the case since the beginning. This is w…

Right, I probably didn’t make that entire post clear. My context with that question in that post was if they were to start patching the most critical issues if RH doesn’t get them out in a decent time frame, What would that look like? It wasn’t insinuating that they should do that or that they do…

I think that is a result of using Python < 3.10. If you (sudo) dnf install python3.11 (or python3.12), and make sure the line invoking Python reads python3.11 or python3.12 instead of just python3, it will “work” again if vulnerable. I would personally just do (sudo) grubby --update-kernel=ALL --a…

Thank you very much. I have upgraded to the specified kernel version(5.14.0-611.54.1.el9_7.x86_64). Would it be sufficient to upgrade to that kernel version? Is there any way to verify that the threat has been fixed?

I have used (not very precise, but…) rpm -q --changelog kernel | grep 31431

# uname -a Linux 12-19-rl96 5.14.0-611.54.1.el9_7.x86_64 #1 SMP PREEMPT_DYNAMIC Tue May 5 16:52:47 UTC 2026 x86_64 x86_64 x86_64 GNU/Linux # rpm -q --changelog kernel | grep CVE-2026-31431 - crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption (Vladislav Dronov) [RHEL-1…

@carlo I’ve just tried that on Rocky 9 with python 3.13 and it asks me for a password. Same kernel version as you. Maybe your user testa is added to sudoers and is allowed access without having to provide a password? Just guessing. But either way, the new kernel doesn’t allow it which suggests s…

The user testa is a regular user with a password set, but not configured in the sudoers file. # cat /etc/sudoers | grep testa # ls /etc/sudoers.d/ #

CVE-2026-31431 - Copy Fail - Linux kernel crypto vulnerability

Rocky Linux Help & Support

uranus12 May 8, 2026, 12:22am 109

Will this kernel be integrated into future releases so that users don’t need to update it manually? (Including versions 8, 9, and 10)

Topic		Replies	Views
CopyFail (CVE-2026-31431): Patches Now Available for Rocky Linux Announcements rocky-linux-8 , rocky-linux-9 , rocky-linux-10	2	2259	May 8, 2026
Rocky 8.10 - CVE-2025-38352 Rocky Linux Help & Support rocky-linux-8	24	1745	November 21, 2025
The Further Experiments of a Vacuous Experimenter Rocky Linux Help & Support	9	694	August 25, 2023
Some errata missing in comparison with RHEL and AlmaLinux Rocky Linux Help & Support	16	4357	August 25, 2023
Trouble in River City -- Rocky Linux 8.5 Rollover Blew Up Rocky Linux Help & Support	17	2137	August 25, 2023

CVE-2026-31431 - Copy Fail - Linux kernel crypto vulnerability

Related topics