@Larvitz@burningboard.net
·
May 01, 2026
Larvitz 
@Larvitz@burningboard.net
IT Consultant from Germany, Linux enthusiast, BSD fanboy and firmly convinced that Ancient Domains of Mystery is the greatest video game of all time (and always will be). You'll find me here talking about Open Source, self-hosting, advanced networking (proud operator of AS201379), smart home shenanigans, and anything you can torment with a terminal. Cat pictures also welcome. Left, antifascist, vegan. The trifecta your uncle warned you about.
burningboard.net
Fresh gist: mitigating CVE-2026-31431 ("Copy Fail") on RHEL 8/9/10 with a tiny Ansible playbook.
It blacklists algif_aead via a kernel boot arg (initcall_blacklist=algif_aead_init), reboots only when needed, and asserts the mitigation actually stuck after reboot. Idempotent & safe to re-run.
https://codeberg.org/Larvitz/gists/src/branch/main/2026/20260501-CVE-2026-31431_RHEL_Mitigation.md
#Ansible #RHEL #Linux #InfoSec #SysAdmin #DevOps #CVE #CVE_2026_31431 #copyfail
27
2
22
@harrysintonen@infosec.exchange
·
Apr 30, 2026
Harry Sintonen
@harrysintonen@infosec.exchange
Infosec consultant at REVƎЯSEC https://reversec.com - Coding, Research + various other interests
infosec.exchange
Mitigation to #CVE_2026_31431 / #copyfail :
- If kernel config has CONFIG_CRYPTO_USER_API_AEAD=m:
echo “install algif_aead /bin/false” | sudo tee /etc/modprobe.d/disable-algif.conf; sudo rmmod algif_aead
- If kernel config has CONFIG_CRYPTO_USER_API_AEAD=y:
Add “initcall_blacklist=algif_aead_init” to the kernel command line and reboot.
24
3
31
Si sois sysadmins de Linux mejor no hagáis planes para el puente... https://copy.fail/
#copyfail #cve_2026_31431
24
7
31
You've seen all posts