upvote

points

by jayofdoom20 hours ago |
comments
upvoteby jcul20 hours ago|
next
[-]
There was some discussion on the GitHub issues about workarounds to disable it, even though it is baked in.

https://github.com/theori-io/copy-fail-CVE-2026-31431/issues...

https://github.com/theori-io/copy-fail-CVE-2026-31431/issues...

reply
upvoteby pitrdevries20 hours ago|
prev|
next
[-]
This worked as a mitigation on distros with the module compiled into the kernel: https://gist.github.com/m3nu/c19269ef4fd6fa53b03eb388f77464d...

Basically: sudo grubby --update-kernel=ALL --args=initcall_blacklist=algif_aead_init

sudo reboot

reply
upvoteby akdev1l18 hours ago|
prev|
next
[-]
F44 is safe as the kernel is greater than 6.18.22
reply
upvoteby ranger_danger10 hours ago|
prev|
[-]
For compiled-in kernels you can also work around it without rebooting via apparmor, seccomp or SELinux at the least, there may be eBPF or other methods too.
reply