Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/tychotithonus/statuses/116491355498973879">Royce Williams (tychotithonus@infosec.exchange)'s status on Thursday, 30-Apr-2026 13:23:55 JST</a><a href="https://infosec.exchange/@tychotithonus" title="tychotithonus@infosec.exchange"><img src="https://gnusocial.jp/avatar/92920-48-20240902162501.webp" width="48" height="48" alt="Royce Williams" style="position: absolute; left: 0; top: 0;">Royce Williams</a><div><a href="https://hachyderm.io/@dalias/116490212624371992" rel="in-reply-to">in reply to</a><ul><li></ul></div></section><article><p><a href="https://hachyderm.io/@dalias" rel="nofollow">@dalias</a> generally true, except as written it may silently fail: </p><p><a href="https://infosec.exchange/@tychotithonus/116490466168316767">https://infosec.exchange/@tychotithonus/116490466168316767</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/6361553#notice-12529608">In conversation</a><time datetime="2026-04-30T13:23:55+09:00" title="Thursday, 30-Apr-2026 13:23:55 JST">about 2 months ago</time> <span>from <span><a href="https://infosec.exchange/@tychotithonus/116491355498973879" rel="external" title="Sent from infosec.exchange via ActivityPub">infosec.exchange</a></span></span><a href="https://infosec.exchange/@tychotithonus/116491355498973879">permalink</a><h4>Attachments</h4><ol><li><article><header><div>No result found on File_thumbnail lookup.</div><h5><a href="https://infosec.exchange/@tychotithonus/116490466168316767">Royce Williams (@tychotithonus@infosec.exchange)</a></h5><div> from <span>Royce Williams</span></div></header><div>The CopyFail folks shouldn't have routed stderr to /dev/null in their workaround guidance. For some platforms, where it's not a module ... that mitigation is a no-op:```
$ rmmod algif_aead
rmmod: ERROR: Module algif_aead is builtin.
```
So if there's no kernel patch available yet, you can't use that workaround. Instead, use AppArmor / seccomp / SELinux to block unprivileged AF_ALG socket creation if you can (but don't just turn these hardening layers up if they''re not already in place - they can be tricky)#CopyFail #CVE_2026_31431</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Royce Williams (tychotithonus@infosec.exchange)'s status on Thursday, 30-Apr-2026 13:23:55 JSTRoyce Williams
in reply to
- Rich Felker
@dalias generally true, except as written it may silently fail:
https://infosec.exchange/@tychotithonus/116490466168316767
In conversationabout 2 months ago from infosec.exchangepermalink
Attachments
1. No result found on File_thumbnail lookup.
  Royce Williams (@tychotithonus@infosec.exchange)
  from Royce Williams
  The CopyFail folks shouldn't have routed stderr to /dev/null in their workaround guidance. For some platforms, where it's not a module ... that mitigation is a no-op: ``` $ rmmod algif_aead rmmod: ERROR: Module algif_aead is builtin. ``` So if there's no kernel patch available yet, you can't use that workaround. Instead, use AppArmor / seccomp / SELinux to block unprivileged AF_ALG socket creation if you can (but don't just turn these hardening layers up if they''re not already in place - they can be tricky) #CopyFail #CVE_2026_31431

Public

Embed Notice

HTML Code

Corresponding Notice