Mailing List ArchivesAuthenticated access |
![[Computer Systems Lab]](http://www.cs.wisc.edu/pics/csl_logo.gif){kind=logo}
|
Mailing List ArchivesAuthenticated access |
|
|
Dear HTCondor Community,
A critical local privilege escalation vulnerability (CVE-2026-31431), known as âCopy Fail,â has been identified in the Linux kernel. This issue allows an unprivileged local user to gain root privileges due to a logic flaw in the kernel crypto API. Public
proof-of-concept (PoC) exploit code is available and demonstrates reliable exploitation across multiple Linux distributions.
## IMPACTED VERSIONS:
Linux kernels built between 2017 and the upstream patch (April 2026) are affected. This includes most mainstream distributions unless updated with vendor-provided fixes.
## WHAT ARE THE VULNERABILITIES:
âCopy Failâ is a logic flaw in the Linux kernelâs algif_aead implementation (AF_ALG interface), which can be exploited using splice() to overwrite page cache contents of privileged binaries.
The vulnerability allows local privilege escalation from an unprivileged user to root, without race conditions or kernel-specific offsets.
Exploitation requires the ability to run arbitrary code on the targeted system (e.g. login access to an Access Point or running an HTCondor job on an Execution Point).
## WHAT YOU SHOULD DO:
Update the system kernel to a version that includes the fix for CVE-2026-31431 (mainline commit a664bf3d603d or distribution-provided equivalent).
If patches are not yet available, disable the vulnerable algif_aead functionality:
* On Debian-based systems, unload and blacklist the algif_aead module.
* On RHEL-based systems, disable it via the kernel parameter initcall_blacklist=algif_aead_init and reboot.
As a temporary risk-reduction measure, consider limiting or disabling SSH access for unprivileged users on your Access Points until mitigations or patches are applied.
You can also stop all jobs running in your HTCondor pool by running the following two commands as root on the Central Manager:
* condor_vacate -all -fast
* condor_off -subsystem negotiator
## REFERENCES:
Please let us know (at htcondor-security@xxxxxxxxxxx) if you have any questions.
Thank you.
|