Welcome
|
FAQ
|
Downloads
|
Wiki
Tiny Core Linux
Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email
?
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
News:
Raspberry Pi port,
piCore-16.0
is available!
Home
Help
Login
Register
Tiny Core Linux
»
Tiny Core Base
»
TCB Bugs
»
TC17 vulnerable to copy.fail (CVE-2026-31431)
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: TC17 vulnerable to copy.fail (CVE-2026-31431) (Read 58 times)
adb014
Newbie
Posts: 31
TC17 vulnerable to copy.fail (CVE-2026-31431)
«
on:
Today
at 03:59:38 AM »
For information the kernel config of TC17 includes
CONFIG_CRYPTO_USER_API_AEAD=y
and so the kernel of of TC17 is vulnerable to copy.fail and blacklisting the modprobe of algif_aeqd as suggested in some remediation guides is not possible. The easiest fix for this would be to recompile the kernel with
CONFIG_CRYPTO_USER_API_AEAD=n
though a better fix would be to update the kernel to 6.18.22 or later, or backporting the kernel patch for 6.18.22 (
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8
)
Logged
Juanito
Administrator
Hero Member
Posts: 15565
Re: TC17 vulnerable to copy.fail (CVE-2026-31431)
«
Reply #1 on:
Today
at 04:37:00 AM »
Does this boot code disable the module?
Code:
[Select]
initcall_blacklist=algif_aead_init
Logged
adb014
Newbie
Posts: 31
Re: TC17 vulnerable to copy.fail (CVE-2026-31431)
«
Reply #2 on:
Today
at 04:57:45 AM »
According to
https://blog.cloudlinux.com/cve-2026-31431-copy-fail-mitigation-and-patches
yes this will block the attack
Logged
Print
Pages: [
1
]
Go Up
« previous
next »
Tiny Core Linux
»
Tiny Core Base
»
TCB Bugs
»
TC17 vulnerable to copy.fail (CVE-2026-31431)
Welcome
FAQ
Downloads
Wiki
