This workaround only applies to kernels with the impacted code compiled as a module. RHEL, Fedora, a...

jayofdoom • yesterday at 6:07 PM • 3 replies • view on HN

This workaround only applies to kernels with the impacted code compiled as a module. RHEL, Fedora, and Gentoo (we use a modified Fedora config) all are configured to build this in directly. Without a patch or config change (as Sam from Gentoo was alluding to), those distributions remain vulnerable.

Replies

jcul • yesterday at 6:26 PM

There was some discussion on the GitHub issues about workarounds to disable it, even though it is baked in.

https://github.com/theori-io/copy-fail-CVE-2026-31431/issues...

pitrdevries • yesterday at 6:41 PM

This worked as a mitigation on distros with the module compiled into the kernel: https://gist.github.com/m3nu/c19269ef4fd6fa53b03eb388f77464d...

Basically: sudo grubby --update-kernel=ALL --args=initcall_blacklist=algif_aead_init

sudo reboot

akdev1l • yesterday at 8:16 PM

F44 is safe as the kernel is greater than 6.18.22

alt Hacker News

Replies