New Linux Vulnerability question

Security
1

Hi all,

As per the title, does the “copy Fail” Vulnerability affect the IPFire kernel as well: The most severe Linux threat to surface in years catches the world flat-footed - Ars Technica

2

The article mention that the vulnerability is patched in kernel version 6.18.12.

While ls /boot shows:

[root@ipfire ~]# ls /boot/

initramfs-6.18.7-ipfire.img

I think the kernel is earlier than 6.18.12

3

@topphemlig Ooops, my most humble apologies, I will honestly say I did not read the whole thing, that is my bad. Thank you for pointing that out for me.

4

Sorry, IMHO CVE-2026-31431 is NOT solved in IPFire CU201.

Is there a suggested mitigation, e.g. disabling the module algif_aead?

5

A kernel version with the fix will be available in CU 202.

However, bear in mind that it is a local privilege escalation (LPE) vulnerability.

ie you have to have created a non root user and you have to have given someone else access to your physical IPFire console or ssh access. In that case that user could use the vulnerability to escalate their privilege to root.

The default console user for IPFire is root so there would normally not be a non-root login user. If you have an attacker with local access or ssh access and they are successful to enter a default IPFire thyen they are logged in as root anyway, so no need to have any LPE.

Even if a non-root users has been created by the admin, then most of them will not give general access to the IPFire console, either physically or via SSH.

The vulnerability is a real issue but for servers that are used for remote access by multiple non-root users. So for example if you have a server that users login to for reporting say their expenses. Then if one of those users was an attacker they could escalate their privilege to root and then do anything they wanted on that server.

In terms of IPFire, don’t create lots of non-root users and then hand them out to anybody who asks and don’t give them ssh access to your IPFire.
Keep access to your IPFire console or ssh to your admin and their deputy at the max and make sure both of those people are trustworthy, because they will have root access to your IPFire without any LPE.