corporate

English

Domain 'forums.rockylinux.org' uses the non-profit oriented generic top-level domain (.org) with subdomain 'forums'. The registrable portion 'rockylinux' spans 10 characters split between 3 vowels and 7 consonants. Breaking it apart gives 2 words: rocky, linux. Expect five characters per word on average. No strong language cues emerged from the frequency lists.

username

password

redirect

html/ed/58/ed58e0d6-a345-481f-977f-d9251ad2769b.html.gz

upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-dQQn1lBicT6OnC9oSzjPtuRNA' 'strict-dynamic'; frame-ancestors 'self'; manifest-src 'self'

inline; filename="466a470900c3548f9d132d7fe5f424c3a8b12610.js"; filename*=UTF-8''466a470900c3548f9d132d7fe5f424c3a8b12610.js

inline; filename="0b60352e8925daed77fb34069f366865ec43f7fb.js"; filename*=UTF-8''0b60352e8925daed77fb34069f366865ec43f7fb.js

inline; filename="color_definitions_rocky_1_1_01ff0d75854f5cf1601cb50013b308286fb3ac26.css"; filename*=UTF-8''color_definitions_rocky_1_1_01ff0d75854f5cf1601cb50013b308286fb3ac26.css

inline; filename="common_8e8a2e72bba9193bd3eced3b9d80311e41c440a6.css"; filename*=UTF-8''common_8e8a2e72bba9193bd3eced3b9d80311e41c440a6.css

inline; filename="desktop_8e8a2e72bba9193bd3eced3b9d80311e41c440a6.css"; filename*=UTF-8''desktop_8e8a2e72bba9193bd3eced3b9d80311e41c440a6.css

inline; filename="automation_8e8a2e72bba9193bd3eced3b9d80311e41c440a6.css"; filename*=UTF-8''automation_8e8a2e72bba9193bd3eced3b9d80311e41c440a6.css

inline; filename="checklist_8e8a2e72bba9193bd3eced3b9d80311e41c440a6.css"; filename*=UTF-8''checklist_8e8a2e72bba9193bd3eced3b9d80311e41c440a6.css

inline; filename="discourse-ai_8e8a2e72bba9193bd3eced3b9d80311e41c440a6.css"; filename*=UTF-8''discourse-ai_8e8a2e72bba9193bd3eced3b9d80311e41c440a6.css

inline; filename="discourse-cakeday_8e8a2e72bba9193bd3eced3b9d80311e41c440a6.css"; filename*=UTF-8''discourse-cakeday_8e8a2e72bba9193bd3eced3b9d80311e41c440a6.css

inline; filename="discourse-chat-integration_8e8a2e72bba9193bd3eced3b9d80311e41c440a6.css"; filename*=UTF-8''discourse-chat-integration_8e8a2e72bba9193bd3eced3b9d80311e41c440a6.css

inline; filename="discourse-details_8e8a2e72bba9193bd3eced3b9d80311e41c440a6.css"; filename*=UTF-8''discourse-details_8e8a2e72bba9193bd3eced3b9d80311e41c440a6.css

inline; filename="discourse-github_8e8a2e72bba9193bd3eced3b9d80311e41c440a6.css"; filename*=UTF-8''discourse-github_8e8a2e72bba9193bd3eced3b9d80311e41c440a6.css

inline; filename="discourse-lazy-videos_8e8a2e72bba9193bd3eced3b9d80311e41c440a6.css"; filename*=UTF-8''discourse-lazy-videos_8e8a2e72bba9193bd3eced3b9d80311e41c440a6.css

inline; filename="discourse-local-dates_8e8a2e72bba9193bd3eced3b9d80311e41c440a6.css"; filename*=UTF-8''discourse-local-dates_8e8a2e72bba9193bd3eced3b9d80311e41c440a6.css

inline; filename="discourse-narrative-bot_8e8a2e72bba9193bd3eced3b9d80311e41c440a6.css"; filename*=UTF-8''discourse-narrative-bot_8e8a2e72bba9193bd3eced3b9d80311e41c440a6.css

inline; filename="discourse-policy_8e8a2e72bba9193bd3eced3b9d80311e41c440a6.css"; filename*=UTF-8''discourse-policy_8e8a2e72bba9193bd3eced3b9d80311e41c440a6.css

inline; filename="discourse-post-voting_8e8a2e72bba9193bd3eced3b9d80311e41c440a6.css"; filename*=UTF-8''discourse-post-voting_8e8a2e72bba9193bd3eced3b9d80311e41c440a6.css

inline; filename="discourse-presence_8e8a2e72bba9193bd3eced3b9d80311e41c440a6.css"; filename*=UTF-8''discourse-presence_8e8a2e72bba9193bd3eced3b9d80311e41c440a6.css

inline; filename="discourse-reactions_8e8a2e72bba9193bd3eced3b9d80311e41c440a6.css"; filename*=UTF-8''discourse-reactions_8e8a2e72bba9193bd3eced3b9d80311e41c440a6.css

inline; filename="discourse-solved_8e8a2e72bba9193bd3eced3b9d80311e41c440a6.css"; filename*=UTF-8''discourse-solved_8e8a2e72bba9193bd3eced3b9d80311e41c440a6.css

inline; filename="discourse-templates_8e8a2e72bba9193bd3eced3b9d80311e41c440a6.css"; filename*=UTF-8''discourse-templates_8e8a2e72bba9193bd3eced3b9d80311e41c440a6.css

inline; filename="discourse-topic-voting_8e8a2e72bba9193bd3eced3b9d80311e41c440a6.css"; filename*=UTF-8''discourse-topic-voting_8e8a2e72bba9193bd3eced3b9d80311e41c440a6.css

inline; filename="footnote_8e8a2e72bba9193bd3eced3b9d80311e41c440a6.css"; filename*=UTF-8''footnote_8e8a2e72bba9193bd3eced3b9d80311e41c440a6.css

inline; filename="hosted-site_8e8a2e72bba9193bd3eced3b9d80311e41c440a6.css"; filename*=UTF-8''hosted-site_8e8a2e72bba9193bd3eced3b9d80311e41c440a6.css

inline; filename="poll_8e8a2e72bba9193bd3eced3b9d80311e41c440a6.css"; filename*=UTF-8''poll_8e8a2e72bba9193bd3eced3b9d80311e41c440a6.css

inline; filename="spoiler-alert_8e8a2e72bba9193bd3eced3b9d80311e41c440a6.css"; filename*=UTF-8''spoiler-alert_8e8a2e72bba9193bd3eced3b9d80311e41c440a6.css

inline; filename="discourse-ai_desktop_8e8a2e72bba9193bd3eced3b9d80311e41c440a6.css"; filename*=UTF-8''discourse-ai_desktop_8e8a2e72bba9193bd3eced3b9d80311e41c440a6.css

inline; filename="discourse-reactions_desktop_8e8a2e72bba9193bd3eced3b9d80311e41c440a6.css"; filename*=UTF-8''discourse-reactions_desktop_8e8a2e72bba9193bd3eced3b9d80311e41c440a6.css

inline; filename="poll_desktop_8e8a2e72bba9193bd3eced3b9d80311e41c440a6.css"; filename*=UTF-8''poll_desktop_8e8a2e72bba9193bd3eced3b9d80311e41c440a6.css

inline; filename="common_theme_4_90457e7fa7805b62e2c27232dbb65080365e92f6.css"; filename*=UTF-8''common_theme_4_90457e7fa7805b62e2c27232dbb65080365e92f6.css

inline; filename="common_theme_3_138ed3e5b001e498456f863d83b1b47dbea68285.css"; filename*=UTF-8''common_theme_3_138ed3e5b001e498456f863d83b1b47dbea68285.css

inline; filename="common_theme_1_e986a1189630f895726fba80fe35a91fff5b6d08.css"; filename*=UTF-8''common_theme_1_e986a1189630f895726fba80fe35a91fff5b6d08.css

inline; filename="mobile_8e8a2e72bba9193bd3eced3b9d80311e41c440a6.css"; filename*=UTF-8''mobile_8e8a2e72bba9193bd3eced3b9d80311e41c440a6.css

inline; filename="discourse-ai_mobile_8e8a2e72bba9193bd3eced3b9d80311e41c440a6.css"; filename*=UTF-8''discourse-ai_mobile_8e8a2e72bba9193bd3eced3b9d80311e41c440a6.css

inline; filename="discourse-reactions_mobile_8e8a2e72bba9193bd3eced3b9d80311e41c440a6.css"; filename*=UTF-8''discourse-reactions_mobile_8e8a2e72bba9193bd3eced3b9d80311e41c440a6.css

inline; filename="991242.jpeg"; filename*=UTF-8''991242.jpeg

3f9cc6fae128dc5dc2d6bd4192f26f39482408e1f93aa97f93f449fcd938fa85

2b2d18cdd44032082e431015750a67d5921f9393ab3ec4b93c408296912ce188

a7b922e8787e07682fc55636ddbe93c4307c315489def4c7a44d5d46bf814e3c

269f1888fb7b0fcd521c788c1183a7e2b35fb4552bf75f2be1998bd2a10e3af6

7c2a9690b139b8392ab781574adba472f6c8ce60461ead3447069504011b1d30

ee0740e6db2a43af43dff0e25eb5f4c8e00372543596e562816d2ba36bcd5d6c

2484369fffe08d550074db9a2294ea2b00898c80844a264ce0cfbba4e2eda986

fcd33c1a82a92eb7a4be771f398c3c9162409c597630df0cc6c8d034637d6560

615749b2ef9c36e9bfeba467dba2a613c3ad82395a63a9a472b6431980481d3b

207247f5c1a7bff0d87e16dddf1fcc0896605c325f8691b7e51f7e5c96a53a10

379bf0d5e08ac49870659d919154e8152283852711aacb5b44a25710c854ebad

9875751a13a05d2a55f99bc65c83650beda1bf1a9027a79966647d5bddc59b1f

64b60ba57f49d42b6653265aee90bd64b3f804b44807c9443f293d7a9acd7d4a

6d3acad5ad117b3df3999255f6d194d34e401e6c48968cb6a4aa40f7b43c75bf

eb4ab1b8a778e81bd1fe7622076dd0a2287b2f80a5c62adfc22c955eb09a44f4

61e52ddfa6ba5aaa107efc9e372d807d1989761c9f0fb80fcedc16cc203435ba

61d41a3e128dbfe520f3b4e74f39797039d895053b1eb23a610ad95ec9549e56

4a489051e17fa085c35d9f49ab544de38bc34bf3c3dabbf95298c25ef0db39f6

5f912a22692a855f5af73a26a3c15e9055a2db8f3d4b84ef41c13a06c8d86e83

17a16f847620cfee4f54441c92a85ed1b9fada3a13812139bd48639dd5ed477c

82fe20b61d2264d9093c57895c6e7fb0c5924769616e4423daef66708c6d628a

d6677b2dab171d11b77f0b9c791028ee34a49f3f4368abed49514dfe96adf453

1a09cd2f7e18498b8a4e3c25af40721435f7470c3c9d5c31b0770ddc3c4220cf

8e84ee0351cd18d06511a58cf63f2db1638f0e6826b4ed0e52a58140e887651e

9a4e0b7039bf5128f5cb753dd952d61b0a4df3a9093f449aa3fee07cd199f1e1

f4cc79981a4e9471a42844d6e9c82dc7ea5916590558fd101ef66d8009b59257

c1eac288601eefdc7ba92c2e9285e1ccb2e8b499a11679bab52a17b439258a95

d684f86b97aacbb26b1b1cd12119ed56933bdb5f0d202331244d4c8e60516814

1e9812b213ce090c6bf87f015191f6e4b9cb56ba7a9b3f92b21b159d80e1a00b

d3bb05b6a4d0e89111bf23c14a4b1809e32e2709e4e833d2d0a90439b3d63e7b

350619b077eec96d3b7a6c879fd10f0ef5b1ea65f17be2f8a02bb6d2d51f861f

3022ab688d53032fd7140b0e73abd1f521d303e2e6c8e2746d731ec502b89ac0

df9611a93844a904ce88b64874a1d6fc04995abe21172067258ca2d0da5f8a5e

ee4db75a9597c024ce9780992a56df634d346f467aa6bc6d19359ebfb566ff8e

e2dab22d7498729b07c6e506c6aa2b8bdd4e837f3ed882dc02c37c7ee312e695

698e4818074e44e759490a7badcdcfe9f513cf095023d9df3cb1664070b29b6f

17aff0b98cb2d642a4617c9a394475ff90aef023aaff409b724f628ae73a3b70

60a9dc57977d0f95c49b373c51c31cfa3ac79b18834a11c7f6ccc47a276bc331

4f94fb954abb708cc825882deee03e128a731bd9f2424d138d374aabe30fd3c7

26cdb38953f7a69aed7a9ed729395b06aef1b58aaef2bce59aae21a09cc1fc20

fcaed302b86ee79d4652e7a74fade3e30678cc0ecf078632bf76c6d665fb9346

e937c10c5adc3ab47bb1b09e62a01741f293ff63dd47cfe296c77bb0ae042727

be3218372aaa5e9c85df0ddf40c201f609f2a8b348b5a2b17ef1ab0fb41bdcde

daad960855d9b52a73bfd8d1b34c4b6750c0c6285513d67bf9dfa7bd6880ec07

1738e2869376c92f51e53cd14405b0b11bb243e296676ac9933c7315b3fac017

40596760ed8b97eae01512a4526b7246e6e505ceca14db1bcc5ec1ce80aa8e00

CVE-2026-31431 - Copy Fail - Linux kernel crypto vulnerability

github.com/theori-io/copy-fail-CVE-2026-31431

Trouble in River City – Rocky Linux 8.5 Rollover Blew Up

Bpf door 악성코드 관련 커널패치 되어있을까요?

Some errata missing in comparison with RHEL and AlmaLinux

Anything being done about NVD - CVE-2026-31431 ?

description

discourse_theme_id

discourse_current_homepage

Discourse 2026.5.0-latest - https://github.com/discourse/discourse version 67a3ce218f8210deccc079353836040922cb00bb

generator

theme-color

color-scheme

width=device-width, initial-scale=1.0, minimum-scale=1.0, viewport-fit=cover, interactive-widget=resizes-content

viewport

fragment

twitter:card

https://us1.discourse-cdn.com/flex020/uploads/rockylinux/original/2X/8/8dcea115acbdf94cde48db7cc9f3c53786815d53.png

twitter:image

https://us1.discourse-cdn.com/flex020/uploads/rockylinux/original/1X/91b7219eec10e30013422e4df76c1d898711a5d5.svg

https://forums.rockylinux.org/t/cve-2026-31431-copy-fail-linux-kernel-crypto-vulnerability/20375

twitter:url

CVE-2026-31431 - Copy Fail - Linux kernel crypto vulnerability - Rocky Linux Help & Support - Rocky Linux Forum

twitter:title

twitter:description

twitter:label1

twitter:data1

twitter:label2

twitter:data2

%7B%22modulePrefix%22%3A%22discourse%22%2C%22environment%22%3A%22production%22%2C%22rootURL%22%3A%22%22%2C%22locationType%22%3A%22history%22%2C%22EmberENV%22%3A%7B%22FEATURES%22%3A%7B%7D%2C%22EXTEND_PROTOTYPES%22%3Afalse%7D%2C%22APP%22%3A%7B%22name%22%3A%22discourse%22%2C%22version%22%3A%222026.5.0-latest%2067a3ce218f8210deccc079353836040922cb00bb%22%7D%7D

discourse/config/environment

upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-8gA2CYRLW9c67cw1EWiUbUiMH' 'strict-dynamic'; frame-ancestors 'self'; manifest-src 'self'

Amazon EC2 Abuse

IP Management

Amazon AWS Network Operations

Amazon.com, Inc.

AWS RPKI Management POC

IP Routing

Amazon EC2 Network Operations

AMAZON-CF

Red Hat clearly knows about it already: <a href="https://access.redhat.com/security/cve/cve-2026-31431" class="inline-onebox" rel="noopener nofollow ugc">cve-details</a>

The process is almost always:

Red Hat learns about issue

Red Hat releases a fix for RHEL

Rocky releases the fix (for Rocky)

There is a a temporary fix of disabling the algif_aead kernel module posted on CERT and other sites. This affects most Linux distributions and was proven on RHEL 10.1 kernel release 45. Status from CERT as of 4/29 was that the RHEL fix is unknown status. All other versions of Linux are either not fi&hellip;

hello,

I tried the temporary fix on Rocky 9 but I have this error

<a name="p-59873-h-1" class="anchor" href="#p-59873-h-1" aria-label="Heading link"></a>

# rmmod algif_aead

rmmod: ERROR: Module algif_aead is builtin.

the same fix on an Ubuntu 22.04LTS works

Any advice ?

Roberto

I’ll answer myself:

<a href="https://github.com/theori-io/copy-fail-CVE-2026-31431/issues/30" target="_blank" rel="noopener nofollow ugc">Mitigation doesn&#39;t work on RHEL 9.4</a>

opened 02:57AM - 30 Apr 26 UTC (UTC)

<a href="https://github.com/FrancisTurner" target="_blank" rel="noopener nofollow ugc">

[image]

FrancisTurner

</a>

Using either rmmod or modprobe resu&hellip;

So this is not Zero Day vulnerability ? Its imporant

It is a zero day vulnerability, but the bad guy has to have access to your machine (either local or remote) before he can use it.  It’s not a vulnerability that allows any random schmoe to log into your computer unless he already has a way to do it.  It just allows him to jack up his access level if&hellip;

I added the following line to /etc/default/grub: GRUB_CMDLINE_LINUX=“initcall_blacklist=algif_aead_init”

then did a

sudo grub2-mkconfig -o /boot/grub2/grub.cfg

upon reboot the exploit no longer works. The failure message is: AttributeError: module ‘os’ has no attribute ‘splice’. You would probabl&hellip;

[image] fauxgotten:

upon reboot the exploit no longer works. The failure message is: AttributeError: module ‘os’ has no attribute ‘splice’. You would probably want to revert this change once a patched kernel is released.

If on Rocky 9, that is because of python version is less than 3.10.  The&hellip;

Hello,

<a href="https://github.com/theori-io/copy-fail-CVE-2026-31431/pull/66" target="_blank" rel="noopener nofollow ugc">Update copy_fail_exp.py (#66)</a>

main ← danielino:main

opened 12:02PM - 30 Apr 26 UTC (UTC)

<a href="https://github.com/danielino" target="_blank" rel="noopener nofollow ugc">

[image]

danielino

</a>

&hellip;

Sad to report that using 3.12, it is still exploit is still there when tested with 3.12 rather than the default :cry:. Wonder if the security researcher that said this was a fix also had the same issue?

Hello,

The example is in python, but you can write the same thing in whatever language .. maybe in Ruby or other.

The python script just permit to “easily” show the exploit.

For the time being we just have to wait until the appropriate packages are updated with fixes, eg: new kernel.  As already said by <a class="mention" href="/u/frankcox">@FrankCox</a> the impact probably isn’t that bad considering it requires someone to actually have access to your server with an existing account.

I tried to run this in one of my rocky linux 8.10 container and did not actually su into root. Does it impact to specific Rocky version ( I saw 9) or all ? Does anyone know?

I don’t believe my tests were valid. I see set kernelopts=&quot;root=/dev/mapper/vg-root ro initcall_blacklist=algif_aead_init &quot; in /boot/grub2/grub.cfg, but catting /proc/cmdline does not show the initcall part. Here are the relevant posts:

<a class="lightbox" href="https://us1.discourse-cdn.com/flex020/uploads/rockylinux/original/2X/8/8d8c1e956cfe842e8468358ab3e0a2e60338460c.png" data-download-href="/uploads/short-url/kcbwJhgnEilTO64g3mSDgkZLaiM.png?dl=1" title="image" rel="noopener nofollow ugc">[image]</a>

Hello

It appears that the following setting is present in “/etc/default/grub”:

GRUB_ENABLE_BLSCFG=true

In this case, you can configure and verify the settings using the following methods:

■ All boot entries

grubby --update-kernel=ALL --args=“initcall_blacklist=algif_aead_init”

grubby --info=AL&hellip;

Side note, the exploit throws exec format errors on aarch64 rocky 8.10 latest with no mitigation despite working on the same kernel on x86_64.  I’ve tested Fujitsu A64FX gen 1 (1.5Ghz) and gen 2.0 (2.0Ghz).  I kinda expect this, I’ve run into a number of oddball hardware differences with aarch64 on &hellip;

Yes, the exploit does not run with python3.9. I used podman..

[root@rocky9 ~]# podman run --user 1000:1000 -it  --rm python:3.11 bash

Resolved “python” as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)

Trying to pull <a href="http://docker.io/library/python:3.11" class="inline-onebox" rel="noopener nofollow ugc">Docker Hub Container Image Library | App Containerization</a>…

G&hellip;

[image] iwalker:

For the time being we just have to wait until the appropriate packages are updated with fixes, eg: new kernel. As already said by <a class="mention" href="/u/frankcox">@FrankCox</a> the impact probably isn’t that bad considering it requires someone to actually have access to your server with an existing account.

Plea&hellip;

[image] boegel:

For now, best option seems to be to disable the relevant part of the kernel with a boot argument like initcall_blacklist=algif_aead_init, see also <a href="https://access.redhat.com/security/cve/cve-2026-31431">cve-details</a> .

Unless of course you are using an app or functionality that requires this - at which point you can’t disable it.  Es&hellip;

Anything being done about <a href="https://nvd.nist.gov/vuln/detail/CVE-2026-31431" class="inline-onebox" rel="noopener nofollow ugc">NVD - CVE-2026-31431</a> ?

/* Workaround for https://bugs.webkit.org/show_bug.cgi?id=209261 */

OpenSearch

MetaGenerator

HSTS

CVE-2026-31431 - Copy Fail - Linux kernel crypto vulnerability - Rocky Linux Help &amp; Support - Rocky Linux Forum

✅ Low Risk - https://forums.rockylinux.org/t/cve-2026-31431-copy-fail-linux-kernel-crypto-vulnerability/20375

Requests	IP Address	Location	AS Autonomous System
31	184.105.99.75	Seattle, Washington, United States	AS394230Civilized Discourse Construction Kit, Inc.
30	104.21.76.209	United States	AS13335Cloudflare, Inc.
30	18.172.112.50	United States	AS16509Amazon.com, Inc.
30	18.245.46.47	United States	AS16509Amazon.com, Inc.
121	4	-	-

Security Scan Report: forums.rockylinux.org

Summary

AI Security Verdict

Low Risk

Risk Factors

Safety Factors

Details

Screenshot

Page Load Overview

Language Analysis

Primary Language

Detection Details

Website Classification

Primary Category

All Detected Categories

Detected Features

Domain & IP Information

Detected Technologies3

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

ssdeep (Context Triggered Piecewise Hashing)

sdhash (Similarity Digest Hashing)

Image Hashes

Perceptual Hashes

Other Hashes

Scan History