Skip to main content

Documentation Index

Fetch the complete documentation index at: https://forge.laravel.com/docs/llms.txt

Use this file to discover all available pages before exploring further.

Overview

A critical Linux kernel vulnerability, CVE-2026-31431 (“Copy Fail”), was publicly disclosed in April 2026. The flaw is a logic error in the kernel’s authencesn component that allows an unprivileged local user to escalate their privileges to full root (administrator) access. Ubuntu released a kernel patch for this issue on April 2, 2026. The vulnerability chains two kernel subsystems — the AF_ALG crypto API socket interface and the splice() system call — to perform a 4-byte write to the page cache. This can be used to modify the behavior of a setuid binary without requiring a race condition or kernel-specific offsets, making it highly reliable.
This vulnerability only allows privilege escalation by a user who already has local access to your server. It does not permit remote code execution on its own. However, we strongly recommend applying the patch and rebooting your servers at your earliest convenience.

What Forge has already done

Because Laravel Forge enables automatic security updates by default, the patched kmod package has already been downloaded and installed on servers where this feature is enabled. However, the fix does not take effect until the server is rebooted, and Forge does not reboot servers automatically.

Affected Ubuntu versions

Ubuntu VersionStatus
24.04 LTSPatched — fix available via kmod package
22.04 LTSPatched — fix has been backported
20.04 LTSPatched — fix has been backported
18.04 LTSNot patched — this version has reached end of life and will not receive a fix

What you need to do

Step 1: Check your current kmod version

Before applying the fix, we recommend SSHing into your server and confirming the currently installed kmod version: 
dpkg -l kmod
Make a note of the version displayed so that you can verify the upgrade afterward.

Step 2: Apply the fix

If automatic security updates are enabled, the patched package is already on your server and you only need to reboot. You can reboot directly from the Forge dashboard by navigating to your server and selecting Reboot Server from the server management panel.
If your servers are hosted on AWS, rebooting will allocate a new IP address to the server. You will need to update the IP address in the Forge dashboard after the reboot completes.
If automatic security updates are disabled, apply the fix manually via SSH before rebooting: 
sudo apt update && sudo apt install --only-upgrade kmod
sudo reboot

Step 3: Verify the fix is active

After the server has rebooted, SSH back in and run dpkg -l kmod again to confirm that the installed version is newer than the one recorded in Step 1: 
dpkg -l kmod

Temporary mitigation (without rebooting)

If you are unable to reboot immediately, you can disable the vulnerable algif_aead kernel module as a temporary measure. This does not affect services such as dm-crypt, LUKS, kTLS, IPsec, or standard OpenSSL/GnuTLS builds. 
echo "install algif_aead /bin/false" | sudo tee /etc/modprobe.d/disable-algif.conf
sudo rmmod algif_aead
This is a temporary workaround only. You should still apply the full patch and reboot your server as soon as possible.
To remove the temporary mitigation after rebooting with the patched kernel: 
sudo rm /etc/modprobe.d/disable-algif.conf

More information

For Ubuntu’s official guidance and a complete walkthrough of the fix, see Canonical’s announcement at https://ubuntu.com/blog/copy-fail-vulnerability-fixes-available. For full technical details about the vulnerability itself, visit https://copy.fail.