Skip to main content

Documentation Index

Fetch the complete documentation index at: https://forge.laravel.com/docs/llms.txt

Use this file to discover all available pages before exploring further.

Overview

A critical Linux kernel vulnerability, CVE-2026-31431 (“Copy Fail”), was publicly disclosed in April 2026. The flaw is a logic error in the kernel’s authencesn component that allows an unprivileged local user to escalate their privileges to full root (administrator) access. Ubuntu released a kernel patch for this issue on April 2, 2026. The vulnerability chains two kernel subsystems — the AF_ALG crypto API socket interface and the splice() system call — to perform a 4-byte write to the page cache. This can be used to modify the behavior of a setuid binary without requiring a race condition or kernel-specific offsets, making it highly reliable.
This vulnerability only allows privilege escalation by a user who already has local access to your server. It does not permit remote code execution on its own. However, we strongly recommend applying the patch and rebooting your servers at your earliest convenience.

What Forge has already done

Because Laravel Forge enables automatic security updates by default, the kernel patch has already been downloaded and installed on servers where this feature is enabled. However, kernel patches do not take effect until the server is rebooted, and Forge does not reboot servers automatically.

Affected Ubuntu versions

Ubuntu VersionStatus
24.04 LTSPatched — requires kernel 6.8.0-107.107 or above
22.04 LTSPatched — patch has been backported
20.04 LTSPatched — patch has been backported
18.04 LTSNot patched — this version has reached end of life and will not receive a fix

What you need to do

If automatic security updates are enabled

The patch is already installed on your server. You simply need to reboot to activate it. You can reboot your server directly from the Forge dashboard by navigating to your server, then selecting Reboot Server from the server management panel.
If your servers are hosted on AWS, rebooting will allocate a new IP address to the server. You will need to update the IP address in the Forge dashboard after the reboot completes.

If automatic security updates are disabled

You will need to apply the patch manually via SSH before rebooting: 
sudo apt-get update
sudo apt-get upgrade
sudo reboot

Verifying the patch is active

After rebooting, you can confirm the running kernel version by SSHing into your server and running: 
uname -r
On Ubuntu 24.04, the output should show version 6.8.0-107.107 or higher. On Ubuntu 20.04 and 22.04, confirm the date of the kernel package is April 2, 2026 or later: 
dpkg -l linux-image-$(uname -r)

Temporary mitigation (without rebooting)

If you are unable to reboot immediately, you can disable the vulnerable algif_aead kernel module as a temporary measure. This does not affect services such as dm-crypt, LUKS, kTLS, IPsec, or standard OpenSSL/GnuTLS builds. 
echo "install algif_aead /bin/false" | sudo tee /etc/modprobe.d/disable-algif.conf
sudo rmmod algif_aead
This is a temporary workaround only. You should still apply the full patch and reboot your server as soon as possible.
To remove the temporary mitigation after rebooting with the patched kernel: 
sudo rm /etc/modprobe.d/disable-algif.conf

More information

For full technical details about this vulnerability, visit https://copy.fail.