> ## Documentation Index
> Fetch the complete documentation index at: https://forge.laravel.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Copy Fail security advisory (CVE-2026-31431)

> Security advisory for the Copy Fail Linux kernel privilege escalation vulnerability affecting Laravel Forge servers.

## Overview

A critical Linux kernel vulnerability, CVE-2026-31431 ("Copy Fail"), was publicly disclosed in April 2026. The flaw is a logic error in the kernel's `authencesn` component that allows an unprivileged local user to escalate their privileges to full root (administrator) access. Ubuntu released a kernel patch for this issue on April 2, 2026.

The vulnerability chains two kernel subsystems — the `AF_ALG` crypto API socket interface and the `splice()` system call — to perform a 4-byte write to the page cache. This can be used to modify the behavior of a setuid binary without requiring a race condition or kernel-specific offsets, making it highly reliable.

<Warning>
  This vulnerability only allows privilege escalation by a user who already has local access to your server. It does not permit remote code execution on its own. However, we strongly recommend applying the patch and rebooting your servers at your earliest convenience.
</Warning>

## What Forge has already done

Because Laravel Forge enables automatic security updates by default, the patched `kmod` package has already been downloaded and installed on servers where this feature is enabled. However, **the fix does not take effect until the server is rebooted**, and Forge does not reboot servers automatically.

## Affected Ubuntu versions

| Ubuntu Version | Status                                                                            |
| -------------- | --------------------------------------------------------------------------------- |
| 24.04 LTS      | Patched — fix available via `kmod` package                                        |
| 22.04 LTS      | Patched — fix has been backported                                                 |
| 20.04 LTS      | Patched — fix has been backported                                                 |
| 18.04 LTS      | **Not patched** — this version has reached end of life and will not receive a fix |

## What you need to do

### Step 1: Check your current kmod version

Before applying the fix, we recommend SSHing into your server and confirming the currently installed `kmod` version:

```bash theme={null}
dpkg -l kmod
```

Make a note of the version displayed so that you can verify the upgrade afterward.

### Step 2: Apply the fix

If automatic security updates are enabled, the patched package is already on your server and you only need to reboot. You can reboot directly from the Forge dashboard by navigating to your server and selecting **Reboot Server** from the server management panel.

<Note>
  If your servers are hosted on AWS, rebooting will allocate a new IP address to the server. You will need to update the IP address in the Forge dashboard after the reboot completes.
</Note>

If automatic security updates are disabled, apply the fix manually via SSH before rebooting:

```bash theme={null}
sudo apt update && sudo apt install --only-upgrade kmod
sudo reboot
```

### Step 3: Verify the fix is active

After the server has rebooted, SSH back in and run `dpkg -l kmod` again to confirm that the installed version is newer than the one recorded in Step 1:

```bash theme={null}
dpkg -l kmod
```

## Temporary mitigation (without rebooting)

If you are unable to reboot immediately, you can disable the vulnerable `algif_aead` kernel module as a temporary measure. This does not affect services such as dm-crypt, LUKS, kTLS, IPsec, or standard OpenSSL/GnuTLS builds.

```bash theme={null}
echo "install algif_aead /bin/false" | sudo tee /etc/modprobe.d/disable-algif.conf
sudo rmmod algif_aead
```

<Warning>
  This is a temporary workaround only. You should still apply the full patch and reboot your server as soon as possible.
</Warning>

To remove the temporary mitigation after rebooting with the patched kernel:

```bash theme={null}
sudo rm /etc/modprobe.d/disable-algif.conf
```

## More information

For Ubuntu's official guidance and a complete walkthrough of the fix, see Canonical's announcement at [https://ubuntu.com/blog/copy-fail-vulnerability-fixes-available](https://ubuntu.com/blog/copy-fail-vulnerability-fixes-available). For full technical details about the vulnerability itself, visit [https://copy.fail](https://copy.fail).
