## Unpatched Kernel Flaw CVE-2026-31431 Exposes NixOS Release-25.11 Servers as Backport Remains Absent
A critical Linux kernel privilege-escalation vulnerability has left a cluster of production NixOS servers exposed while the necessary security patch remains absent from the stable release branch. CVE-2026-31431, dubbed "Copy Fail," targets the AF_ALG AEAD interface and enables any local user to escalate to root using a 732-byte exploit payload. The flaw affects systems running the Linux 6.12 kernel series, specifically versions prior to 6.12.85. All five known affected servers—deployed on CloudCone infrastructure—currently operate on kernel 6.12.84, the last vulnerable release before the upstream fix was issued.

The upstream mitigation, committed as `a664bf3d603d` in the mainline Linux repository under the title "crypto: algif_aead - Revert to operating out-of-place," was incorporated into nixpkgs master on April 30, 2026, through standard stable-bump procedures. However, no corresponding pull request has been opened to backport this fix to the `release-25.11` branch. As a result, running `nix flake update` against the NixOS-25.11 HEAD produces no resolution—the update is effectively a no-op for affected configurations. The absence of a coordinated backport means that declaratively managed deployments pinned to the stable channel cannot receive the fix through standard update workflows.

The NixOS option `boot.blacklistedKernelModules` provides a functional workaround by emitting both a `blacklist algif_aead` directive and an `install algif_aead /run/booted-system/sw/bin/false` rule under `/etc/modprobe.d/`. This approach prevents the vulnerable module from loading at boot without requiring a kernel upgrade. Security teams managing affected CloudCone NixOS deployments are advised to apply this mitigation immediately, pending the formal backport of the CVE-2026-31431 patch to the stable release channel.
---
- **Source**: GitHub Issues
- **Sector**: The Lab
- **Tags**: CVE-2026-31431, kernel-exploit, nixos, linux-kernel, privilege-escalation
- **Credibility**: unverified
- **Published**: 2026-05-02 09:54:06
- **ID**: 78991
- **URL**: https://whisperx.ai/en/intel/78991