What’s the status of CopyFail patches in shared hosts?

Hi there,

Good question and yes, you do need to act on this one yourself.

Copy Fail (CVE-2026-31431) is a local privilege escalation flaw in the Linux kernel’s algif_aead module. It lets an unprivileged local user trigger a controlled 4-byte write into the page cache of any readable file, which can be used to get root. A single 732-byte Python script can exploit it without modification across different Linux distributions.

On DigitalOcean, each Droplet runs on its own VM with a dedicated kernel, so this is not a shared-kernel situation. That means DigitalOcean patching their hypervisor layer does not protect you. Your Droplet’s kernel is your responsibility.

The good news is patches are out. Ubuntu has released mitigations which disable the affected kernel module, and kernel packages implementing the full patch are available. If you are on Ubuntu, run:

sudo apt update && sudo apt upgrade
sudo reboot

Ubuntu 26.04 (Resolute Raccoon) and later are not affected. If you are on 22.04 or 24.04, patch now.

One thing worth knowing: the common modprobe-based workaround circulating online, adding install algif_aead /bin/false to modprobe.d, does not work on distributions where algif_aead is built into the kernel. The commands run without error but leave the system unchanged, giving a false sense of protection. Just apply the kernel update and reboot.