“Copy Fail” Linux Privilege Escalation

Wednesday, April 29, 2026

Information and Technology Services (ITS) is responding to a newly disclosed Linux kernel vulnerability known as “Copy Fail” (CVE-2026-31431).

Summary

"Copy Fail" allows unauthorized users to quickly gain full administrative (root) control of a system, which presents critical security risks to MiServer, ARC HPC clusters, and the university’s shared computing environments. In response, ITS has initiated emergency mitigations and will continue to work on solutions overnight. Systems may reboot or be offline as mitigation is performed into Thursday, April 30.

Affected Systems

Non-ITS-managed Linux systems, MiServer, Web Hosting, ITS Container Service. For more information, see ITS Service Status (U-M login required).

Action Items

Anyone who runs or administers Linux systems must take action immediately. One mitigation is adding "initcall_blacklist=algif_aead_init" to the kernel boot options. Admins must reboot their systems for it to fully take effect.

How We Protect U-M

ITS is performing emergency mitigations in the university's MiServer, ARC HPC clusters, and shared computing environments.

Questions, Concerns, Reports

Contact the ITS Service Center for more information or to report additional impacts.