| Openvz7 and CVE-2026-31431 (Copy Fail) vulnerability [message #53889] |
Fri, 01 May 2026 06:25 |
nathan.brownrice
Messages: 16
Registered: August 2020
|
Junior Member |
|
|
Hey guys! Has anyone been able to confirm if Openvz7 on the latest kernel is vulnerable to CVE-2026-31431 (Copy Fail)? Im trying to confirm whether my hosts are actually vulnerable.
Kernel:
3.10.0-1160.119.1.vz7.224.4
Research:
Since Openvz7 is based off the RHEL7, which is not vulnerable to this, I think we're in the clear: https://access.redhat.com/security/cve/cve-2026-31431
The code that introduced this bug was added to the Linux kernel in 2017 (commit 72548b093ee3). Because the RHEL 7 kernel (and OpenVZ 7 kernel) is based on the 3.10 branch from 2013, it does not contain the 2017 "performance optimization" that created the security hole introduced in kernel 4.14.
Proof:
algif_aead is not present:
modprobe -n -v algif_aead
modprobe: FATAL: Module algif_aead not found.
af_alg not loaded:
Results in no output.
There are no related modules in /lib/modules and CONFIG_CRYPTO_USER_API_AEAD appears unset.
What have you guys found? Any official Virtuozzo guidance or patched kernel version yet? I'd like a sanity check that we're in the clear before I celebrate.
Thanks,
|
|
|
|
OpenVZ Forum
Members
Search
Help
Register
Login
Home
