HVENS Cloud: A Richweb Product Richweb.com ↗ · Helpdesk ↗ · Status ↗ · 804 · 368 · 0421
HVENS
Update

HVENS response to Copy Fail (CVE-2026-31431)

A new Linux kernel local privilege escalation vulnerability, publicly tracked as Copy Fail and assigned CVE-2026-31431, was disclosed earlier this week. The flaw is a logic bug in the kernel's AF_ALG crypto path that lets an unprivileged local user obtain root, and it affects every major Linux distribution shipping kernel 4.14 or newer (so essentially every distro since 2017). This post is a short summary of how HVENS has responded so far, what we have already done on your behalf, and where customers still need to take action themselves.

For technical background on the vulnerability, see Bleeping Computer's writeup or the NVD entry for CVE-2026-31431.

What we have done on core infrastructure

Our first priority was the systems that the entire HVENS platform sits on - hypervisors, storage controllers, the control plane, and the supporting management network in both Ashland and Denton. The vendor-recommended temporary mitigation has been applied to all of those systems. This work is complete and was rolled out using our existing configuration-management automation, which let us deploy the change to every host in parallel rather than touching them one at a time.

Customers should not have seen any service impact from this work. The mitigation is designed to be applied without rebooting, and our automation verified each host before moving on.

Managed customer workloads

For customers whose VMs and equipment we manage under a Richweb managed-services agreement, we have extended the same mitigation to those workloads. The same automation we used internally was reused here, so the rollout to managed customer systems happened on the same day, in the same window. If your environment is fully managed by Richweb, no action is needed on your end - it is already done.

Unmanaged VMs - customer action required

HVENS hosts a large number of VMs that customers operate themselves. We do not have administrative access to the operating systems inside those VMs, which means we cannot apply the Copy Fail mitigation on your behalf without breaking the boundary you've asked us to respect.

If your VMs in HVENS are self-managed, please:

  • Read the official Copy Fail advisory from your operating system or distribution vendor.
  • Determine which of your VMs are affected based on OS version, kernel version, and exposure.
  • Apply the recommended temporary mitigation now, and plan for the upstream patch when it lands in your distro's repos (see below).

If you are not sure whether your environment is managed or self-managed, contact Richweb's helpdesk and we'll confirm in writing. We can also quote managed-services coverage if you'd rather not handle vulnerabilities like this one yourself going forward.

What's next - the long-term patch

The temporary mitigation is exactly that: temporary. The proper, long-term fix has begun landing in upstream package repositories over the last 24 hours. We are now planning the rollout of those patches across our infrastructure and managed customer systems. That work will happen in scheduled maintenance windows so we can sequence reboots and revalidate hosts before bringing them back into rotation. Maintenance announcements will be posted to status.hvens.com in advance, as usual.

For self-managed VMs, please follow your own change-management process to apply the upstream patch when it reaches your distro. We are happy to advise on sequencing if you have questions.

Questions

If you have any questions about HVENS' response, whether your environment is covered, or what action you need to take, contact Richweb's helpdesk or call 804-368-0421. We'll continue to post material updates to this page and to the status site as the long-term patch rollout progresses.

References

Related

← Back to all posts