Skip to content

waltrone1/copyfail-safe-check

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
screenshots
screenshots
 
 
README.md
README.md
 
 
copyfail-safe-check.sh
copyfail-safe-check.sh
 
 

Repository files navigation

Copy Fail Safe Check

Read-only Linux safety check for CVE-2026-31431 / Copy Fail.

This tool checks whether the known algif_aead-based Copy Fail attack path appears to be mitigated on a Linux system.

Safety

This script is defensive only.

It does not:

  • run exploit code
  • modify the system
  • download additional payloads
  • attempt privilege escalation

Do not run public exploit code on production systems.

Usage

Clone this repository:

git clone https://github.com/waltrone1/copyfail-safe-check.git
cd copyfail-safe-check
chmod +x copyfail-safe-check.sh
./copyfail-safe-check.sh

Or download only the script:

curl -O https://raw.githubusercontent.com/waltrone1/copyfail-safe-check/main/copyfail-safe-check.sh
chmod +x copyfail-safe-check.sh
./copyfail-safe-check.sh

If curl is not available:

wget https://raw.githubusercontent.com/waltrone1/copyfail-safe-check/main/copyfail-safe-check.sh
chmod +x copyfail-safe-check.sh
./copyfail-safe-check.sh

Example results

The script always shows a clear final result at the end of the output.

Critical / action required

Critical result

Protected, but reboot required

Reboot required result

All safe

OK result

Cleanup after the check

The script is read-only and does not change the system.

If you only cloned this repository to run the check, you can remove it afterwards:

cd ~
rm -rf copyfail-safe-check

If you downloaded only the script, you can remove it afterwards:

rm -f ./copyfail-safe-check.sh

This only removes the check tool itself. It does not undo system updates, mitigations or security settings.

How to read the result

If you are not sure what the output means, focus on the final result section at the end of the script output.

All safe

ALL SAFE - NO ACTION REQUIRED
Machine-readable status: OK_MITIGATED

The system appears to be protected against the checked Copy Fail attack path.
No further action is required right now.

Protected, but reboot required

PROTECTED NOW - REBOOT REQUIRED
Machine-readable status: MITIGATED_REBOOT_REQUIRED

The system appears to be protected for now, but a reboot is required so installed kernel or system updates become active.

Recommended action:

sudo reboot

After the reboot, run the check again:

./copyfail-safe-check.sh

Action required

ACTION REQUIRED - MODULE IS LOADED

or:

ACTION REQUIRED - MODULE IS LOADABLE

The system should be reviewed and secured.

Recommended action:

  • update kernel and relevant packages
  • apply vendor-recommended mitigations if needed
  • reboot if required
  • run this check again afterwards

Manual review required

MANUAL REVIEW REQUIRED

The script could not clearly determine the protection status.
Review the full output manually.

References

The following links are provided for background information only.

Do not run public exploit code on production systems.

Disclaimer

This tool is a defensive helper for administrators.

It does not guarantee that a system is fully secure. Always follow your Linux distribution vendor's official security advisories and patch guidance.

Maintainer

Maintained by @waltrone1.

About

A safe read-only Linux check for CVE-2026-31431 / Copy Fail without running exploit code.

Resources

Readme
Activity

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages