UTHPC - Possible temporary service interruptions due to Critical Linux Kernel Vulnerability (CVE-2026-31431) – Intsidentide üksikasjad

Kõik teenused on töökorras!

Possible temporary service interruptions due to Critical Linux Kernel Vulnerability (CVE-2026-31431)

Lahendatud
Suure mõjuga katkestus
Algas 2 kuu eestKestis umbes 7 tundi

Mõjutatud

rocket.hpc.ut.ee

Töökorras alates 6:45 AM kuni 1:48 PM

kubernetes.hpc.ut.ee

Töökorras alates 6:45 AM kuni 1:48 PM

minu.etais.ee

Töökorras alates 6:45 AM kuni 1:48 PM

UT HPC webservices

Töökorras alates 6:45 AM kuni 1:48 PM

hpc.ut.ee

Töökorras alates 6:45 AM kuni 1:48 PM

docs.hpc.ut.ee

Töökorras alates 6:45 AM kuni 1:48 PM

Värskendused
  • Lahendatud
    Lahendatud

    We have applied mitigation measures for the Critical Linux Kernel Vulnerability (CVE-2026-31431) across all affected services. The incident is resolved. 

    However, the virtual machine managers are still required to apply the patches following the guides published here: https://docs.hpc.ut.ee/public/cve-2026-31431/

    You are welcome to contact support for additional information: support@hpc.ut.ee

    Best, 

    UT HPC Center

  • Uuendus
    Uuendus

    We have created a documentation for CVE-2026-31431 mitigation: https://docs.hpc.ut.ee/public/cve-2026-31431/
    This is primarily useful for UT Cloud virtual machine managers. We'll keep updating the document with the best approaches as we learn more.

  • Uuendus
    Uuendus

    We are providing an update on the mitigation for the Critical Linux Kernel Vulnerability (CVE-2026-31431).

    We have learned that the mitigation described in CVE-2026-31431 is not effective on all Linux-based instances. Specifically, machines running RHEL or SUSE operating systems are currently not supported.  As the respective OS providers have not yet released the required patches, we are recommending the following steps: 

    python3 -c "
    import socket, sys
    try:
        s = socket.socket(socket.AF_ALG, socket.SOCK_SEQPACKET, 0)
        s.bind(('aead', 'authencesn(hmac(sha256),cbc(aes))'))
        print('VULNERABLE -  continue with next steps')
        sys.exit(1)
    except OSError as e:
        print('Not vulnerable:', e)
        sys.exit(0)
    "


    2. Add a kernel parameter of initcall_blacklist=algif_aead_init to /etc/default/grub:

    sed -i "s|^\(GRUB_CMDLINE_LINUX=\".*\)\"\s*$|\1 initcall_blacklist=algif_aead_init\"|" /etc/default/grub


    3. Check the result:

    grep GRUB_CMDLINE_LINUX /etc/default/grub
    
    # The line needs to end with initcall_blacklist=algif_aead_init", for example
    GRUB_CMDLINE_LINUX="... initcall_blacklist=algif_aead_init"
    
    Fix manually if necessary


    4. Update GRUB configuration:

    grub2-mkconfig -o /boot/grub2/grub.cfg


    5. Reboot the machine:

    reboot -h now


    6. Check again with the first script

    For instance, running Debian or Ubuntu, mitigation can be applied by installing the latest available kernel version and rebooting the machine. 

  • Tuvastatud
    Tuvastatud

    Due to the recently disclosed “Copy Fail” (CVE-2026-31431) Linux kernel vulnerability, our system administrators are actively applying mitigation measures and updates across all Tartu University HPC Center systems today.

    As a result, you may experience temporary interruptions or reduced service availability while this work is in progress. All UT HPC services are affected. At this time, the work is expected to be completed today; however, we will provide further updates if the situation extends beyond today.continuing to work on a fix for this incident.

    Users running their own Linux virtual machines are advised to apply the recommended patches on their systems by following the instructions provided in the “Mitigation” section of the CVE-2026-31431 advisory.

    Thank you for your understanding.