UTHPC - Possible temporary service interruptions due to Critical Linux Kernel Vulnerability (CVE-2026-31431) – Incident details

Possible temporary service interruptions due to Critical Linux Kernel Vulnerability (CVE-2026-31431)

Resolved
Major outage
Started 2 months agoLasted about 7 hours

Affected

rocket.hpc.ut.ee

Operational from 6:45 AM to 1:48 PM

kubernetes.hpc.ut.ee

Operational from 6:45 AM to 1:48 PM

minu.etais.ee

Operational from 6:45 AM to 1:48 PM

UT HPC webservices

Operational from 6:45 AM to 1:48 PM

hpc.ut.ee

Operational from 6:45 AM to 1:48 PM

docs.hpc.ut.ee

Operational from 6:45 AM to 1:48 PM

Updates
  • Resolved
    Resolved

    We have applied mitigation measures for the Critical Linux Kernel Vulnerability (CVE-2026-31431) across all affected services. The incident is resolved. 

    However, the virtual machine managers are still required to apply the patches following the guides published here: https://docs.hpc.ut.ee/public/cve-2026-31431/

    You are welcome to contact support for additional information: support@hpc.ut.ee

    Best, 

    UT HPC Center

  • Update
    Update

    We have created a documentation for CVE-2026-31431 mitigation: https://docs.hpc.ut.ee/public/cve-2026-31431/
    This is primarily useful for UT Cloud virtual machine managers. We'll keep updating the document with the best approaches as we learn more.

  • Update
    Update

    We are providing an update on the mitigation for the Critical Linux Kernel Vulnerability (CVE-2026-31431).

    We have learned that the mitigation described in CVE-2026-31431 is not effective on all Linux-based instances. Specifically, machines running RHEL or SUSE operating systems are currently not supported.  As the respective OS providers have not yet released the required patches, we are recommending the following steps: 

    python3 -c "
    import socket, sys
    try:
        s = socket.socket(socket.AF_ALG, socket.SOCK_SEQPACKET, 0)
        s.bind(('aead', 'authencesn(hmac(sha256),cbc(aes))'))
        print('VULNERABLE -  continue with next steps')
        sys.exit(1)
    except OSError as e:
        print('Not vulnerable:', e)
        sys.exit(0)
    "


    2. Add a kernel parameter of initcall_blacklist=algif_aead_init to /etc/default/grub:

    sed -i "s|^\(GRUB_CMDLINE_LINUX=\".*\)\"\s*$|\1 initcall_blacklist=algif_aead_init\"|" /etc/default/grub


    3. Check the result:

    grep GRUB_CMDLINE_LINUX /etc/default/grub
    
    # The line needs to end with initcall_blacklist=algif_aead_init", for example
    GRUB_CMDLINE_LINUX="... initcall_blacklist=algif_aead_init"
    
    Fix manually if necessary


    4. Update GRUB configuration:

    grub2-mkconfig -o /boot/grub2/grub.cfg


    5. Reboot the machine:

    reboot -h now


    6. Check again with the first script

    For instance, running Debian or Ubuntu, mitigation can be applied by installing the latest available kernel version and rebooting the machine. 

  • Identified
    Identified

    Due to the recently disclosed “Copy Fail” (CVE-2026-31431) Linux kernel vulnerability, our system administrators are actively applying mitigation measures and updates across all Tartu University HPC Center systems today.

    As a result, you may experience temporary interruptions or reduced service availability while this work is in progress. All UT HPC services are affected. At this time, the work is expected to be completed today; however, we will provide further updates if the situation extends beyond today.continuing to work on a fix for this incident.

    Users running their own Linux virtual machines are advised to apply the recommended patches on their systems by following the instructions provided in the “Mitigation” section of the CVE-2026-31431 advisory.

    Thank you for your understanding.