Hello everyone.
I am cross-posting this from my LinkedIn. This is primarily intended for anyone running AlmaLinux in their environment, but the content provided can be modified to be used for additional distributions:
Late last week, many of you likely heard quite a bit about CVE-2026-31431, a Linux kernel vulnerability known more colloquially as "CopyFail" If not, you can read up more about it on NVD, where it is given a High Severity Score:
Xint also has a good writeup about it, including a PoC for the bug, which allows an attacker to fairly trivially achieve root on a vulnerable system.
AlmaLinux has already tested and pushed out patches this weekend.
I took the opportunity the weekend to create some BigFix content that will identify which AlmaLinux systems are vulnerable. (At this point, if you have not yet patched in the last few days, you are likely vulnerable.)
The content includes:
-
A BigFix Task that collects the kernel version and uses sed to provide some text transformation to remove extraneous text.
-
A BigFix Analysis to ingest the results of the the above Task.
-
A Gemini-enhanced web report to display the findings in Web Reports.
This content is available at my personal Github here:
Please note the usual disclaimers: This is not official BigFix content and although I have tested it in my homelab, I make no guarantees about this content. That being said, feel free to modify and redistribute as you see fit.