A Linux kernel vulnerability, publicly identified as CVE-2026-31431 and commonly referred to as the “Copy Fail,” has been reported.

This article explains its impact on VMware Avi Load Balancer.

Avi Load Balancer Controller and Service Engine

CVE-2026-31431 is a bug in the Linux kernel. Avi Load Balancer is a hardened virtual appliance built on top of Ubuntu, and is therefore subject to this vulnerability at the operating system layer.

The vulnerability is caused by a logic flaw within the algif_aead Linux kernel module of the AF_ALG (userspace crypto API) in the Linux kernel's cryptographic subsystem. Due to an improper memory handling optimization introduced in 2017, an attacker can corrupt the in-memory cache of privileged binaries (such as setuid binaries) without altering the physical file on disk and gain root privileges.

Successful exploitation requires both network access and authenticated access to the system.

Avi Load Balancer does not use the vulnerable kernel interface in any default code path — it relies on standard OpenSSL cryptography, and the SSL engine loader is disabled by default. There is no built-in trigger for this vulnerability inside the Avi Load Balancer product itself.

The Avi Load Balancer Security team is actively working to include the kernel fix in all upcoming Avi releases. Once Ubuntu publishes the patched kernel version, it will be validated and shipped as part of the next scheduled updates.

Note: The fix for this CVE cannot be delivered via an Avi patch. The fix can be delivered via a maintenance release.

This article will be updated with any released versions that ship the fixed kernel.

Mitigation:

To reduce immediate exposure, the algif_aead kernel module can be disabled. Run the following commands on the Avi Controller and Service Engine nodes:

# Creates a modprobe policy that prevents algif_aead from loading automatically on future reboots.

echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf

# Immediately unloads the module from the running kernel. If the module is not currently loaded, the command exits silently without error.

rmmod algif_aead 2>/dev/null || true

Reboot each node (Controller/SE) where the algif_aead kernel module is disabled as per above instructions and verify algif_aead kernel module is in disabled state or unloaded after the reboot with below instructions:

~# cat /etc/modprobe.d/disable-algif.conf
install algif_aead /bin/false

~$ lsmod | grep -i algif_aead
<Does not list the module>

Ubuntu security advisory - Please Check link for updates.

CVE description - Available at link once the embargo is lifted.

Impact Evaluation of CVE‑2026‑31431 ("Copy Fail") of VMware by Broadcom product portfolio

This article will be updated as soon as Ubuntu publishes the patched kernel version and Avi target release versions are confirmed. Customers who have already applied the workaround above do not need to take any further action until the patch is released.