Jammy stemcells prior to v1.1193 are impacted by the Copy Fail vulnerability (CVE-2026-31431). This issue is caused by a logic bug within the kernel's algif_aead module, which can lead to unauthorized root access.

TAS/EAR and TKGi with Jammy Stemcells prior to v1.1193

An updated Jammy stemcell that includes the upstream Linux kernel fix for CVE-2026-31431 is targeted for release during the June patch cycle (June 16th). Subscribe to this KB to be notified when the resolution is officially released.

Until the patch is available, you can update to Jammy stemcell v1.1193 or later. This version automatically mitigates the issue by disabling the algif_aead module.

If a stemcell update is not immediately possible, you can manually disable the module by running the following command against your deployment:

bosh -d <YOUR_DEPLOYMENT_GUID> ssh -c 'echo "install algif_aead /bin/false" > /tmp/disable-algif.conf && sudo su -c "cp /tmp/disable-algif.conf /etc/modprobe.d/disable-algif.conf; rmmod algif_aead || echo Skipping unload module"'

NOTE: This change will persist after a VM reboot but not after VM recreate.

You might see “stdout | rmmod: ERROR: Module algif_aead is not currently loaded” in the output, which means that the algif_aead kernel module was not active in the memory of those specific VMs.

See Tanzu Security Advisory for CVE-2026-31431

The fix for Copy Fail CVE is now available in Jammy stemcell v1.1234 https://techdocs.broadcom.com/us/en/vmware-tanzu/platform/stemcells/services/stemcell-rn/stemcells.html