Security scanners may identify VMware Live Recovery Manager (VLR) appliances as potentially vulnerable to **CVE-2026-31431**, also known as the "Copy Fail" vulnerability.

• Product: VMware Live Recovery (VLR)
• Version: 9.0.2
  
  

CVE-2026-31431 targets a logic flaw within the Linux kernel module `algif_aead`. An exploit of this vulnerability requires the presence of the `CONFIG_CRYPTO_USER_API_AEAD` kernel configuration parameter or the `algif_aead` stack within the operating system.

Investigation and internal consultation with Engineering have confirmed that VMware Live Recovery Manager 9.0.2 is not affected by CVE-2026-31431. The vulnerable kernel component is explicitly unset in the 9.0.2 release manifest, providing a native mitigation.

No remediation or patching is required for VLR 9.0.2 regarding CVE-2026-31431.

To verify the exposure on your specific appliance, perform the following steps:

1. Log in to the VLR appliance via SSH or the Console as a privileged user.

2. Execute the following command to check the kernel configuration:
   grep CONFIG_CRYPTO_USER_API_AEAD /boot/config-$(uname -r)

3. Verify the output. The expected output confirming the feature is disabled is:
   `# CONFIG_CRYPTO_USER_API_AEAD is not set`

If the command returns that the flag is not set, the attack surface for this CVE does not exist on the appliance.