Linux algif_aead AF_ALG disabled fleet-wide for CVE-2026-31431; patch rollout planned

AI Impact Summary

Copy Fail (CVE-2026-31431) is a logic bug in the Linux kernel's crypto subsystem (AF_ALG) that enables an unprivileged user to write into the page cache, creating a cross‑tenant risk in multi‑tenant AI environments. In response, the fleet-wide mitigation unloaded the algif_aead module and quarantined its .ko file to disable the vulnerable path without rebooting, delivering immediate risk reduction. The rollout plan is to stage vendor kernel patches in non-production clusters, conduct soak tests on AI workloads and GPU drivers, and progressively roll out by region while keeping algif_aead disabled where not needed. Detection telemetry was extended with Copy Fail‑aware signals and privileged-binary monitoring to spot anomalous AF_ALG activity. Business-wise, until patches are applied, multi-tenant AI workloads lose AF_ALG-based AEAD capability and face an elevated security risk, necessitating coordinated patching and validation across regions.