Dear deepin users and community partners,

Recently, the deepin community detected a high-risk local privilege escalation vulnerability in the Linux kernel.

This vulnerability, dubbed "Copy Fail" (CVE-2026-31431), exists in the Linux kernel cryptographic subsystem (the algif_aead module). It originates from a code optimization introduced in 2017, which causes the AF_ALG cryptographic interface to potentially share the same kernel page cache page between the source and destination buffers when processing AEAD cryptographic operations.

Given its severity and widespread impact, we strongly recommend that all users upgrade as soon as possible to ensure the security of your systems.

I. Vulnerability Information

CVE ID: CVE-2026-31431

Description: This vulnerability stems from a logical flaw in the algif_aead module of the Linux kernel cryptographic subsystem. A 2017 optimization introduced in-place operations, leading to inconsistent memory mappings for source and destination during associated data (AD) processing. As a result, kernel page cache pages can be mixed into a writable scatterlist. By combining the AF_ALG cryptographic interface with the splice() system call, an attacker can write 4 bytes of controlled data into the page cache of any readable file (e.g., the setuid program /usr/bin/su). Since the page cache is shared by all processes on the same kernel, tampering with a setuid program and subsequently executing it can grant root privileges.

Severity: High

Exploitation Prerequisites: An attacker only needs local unprivileged user access to launch the attack.

Affected Scope: All users running an unpatched deepin 25 are affected. Immediate update and upgrade are recommended.

II. Fix Progress

• deepin 25 (6.18 kernel): The security update has been pushed – please upgrade immediately!
• deepin 25 (6.6 kernel): The fix has been completed. Please stay tuned for the upcoming system update.