[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-81931":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":12,"openIssues":14,"contributorsCount":14,"subscribersCount":14,"size":14,"stars1d":14,"stars7d":14,"stars30d":14,"stars90d":14,"forks30d":14,"starsTrendScore":14,"compositeScore":15,"rankGlobal":10,"rankLanguage":10,"license":16,"archived":17,"fork":17,"defaultBranch":18,"hasWiki":17,"hasPages":17,"topics":19,"createdAt":10,"pushedAt":10,"updatedAt":26,"readmeContent":27,"aiSummary":28,"trendingCount":14,"starSnapshotCount":14,"syncStatus":29,"lastSyncTime":30,"discoverSource":31},81931,"wg.copyfail.patch","wgnet\u002Fwg.copyfail.patch","wgnet","CVE-2026-31431 eBPF fix","",null,"C",25,5,0,42.33,"GNU General Public License v2.0",false,"main",[20,21,22,23,24,25],"copy-fail","cve-2026-31431","ebpf","fix","lsm","workaround","2026-06-12 04:01:36","# CVE-2026-31431 aka [Copy.Fail](https:\u002F\u002Fcopy.fail) eBPF workaround\n\n## Why it matters\nThis CVE allows authorized user change cache copy of any readable file, which leads to Local Privilege Escalation (aka local root exploit), sandbox\u002Fcontainer escape and other issues.\nIt works by creating **AF\\_ALG** socket that is provided by algif\\* kernel modules.\n\nCurrent well-known workaround recommends disabling **algif\\_aead** module, that is not possible if the module is built-in, like in Fedora Linux, Oracle Linux and others RHEL-based.\nAlso, some upstreams are still missing the patch.\nIt means your systems will be vulnerable until you patch your kernel.\n\n## Solution\nThis package provides you two eBPF programs:\n- **ebpf-alg-socket-filter**, which filters AF\\_ALG socket creation by eBPF\u002FLSM kernel mechanism\n- **ebpf-alg-socket-killer**, which kills any program that creates AF\\_ALG socket\n\nI recommend use first one IF you have eBPF LSM module enabled in your kernel. You can check it by calling\n```\ncat \u002Fsys\u002Fkernel\u002Fsecurity\u002Flsm\n```\nand checking if `bpf` is there.\n\nIf you don't have eBPF LSM module, use second program, it's more *rude* but protects as well.\n\n## Building\n- Install clang, kernel-heders, libbpf-devel and bpftool\n- Copy vmlinux.h from your kernel headers\n- run `build.sh build`\n\n## Running\n- Run `apply.sh load` to load\n- Run `apply.sh unload` to unload\n- Run `apply.sh status` to check status\n\n","该项目提供了一个针对CVE-2026-31431漏洞的eBPF修复方案，该漏洞允许授权用户更改任何可读文件的缓存副本，从而导致本地权限提升、沙箱\u002F容器逃逸等问题。项目核心功能包括两个eBPF程序：ebpf-alg-socket-filter用于通过eBPF\u002FLSM内核机制过滤AF_ALG套接字创建；ebpf-alg-socket-killer则直接终止创建AF_ALG套接字的进程。前者适用于启用了eBPF LSM模块的系统，后者则为未启用该模块的情况提供了保护措施。此项目适用于需要修补CVE-2026-31431漏洞但暂时无法更新内核或禁用相关内核模块（如algif_aead）的场景，特别适合Fedora Linux等基于RHEL的操作系统使用。",2,"2026-06-11 04:07:14","CREATED_QUERY"]