From 236f609f5a8ee4fd653b9b31f0e6ffc38893e671 Mon Sep 17 00:00:00 2001 From: Nathan Melehan Date: Thu, 7 May 2026 21:09:35 +0000 Subject: [PATCH] [Update] CVE-2026-31431: Copy Fail Mitigation Update guidance for recycling node pools --- .../cve-2026-31431-copy-fail-mitigation/index.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/guides/security/security-patches/cve-2026-31431-copy-fail-mitigation/index.md b/docs/guides/security/security-patches/cve-2026-31431-copy-fail-mitigation/index.md index 5ec2996e39c..417191b1f4e 100644 --- a/docs/guides/security/security-patches/cve-2026-31431-copy-fail-mitigation/index.md +++ b/docs/guides/security/security-patches/cve-2026-31431-copy-fail-mitigation/index.md @@ -80,8 +80,9 @@ For virtual machines (Linode VMs) you can: * Older versions of the different Linux distributions remain available for customers to launch. The reason for this is that we cannot assess for our customers what risks they are willing to accept, and that we cannot break automated deployment pipelines for them. We strongly recommend that customers who continue to deploy older releases manually mitigate the vulnerability as described above. * If you are using "GRUB 2" (default since August 2018), your Linode will boot with the kernel in the OS disk image. However, if you are [still using one of our kernels to boot](https://techdocs.akamai.com/cloud-computing/docs/manage-the-kernel-on-a-compute-instance), the latest kernel configuration (version 7.0.3) contains the patch for the vulnerability. Older Linode provided kernel configurations (e.g., "6.15.7-x86_64-linode169") remain vulnerable. Customers using these configurations are strongly encouraged to switch to the latest kernel and reboot, or use "GRUB 2" to boot from their own kernel on their primary disk, which has been Linode's default boot option since 2018. -For Linode Kubernetes Engine (LKE and LKE-E), the underlying nodes run a Linux kernel based on the Debian 12 (for LKE) and Ubuntu 22/24 (for LKE-Enterprise) distribution. Existing deployments will need patching until we can provide updated images. We will update this post when they are available. You can choose one of the following options: +For Linode Kubernetes Engine (LKE and LKE-E), the underlying nodes run a Linux kernel based on the Debian 12 (for LKE) and Ubuntu 22/24 (for LKE-Enterprise) distribution. These have been updated, but existing deployments will need patching. You can choose one of the following options: +* Upgrade to the latest images by [recycling your node pools](https://techdocs.akamai.com/linode-api/reference/post-lke-cluster-pool-recycle). * The most durable option is to apply the mitigations outlined above via a DaemonSet. This will ensure mitigations are in place should scaling provision new nodes. * Note: A `RuntimeDefault` seccomp profile is insufficient. * Alternatively, mitigations can be applied manually or via infrastructure as code (IaC) tools like Terraform or Ansible. \ No newline at end of file