https://community.hpe.com/t5/hpe-morpheus-vm-essentials/does-the-quot-copy-fail-quot-kernel-vulnerability-cve-2026-31431/m-p/7268142#M2284 <P>Not impacted by the CVE-2026-31431.<BR />Neither HVM OS nor the Morpheus QCOW image loads the impacted kernel module. Out of the box this module is disabled.</P> Mon, 08 Jun 2026 06:10:59 GMT babusude 2026-06-08T06:10:59Z https://community.hpe.com/t5/hpe-morpheus-vm-essentials/does-the-quot-copy-fail-quot-kernel-vulnerability-cve-2026-31431/m-p/7268141#M2283 <P>I am looking to verify our patching strategy regarding the recent "Copy Fail" local privilege escalation vulnerability (CVE-2026-31431). Because this vulnerability targets the Linux kernel's global page cache via the userspace crypto API (AF_ALG), it presents a major threat to environments running unprivileged workloads or containers, as it allows clean privilege escalation to root.</P><P>Since HPE VM Essentials (VME) relies on an hardened Ubuntu architecture for both the HVM compute hosts and the core Morpheus-based VME Manager appliance, this CVE is highly relevant to our environment.</P><P>I want to know if anyone has gone through the process of patching this specific kernel exploit across their VME clusters yet, and if there are any official guidelines from HPE regarding dependency breakages.</P> Tue, 09 Jun 2026 16:05:27 GMT https://community.hpe.com/t5/hpe-morpheus-vm-essentials/does-the-quot-copy-fail-quot-kernel-vulnerability-cve-2026-31431/m-p/7268141#M2283 SevanSardarian 2026-06-09T16:05:27Z https://community.hpe.com/t5/hpe-morpheus-vm-essentials/does-the-quot-copy-fail-quot-kernel-vulnerability-cve-2026-31431/m-p/7268142#M2284 <P>Not impacted by the CVE-2026-31431.<BR />Neither HVM OS nor the Morpheus QCOW image loads the impacted kernel module. Out of the box this module is disabled.</P> Mon, 08 Jun 2026 06:10:59 GMT https://community.hpe.com/t5/hpe-morpheus-vm-essentials/does-the-quot-copy-fail-quot-kernel-vulnerability-cve-2026-31431/m-p/7268142#M2284 babusude 2026-06-08T06:10:59Z