Linode incident

(Copy Fail) Linux Kernel Local Privilege Escalation Vulnerability [CVE-2026-31431]

Minor Resolved View vendor source →

Linode experienced a minor incident on May 1, 2026 affecting US-East (Newark) and US-East (Newark) Block Storage and 1 more component, lasting 4d 4h. The incident has been resolved; the full update timeline is below.

Started
May 01, 2026, 05:51 PM UTC
Resolved
May 05, 2026, 10:19 PM UTC
Duration
4d 4h
Detected by Pingoru
May 01, 2026, 05:51 PM UTC

Affected components

US-East (Newark)US-East (Newark) Block StorageUS-East (Newark) NodeBalancersUS-East (Newark) BackupsUS-East (Newark) Object StorageUS-East (Newark) Linode Kubernetes EngineUS-Central (Dallas)US-Central (Dallas) Block StorageUS-Central (Dallas) NodeBalancersUS-Central (Dallas) Backups

Update timeline

  1. investigating May 01, 2026, 05:51 PM UTC

    Akamai is aware of the recently disclosed “Copy Fail” vulnerability (CVE-2026-31431). We are assessing the issue and are working to address it across our product portfolio and internal systems. While we have not observed any related malicious exploits targeting our infrastructure, Akamai continuously works to reduce risks and enhance our security posture. We are taking both immediate and longer-term steps to mitigate potential impacts and help ensure the continued confidence of our customers. Per our Shared Security Model[1], customers are responsible for making sure their service’s installed applications and code are securely configured and patched. Given the nature of this vulnerability, it should be assumed that all virtual machines running Linux are at-risk until patched. We will be publishing more details as patches are incorporated into the base images that we supply, but we strongly recommend customers deploy mitigations on all instances. Furthermore, the nature of the vulnerability suggests that container escapes are possible, so customers allowing untrusted workloads to execute in their containers may need to take additional steps to secure their containerized workloads. We will provide further information regarding our posture and recommended actions for Akamai Compute customers who may be affected. [1] https://www.akamai.com/legal/security

  2. investigating May 01, 2026, 05:52 PM UTC

    We are continuing to investigate this issue.

  3. resolved May 05, 2026, 10:19 PM UTC

    We have completed our investigation and response to the “Copy Fail” Linux kernel local privilege escalation vulnerability (CVE-2026-31431). We have published a documentation article with detailed guidance on available mitigations and recommended actions for affected systems. Customers can find more information and step-by-step instructions here: https://www.linode.com/docs/guides/cve-2026-31431-copy-fail-mitigation/ We encourage all customers to review the article and apply the appropriate mitigations to their environments. If you have questions or need assistance, please contact us at 855-454-6633 (+1-609-380-7100 Intl.) or email [email protected] for assistance.