We were affected by Copy Fail (CVE-2026-31431). We patched it for you. Here's the full story.

CVE-2026-31431, known as "Copy Fail," is a critical vulnerability affecting most Linux systems since 2017, allowing an unprivileged process to execute a controlled 4-byte write into the kernel's page cache, leading to potential root access. The vulnerability is particularly worrisome for shared-host environments due to its deterministic, cross-tenant, and invisible nature. Zerops, using shared-kernel Incus system containers for performance and cost efficiency, quickly addressed the issue by leveraging its infrastructure design that tracks the Zabbly mainline kernel, allowing them to deploy a patched kernel across their nodes within hours of the vulnerability's disclosure. This swift response contrasted with the challenges faced by individual server managers and platforms relying on older kernels, which required coordination for patches and maintenance. The incident underscores the importance of high availability (HA) services in maintaining uptime during such kernel emergencies, with Zerops HA services experiencing zero disruption while non-HA services had minimal downtime.