Users and administrators are advised to install updates using standard system tools.
Russian developer NTC IT "ROSA" has released updates addressing the Copy Fail vulnerability (CVE-2026-31431) in the Linux kernel. This vulnerability allows a local user to escalate privileges to root level, granting full access to the system. The issue stems from a logical error in the Linux cryptographic subsystem, affecting distributions with kernels released after 2017.
Updates are already available for ROSA "Khrom" OS 12, 12 FSTEC, and 13, including supported kernel branches 6.12, 6.6, 6.1, 5.15, and 5.10. The patched packages are distributed through ROSA repositories and can be installed using standard system tools. After installing the update, a system reboot is required for the fixes to take effect.
Alexey Kiselev, Head of OS ROSA Development Department, emphasized that the company promptly responds to vulnerability information and releases fixes as part of its standard support process. He recommended that administrators check for updates and schedule system reboots in the near future. The company explained:
It is important that the presence of a vulnerability does not mean automatic system compromise. For its exploitation, an attacker needs local access or the ability to execute code. Nevertheless, CVE-2026-31431 is considered a dangerous vulnerability because it provides an attacker with a path from limited user access to full control over the system.