i was looking for advice on how to mitigate my server from copy.fail vulnerability and found this post that says UCS is not affected. But I ran the copy.fail script on my machine and it worked, so at least my server was vulnerable.
I was hoping to find guidance on this forum, but since there is no suggestion on how to handle this I did what I think is the “right” way: added the algif_aead module to the exclude list on ucr registry kernel/blacklist:
After rebooting and running the exploit it did not worked, so the mitigation was sound.
This is no advice on how to mitigate, just a heads up that my server was indeed vulnerable and so may be yours.
I am using 5.2-5 errata419 with all packages updated.