JovianDSS up32 and up33 are not affected by Linux kernel vulnerability, CVE-2026-31431 (Copy Fail)
CVE-2026-31431 (Copy Fail) is in the Linux kernel's `algif_aead` module, which is part of the AF_ALG userspace-crypto socket family.
That entire family is disabled at compile time in the kernel that ships in JovianDSS up32 b61683 and up33 b65410. Verified on a running JovianDSS:
# zcat /proc/config.gz | grep CONFIG_CRYPTO_USER_API_
# CONFIG_CRYPTO_USER_API_HASH is not set
# CONFIG_CRYPTO_USER_API_SKCIPHER is not set
# CONFIG_CRYPTO_USER_API_RNG is not set
# CONFIG_CRYPTO_USER_API_AEAD is not set
`algif_aead` is not built and not loadable on the appliance; a `socket(AF_ALG, ...)` call returns `EAFNOSUPPORT` from the kernel itself.
The exploit requires that socket to perform its in-place / `splice()` write, so it has no surface to land on - this is independent of the closed-appliance / no-shell argument.
No JovianDSS kernel update or Small Update is required for this CVE.
