Impact of 'copy.fail' vulnerability on KeyHub

There is currently significant media attention surrounding a new vulnerability in the Linux kernel called copy.fail. We understand that such reports may raise questions regarding the security of your KeyHub environment.

We always assess the actual impact on the KeyHub architecture. In this specific case, there is no cause for immediate concern, provided you follow your regular update process.

What is the impact on KeyHub?

The impact on your KeyHub environment is minimal. The copy.fail bug is what is known as a local user exploit. This means that a malicious actor would already need active access as a local user on the operating system to exploit the vulnerability. In a standard KeyHub implementation, it is unusual (and unnecessary) for users to log in directly to the Virtual Machine (VM). Consequently, the practical attack surface is virtually non-existent.

How is this being resolved?

Despite the low risk, we always advise keeping your systems up to date. The fix for this vulnerability has been incorporated into KeyHub 48, which will be available from Monday 11 May. Depending on your version, the following applies:

• KeyHub 48 and higher: The fix for this vulnerability is included in this version. Users on this version are protected.
• Versions older than KeyHub 48:
  • Online installations: You can install the regular OS updates to receive the kernel fix.
  • Offline (air-gapped) installations: You must synchronise the updates via your own company repository to apply the kernel patch.

Do you have specific questions regarding your configuration? Please contact us via our support channel.