Cloudflare mitigates Copy Fail Linux vulnerability across its fleet

1 articles · Updated · The Cloudflare Blog · May 7

After the CVE-2026-31431 disclosure on 29 April, Cloudflare said its 330-city infrastructure was protected with patched 6.12 kernels or bpf-lsm, and no customer data or services were affected.
The company said existing behavioural detections flagged exploit activity within minutes during internal validation, while threat hunting across 48 hours of logs found no signs of compromise.
Cloudflare resumed normal reboot automation on 4 May after staging and fleet-wide rollout, using bpf-lsm to block unauthorised AF_ALG access until patched kernels were deployed.

An AI found a decade-old Linux flaw in one hour. What other critical vulnerabilities might AI uncover next?

If eBPF can be blinded by kernel rootkits, is this celebrated 'rebootless fix' just an illusion of security?

As AI automates finding exploits, is the era of waiting for scheduled kernel patches now dangerously obsolete?