franco
I imagine it's getting a lot of traffic. At least for Ubuntu users, this is the "source" of the fix.
Sure, the word got out via other places (some just trying to make a name for themselves, and some no doubt tricking people into doing something inadvertently malicious to their own systems). I appreciate the notification from Enhance, but was cautious until I was able to find this Ubuntu official page on this vulnerability.
From: https://ubuntu.com/blog/copy-fail-vulnerability-fixes-available (but you should confirm everything yourself)
Manual mitigation (alternative)
If you cannot apply the userspace mitigation through an upgrade of the kmod package, you can configure it manually on your system using the instructions in this section.
Block the module by creating a /etc/modprobe.d/manual-disable-algif_aead.conf file. This is the same action that the kmod update performs.
echo "install algif_aead /bin/false" | sudo tee /etc/modprobe.d/manual-disable-algif_aead.conf
Unload the module, in case it is already loaded:
sudo rmmod algif_aead 2>/dev/null
Check whether the module is still loaded:
grep -qE '^algif_aead ' /proc/modules && echo "Affected module is loaded" || echo "Affected module is NOT loaded"
Unloading the module could affect currently running applications. Similarly, if it is currently in use, removing the module might fail. In these instances, a system reboot should trigger the applications to fallback to non-accelerated cryptographic functions:
sudo reboot
