Who is affected
If your kernel was built between 2017 and the patch — which covers essentially every mainstream Linux distribution — you're in scope.
Copy Fail requires only an unprivileged local user account — no network access, no kernel debugging features, no pre-installed primitives. The kernel crypto API ( AF_ALG ) ships enabled in essentially every mainstream distro's default config, so the entire 2017 → patch window is in play out of the box.
Distributions we directly verified:
Distribution Kernel Ubuntu 24.04 LTS 6.17.0-1007-aws Amazon Linux 2023 6.18.8-9.213.amzn2023 RHEL 10.1 6.12.0-124.45.1.el10_1 SUSE 16 6.12.0-160000.9-default
These are what we tested directly. Other distributions running affected kernels — Debian, Arch, Fedora, Rocky, Alma, Oracle, the embedded crowd — behave the same. Tested it elsewhere? Open an issue to add to the list.
Should you patch first?