Hi @Sergey Nosov
Thank you for the detailed question and for sharing the AKS advisory context — I understand you're looking for a clear, service-level position for CVE‑2026‑31431 (“Copy Fail”) in Azure App Service on Linux / Linux Function Apps.
How this applies to App Service (Linux)
Azure App Service is a fully managed PaaS offering, so the underlying host OS and kernel are not customer-managed. Microsoft is responsible for applying security updates and mitigations at the platform level.
Azure manages OS patching for both the physical servers and the VMs hosting App Service, and updates are applied automatically using safe deployment practices.
For high‑priority vulnerabilities (including kernel issues), patches are handled on a case‑by‑case basis and deployed transparently by Microsoft.
About this CVE and risk context
- This is a Linux kernel local privilege escalation vulnerability, meaning exploitation requires prior local code execution (for example, within a container or application process).
In App Service:
- Apps run inside isolated containers
- Customers don’t have access to the host kernel or module controls
- The platform enforces additional isolation boundaries
This significantly reduces the exposure unless there is a separate application-level vulnerability allowing code execution.About the AKS advisory (clarification)
You also referenced the AKS bulletin, which is a good reference point:
https://learn.microsoft.com/en-us/azure/aks/security-bulletins/overview?tabs=aks-node-image%2Caks-cluster%2Caks-addons
This document shows how Microsoft mitigates kernel vulnerabilities (for example, via node image updates or configuration changes). In many cases:
Fixes are rolled out automatically, and no customer action is required.
However, this guidance is specific to AKS. For App Service, Microsoft doesn’t publish the exact mitigation mechanism or rollout timing for security reasons.
What you should do (clear recommendation)
For App Service customers:
- No host-level action is required (you cannot patch or modify the kernel)
- Continue standard security best practices:
- Avoid executing untrusted code in your application
- Keep your app dependencies or container images updated
- Use monitoring (Defender, logs) for abnormal behavior detection
reference:
https://learn.microsoft.com/en-us/azure/app-service/overview-patch-os-runtime
https://www.microsoft.com/en-us/security/blog/2026/05/01/cve-2026-31431-copy-fail-vulnerability-enables-linux-root-privilege-escalation/
https://learn.microsoft.com/en-us/azure/aks/security-bulletins/overview?tabs=aks-node-image%2Caks-cluster%2Caks-addons
If the answer is helpful, Please do click "Accept the answer” and Yes, this can be beneficial to other community members.
If you have any other questions, let me know in the "comments" and I would be happy to help you
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(32, 86%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESN%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(32, 15%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJA%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 7.000000000000001%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPM%3C/text%3E%3C/svg%3E)