Update mitigation guidance and tools for CVE-2026-31431

disable-algif-aead/README.md

@@ -0,0 +1,37 @@
+# Mitigation Advice for CVE-2026-31431 (Copy Fail)
+
+This document provides immediate mitigation steps for CVE-2026-31431. While waiting for patched node images to roll out, you can protect your clusters using the following methods.
+
+## GKE Standard Nodes running Container-Optimized OS (COS)
+For GKE Standard nodes running Container-Optimized OS, you can set the `initcall_blacklist=algif_aead_init` kernel parameter on your nodes to disable the impacted functionality. 
+
+You can apply the privileged DaemonSet (`cos-disable-algif-aead.yaml`) provided in this directory to set this kernel parameter. Be mindful that this tool immediately reboots nodes; you can use the `cloud.google.com/gke-algif-aead-disabled` node label to control the application of the DaemonSet. This option will block legitimate usage of this kernel behavior as well as malicious usage.
+
+**Deployment Instructions:**
+1. Label your target nodes to control the rollout:
+```bash
+kubectl label nodes <node-name> cloud.google.com/gke-algif-aead-disabled=true
+```
+2. Apply the DaemonSet:
+```bash
+kubectl apply -f cos-disable-algif-aead.yaml
+```
+
+### ⚠️ Known Limitations
+* **Secure Boot:** This mitigation does not work if Secure Boot is enabled. The init container will never finish initializing because Secure Boot prevents changes to the kernel command line boot options.
+* **Spot Nodes:** We've received reports that this mitigation is intermittently failing on Spot (Preemptible VM) nodes due to cgroup configuration errors during container initialization, however we have been unable to reproduce this.
+* **Node Reboots:** Applying this DaemonSet will immediately reboot the affected nodes.
+
+## GKE Standard Nodes running Ubuntu
+For GKE Standard nodes running Ubuntu, you can blacklist the `algif_aead` module on your nodes (for example, by using a privileged DaemonSet) with the following commands:
+
+```bash
+echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif-aead.conf
+rmmod algif_aead 2>/dev/null
+```
+
+## GKE Autopilot (and Alternative for Standard)
+GKE Autopilot does not allow running privileged daemonsets, and therefore must be mitigated by applying a [custom seccomp profile to your workloads to block AF_ALG socket creation](../spo-seccomp-mitigation). This also works as an alternative mitigation method for GKE Standard clusters.
+
+---
+*Note: We do not recommend relying on containers as a strict security boundary. For stronger isolation, consider using GKE Sandbox, network policies and the guidance found at [https://docs.cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster](https://docs.cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster).*

spo-seccomp-mitigation/README.md

@@ -2,6 +2,8 @@
 
 This directory provides a mitigation for CVE-2026-31431 using the Kubernetes Security Profiles Operator (SPO). It uses a custom `SeccompProfile` that copies containerd's default allowed syscalls but blocks both `AF_VSOCK` and `AF_ALG` (socket family 38).
 
+This is the recommended mitigation for GKE Autopilot clusters and environments where running privileged DaemonSets is not allowed.
+
 ## Instructions
 
 **1. Install the Security Profiles Operator (SPO)**
@@ -17,7 +19,7 @@ kubectl apply -f seccomp-profile.yaml
 **3. Enable Binding on the Namespace**
 For the binding to take effect, you must label the target namespace to permit the Security Profiles Operator to modify pods within it:
 ```bash
-kubectl label ns my-namespace spo.x-k8s.io/enable-binding=true
+kubectl label ns <your-namespace> spo.x-k8s.io/enable-binding=true
 ```
 
 **4. Bind the Profile to Containers**
@@ -28,3 +30,6 @@ kubectl apply -f profile-binding.yaml
 
 **5. Restart Existing Pods**
 The binding is applied via a mutating webhook during pod creation. Existing pods must be restarted or recreated to pick up the new profile and be protected.
+
+---
+*Note: We do not recommend relying on containers as a strict security boundary. For stronger isolation, consider using GKE Sandbox.*