We receive a lot of questions regarding CVE-2026-31431, better known as the "Copy Fail" root exploit.
U7 was never exploitable that way. This is because the kernel version of CentOS 7 is older than the version that introduced the kernel bug in the first place. (And not to leave a false impression: We are paying for TuxCare's "Endless Lifecycle Support" which means we still receive security updates for critical bugs.)
U8 was technically exploitable that way in the past, but the clean bugfix itself made it into upstream kernel version 6.9.12 at the end of March already (at that time it wasn't considered too critical by basically all Linux distributors). We do frequent updates including reboots, so at the time when the "Copy Fail" exploit was being published, we were already running kernel version 6.9.14, the third minor version containing the fix.
We nevertheless implemented the suggested mitigation (blocking the problematic algif_aead from being loaded) on all systems yesterday evening, rather immediately after public disclosure of the Copy Fail exploit. At that time we wanted to mitigate this issue as quickly as possible, not - yet - knowing that neither U7 nor U8 weren't exploitable anyway.