Copy-fail-destroyer: K8s remediation for CVE-2026-31431

Blacklisting a kernel module only prevents modprobe from loading it automatically. modprobe by name still works, even if the module is blacklisted, and so does insmod and the syscalls they use.

The author is way above their head and thinks that because they can write Copilot prompts they can write security critical software.

Yeah run a highly privileged, node-level workload by an Internet stranger to mitigate against a kernel vulnerability. No thanks.

In any case, this unloads the module which does nothing if it's compiled into the kernel as in GKE.