Docker Seccomp Patch Breaks SteamCMD: Kernel Vulnerability Triggers Compatibility Failure

A recent Docker update has introduced a critical compatibility issue affecting SteamCMD deployments. The disruption traces back to CVE-2026-31431, a Linux kernel copy vulnerability that prompted Docker maintainers to apply a band-aid patch to their default seccomp profile. This security hardening, while addressing the underlying kernel flaw, has inadvertently broken functionality for applications dependent on specific system call patterns.

SteamCMD—the command-line utility widely used for deploying and updating Steam game servers—appears to rely on the socketcall mechanism that Docker's patched seccomp profile now restricts. Users deploying SteamCMD inside Docker containers have reported failures following standard updates, with the utility unable to execute properly under the tightened security constraints. The issue affects containerized environments where SteamCMD is run for automated server management, mod installation, or game server provisioning.

Community workarounds have emerged. Affected operators can download the previous seccomp profile directly from the Moby repository and manually specify it at container launch using the `--security-opt seccomp=/path/to/seccomp/profile.json` flag. This restores the older, less restrictive policy allowing socketcall operations. Alternatively, updating the host Linux kernel to a version that fully addresses CVE-2026-31431 may resolve the conflict without requiring manual profile management. Docker and Moby maintainers have yet to issue an official statement on whether the legacy profile will be re-released as a supported fallback or if application-level fixes will be pursued upstream.