I cannot reproduce it either. Blacklisting the affected kernel module should apparently be fine.
+ # protect against the copy fail exploit by blacklisting the affected kernel modules
+ boot.blacklistedKernelModules =
+ [ "af_alg" "algif_hash" "algif_skcipher" "algif_rng" "algif_aead" ];