US Edition
'An Hour of Scan Time Is All It Took': "Copy Fail" Flaw Impacts All Linux Kernels Released Since 2017, so Patch Now or Face the Consequences
The 732-byte exploit works without offsets or races and can alter setuid-root binaries to give attackers root on major Linux distributions.
- Security researchers at Theori discovered CVE-2026-31431, a local privilege escalation flaw dubbed Copy Fail that affects Linux kernels released since 2017, allowing unprivileged users to gain root permissions.
- Copy Fail stems from a logic bug in the Linux kernel's cryptographic template introduced in 2017, allowing an authenticated user to perform a "4-byte write in to the page cache of any readable file on the system."
- Theori developed a 732-byte exploit that is "100% reliable. Script roots every Linux distribution shipped since 2017." Researchers confirmed the exploit on Ubuntu 24.04 LTS, Amazon Linux 2023, RHEL 10.1, and SUSE 16.
- Tharros principal vulnerability analyst Will Dormann notes "Fedora 42 and newer have updates, but no official advisory or acknowledgement of CVE-2026-31431." Users can mitigate risks by disabling the algif_aead module until patches arrive.
- Theori suggests treating multi-tenant Linux hosts, Kubernetes clusters, and cloud SaaS running user code as patching priorities. Securing shared kernel environments remains critical as a wave of new exploits is expected.
31 Articles
31 Articles
In the world of cybersecurity, even old vulnerabilities pose serious threats. One such vulnerability is the recently discovered Copy Fail. Through intuition, and after an hour of AI-powered scanning, cybersecurity researchers were able to identify and exploit a nine-year-old root escalation vulnerability that affects every Linux release since 2017. The vulnerability, dubbed “Copy Fail” by Xint researchers, is officially known as CVE-2026-31431. …
What’s the CopyFail Linux vulnerability about?
CopyFail: researchers detail a Linux root access bug Researchers disclosed CopyFail , a Linux vulnerability that can allow an unprivileged local attacker to gain root access . The flaw is described as being now patched , but researchers warn that many Linux distributions have yet to incorporate…
Xint, the provider of the AI-powered code analysis service "Xint Code," has announced that it has discovered a vulnerability called "Copy Fail" in the encryption-related functions of the Linux kernel that allows for local privilege escalation, enabling a regular user to gain root privileges.
A critical vulnerability of the "zero day" type has been made public in the Linux kernel, which allows any unprivileged local user to gain full root access in virtually all major Linux distributions launched since 2017.tags: linux, zero day, exploit, vulnerability» original news (cyberpress.org)
Coverage Details
Bias Distribution
- 67% of the sources are Center
Factuality
To view factuality data please Upgrade to Premium
