Copy Fail: Linux flaw lets any user grab root, patches rolling out

TL;DR Summary
A widespread Linux vulnerability called Copy Fail (CVE-2026-31431) lets any user escalate to administrator privileges across most distributions since 2017. The exploit uses a cross-distro Python script with no per-distro offsets or recompilation, and can evade detection due to page-cache corruption that hides modified bytes from common monitoring tools. Theori researchers, with help from the Xint Code AI tool, disclosed the flaw; a patch was added to the mainline Linux kernel on April 1, and some distributions (e.g., Arch Linux, Red Hat Fedora, Amazon Linux) have since released patches or mitigations, though many others remain unpatched.
- Severe Linux Copy Fail security flaw uncovered using AI scanning help The Verge
- The most severe Linux threat to surface in years catches the world flat-footed Ars Technica
- New Linux 'Copy Fail' Vulnerability Enables Root Access on Major Distributions The Hacker News
- Linux exploit instantly grants administrator access on most distributions since 2017 — cryptography optimization snafu grants root privileges to local users Tom's Hardware
- Another AI-Assisted Software Scan Yields 9-Year-Old Linux Bug Dark Reading
Reading Insights
Total Reads
0
Unique Readers
30
Time Saved
53 min
vs 54 min read
Condensed
99%
10,627 → 96 words
Want the full story? Read the original article
Read on The Verge