Tag

Cve 2026 31431

All articles tagged with #cve 2026 31431

Linux Copy Fail flaw exploited to gain root across major distros, CISA warns
security2 months ago

Linux Copy Fail flaw exploited to gain root across major distros, CISA warns

CISA warns that the Copy Fail vulnerability (CVE-2026-31431) in the Linux kernel’s algif_aead interface is being exploited to obtain root privileges on unpatched systems, with a PoC shown for Ubuntu 24.04 LTS, Amazon Linux 2023, RHEL 10.1, and SUSE 16. Patches are rolling out across major distros; CISA added the flaw to the Known Exploited Vulnerabilities catalog and urges prompt patching per vendor guidance under BOD 22-01, following earlier patches like Pack2TheRoot.

Copy Fail: Linux flaw lets any user grab root, patches rolling out
tech2 months ago

Copy Fail: Linux flaw lets any user grab root, patches rolling out

A widespread Linux vulnerability called Copy Fail (CVE-2026-31431) lets any user escalate to administrator privileges across most distributions since 2017. The exploit uses a cross-distro Python script with no per-distro offsets or recompilation, and can evade detection due to page-cache corruption that hides modified bytes from common monitoring tools. Theori researchers, with help from the Xint Code AI tool, disclosed the flaw; a patch was added to the mainline Linux kernel on April 1, and some distributions (e.g., Arch Linux, Red Hat Fedora, Amazon Linux) have since released patches or mitigations, though many others remain unpatched.

Copy Fail: Linux Kernel Zero-Day That Grants Root Across Distros
cybersecurity2 months ago

Copy Fail: Linux Kernel Zero-Day That Grants Root Across Distros

Security researchers disclosed Copy Fail, a Linux kernel zero-day (CVE-2026-31431) that lets any unprivileged local user gain root on major distros since 2017 by abusing AF_ALG sockets and splice() to corrupt in-memory page cache, leaving on-disk files unchanged; a 732-byte Python exploit reliably achieves root on tested systems (Ubuntu 24.04 LTS, Amazon Linux 2023, RHEL, SUSE). A patch reverts algif_aead.c to stop the behavior; mitigations include updating kernels or disabling the algif_aead module, with public disclosure on April 29, 2026 and Kubernetes container escape implications.

CopyFail exposes a universal Linux root exploit across containers and CI/CD
technology2 months ago

CopyFail exposes a universal Linux root exploit across containers and CI/CD

The CopyFail vulnerability (CVE-2026-31431) is a universal local privilege escalation in the Linux kernel that, with publicly released exploit code, can grant root across most distributions, threatening multi-tenant servers, Kubernetes containers, and CI/CD workflows; patches exist for some kernel versions, but many distros had not applied them when the exploit appeared, creating a dangerous zero-day patch gap that defenders are racing to mitigate.

Copy Fail exposes Linux to root by exploiting kernel crypto path
security2 months ago

Copy Fail exposes Linux to root by exploiting kernel crypto path

Security researchers disclosed Copy Fail (CVE-2026-31431), a Linux local privilege-escalation flaw in the algif_aead kernel module that lets an unprivileged user corrupt a page cache and elevate to root across major distributions since 2017. The issue is portable, cross-container, and can be triggered with a small Python script, prompting advisories from major distros. Exploitation is local (not remote) but remains highly dangerous due to its ease and wide impact.