US EditionSevere Linux Copy Fail security flaw uncovered using AI scanning help
The exploit works across vulnerable distributions with no modification, and researchers said many distros had not yet shipped fixes when details were published.
- On Wednesday, security firm Theori publicly disclosed CVE-2026-31431, a severe local privilege escalation vulnerability known as CopyFail that allows unprivileged users to gain administrator privileges across virtually all Linux distributions released since 2017.
- The vulnerability stems from a logic flaw in the Linux kernel's crypto API, where the AEAD template process fails to copy data correctly; the same Python script therefore works reliably across distributions without modification.
- DevOps engineer Jorijn Schrijvershof noted the flaw is "unusually nasty" because page-cache corruption never marks pages dirty, allowing the exploit to bypass monitoring tools like AIDE and OSSEC and compromise Kubernetes nodes.
- Although a patch for CopyFail was added to the mainline Linux kernel on April 1st, few distributions had incorporated the fixes when Theori released the exploit code five weeks after private disclosure.
- Security experts consider CopyFail the "worst make-me-root vulnerabilities in the kernel in recent times," comparing its severity to historical bugs like Dirty Pipe from 2022 and Dirty Cow from 2016.
12 Articles
12 Articles
There is a new follow-up failure on Linux that is worrying the security anliasts and secialists. This copy failure vulnerability (CVE-2026-31431) has been discovered in the Linux kernel and allows you to...
Dangerous New Linux Exploit Gives Attackers Root Access to Countless Computers
The exploit, dubbed CopyFail and tracked as CVE-2026-31431, allows hackers to take over PCs and data center servers. The Linux vulnerabilities have been patched—but many machines remain at risk.
Severe Linux Copy Fail security flaw uncovered using AI scanning help
Nearly every Linux distribution released since 2017 is currently vulnerable to a security bug called "Copy Fail" that allows any user to give themselves administrator privileges. The exploit, publicly disclosed as CVE-2026-31431 on Wednesday, uses a Python script that works across all of the vulnerable Linux distributions, requiring "no per-distro offsets, no version checks, no recompilation," according to Theori, the security firm that uncovere…
Imagine a Python script so short that it fits in a tweet and that, executed on almost any Linux machine, gives you the keys to the kingdom. That’s CopyFail, the vulnerability that has been hidden in the kernel for nine years and that this week has put half the Internet to apply patches to counterclockwise. The bug is officially called CVE-2026-31431, but someone in Mastodon baptized it as CopyFail and the name stayed. It affects the practical to…
CVE-2026-31431: Copy Fail vulnerability enables Linux root privilege escalation across cloud environments
In this article Introduction to Malware Binary Triage (IMBT) Course Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor. Enroll Now and Save 10%: Coupon Code MWNEWS10 Note: Affilia…
Coverage Details
Bias Distribution
- 67% of the sources lean Left
Factuality
To view factuality data please Upgrade to Premium
