Explore the latest developments concerning New Linux 'Copy.
New Linux 'Copy Fail' Vulnerability Enables Root Access on Major Distributions
Cybersecurity researchers have disclosed details of a Linux local privilege escalation (LPE) flaw that could allow an unprivileged local user to obtain root.
The high-severity vulnerability tracked as CVE-2026-31431 (CVSS score: 7.8) has been codenamed Copy Fail by Xint.io and Theori.
"An unprivileged local user can write four controlled bytes into the page cache of any readable file on a Linux system, and use that to gain root," the vulnerability research team at Xint.io and Theori said.
At its core, the vulnerability stems from a logic flaw in the Linux kernel's cryptographic subsystem, specifically within the algif_aead module. The issue was introduced in a source code commit made in August 2017.
‘Copy Fail’ Logic Flaw in Linux Kernel Enables System Takeover
Affecting the kernel’s authencesn cryptographic template, the vulnerability was introduced in 2017 and impacts all distributions.
A high-severity logic bug in the Linux kernel allows unprivileged attackers to write code to other files’ memory and obtain root shell, cybersecurity firm Theori reports.
Tracked as CVE-2026-31431 (CVSS score of 7.8) and dubbed Copy Fail, the issue is believed to affect all Linux distributions since 2017.
The security defect impacts the kernel’s authencesn Authenticated Encryption with Associated Data (AEAD) template, which IPsec uses for Extended Sequence Number (ESN) support.
According to Theori, the issue is that Linux places page cache pages in a writable scatterlist, that authencesn uses the caller’s destination scatterlist as scratch space, and that a 2017 optimization put page cache pages in the writable scatterlist.
NEEDONE 48L Cigar Humidor with Heating and Cooling Temperature Control System Quiet Thermostatic Electric Cooler Cabinet
The most severe Linux threat to surface in years catches the world flat-footed
CopyFail threatens multi-tenant servers, CI/CD work flows, Kubernetes containers, and more.
Publicly released exploit code for an effectively unpatched vulnerability that gives root access to virtually all releases of Linux is setting off alarm bells as defenders scramble to ward off severe compromises inside data centers and on personal devices.
The vulnerability and exploit code that exploits it were released Wednesday evening by researchers from security firm Theori, five weeks after privately disclosing it to the Linux kernel security team. The team patched the vulnerability in versions 7.0, 6.19.12, 6.18.12, 6.12.85, 6.6.137, 6.1.170, 5.15.204, and 5.10.254) but few of the Linux distributions had incorporated those fixes at the time the exploit was released.
For more detailed information, explore updates concerning New Linux 'Copy.
Leave a Reply