Lots of Coverage About 9-Year-Old Linux Kernel Vulnerability (Privilege Escalation, Local)

posted by Roy Schestowitz on May 01, 2026,
updated May 07, 2026

• SUSE's Corporate Blog ☛ SUSE responds to the copy.fail vulnerability

  Copy Fail (tracked as CVE-2026-31431) is a critical vulnerability in the GNU/Linux kernel that allows a local non-root user to gain full root access to the system.

• Hot Hardware ☛ Critical Copy Fail Linux Flaw Lets Hackers Gain Root Access Across Major Distros

  It's not often that a major vulnerability is found in the Linux kernel, but when it does happen, it demands attention. Such is the case with "Copy Fail", which has just been found and disclosed by researchers at Xint Code. The good news is that the attack currently a proof of concept that has yet to be seen in the wild, and patches for major Linux distributions are already in the works. The bad news is that the Copy Fail exploit only requires only a tiny 732-byte Python script, and highlights a vulnerability in "every Linux distribution shipped since 2017" that allows attackers to gain root access, making it possible to fully hijack a Linux system in seconds.

• Security Week ☛ ‘Copy Fail’ Logic Flaw in Linux Kernel Enables System Takeover

  Affecting the kernel’s authencesn cryptographic template, the vulnerability was introduced in 2017 and impacts all distributions.

• OSTechNix ☛ Copy Fail: The 732-Byte Script That Roots Every Major Linux Systems

  It allows an unprivileged user to trigger a deterministic 4-byte write into the kernel’s shared page cache, enabling them to corrupt the in-memory version of a setuid binary (like /usr/bin/su) to gain root access. Since the vulnerability targets the page cache (RAM) rather than the disk, the malicious modification is invisible to standard file integrity tools and does not persist after a reboot.

• Security Affairs ☛ Copy Fail: New Linux bug enables Root via page‑cache corruption

  Linux flaw CVE‑2026‑31431, ‘Copy Fail,’ lets any local user write four bytes into page cache files, enabling easy escalation to root on major distros.

• HackRead ☛ 9-Year-Old Linux Kernel Vulnerability “Copy Fail” Enables Full Root Access

  Offensive security research firm Theori discovered a bug in the Linux kernel that, surprisingly, has existed since 2017. The flaw, dubbed Copy Fail and tracked as CVE-2026-31431, allows a regular user to take total control of a computer system.

• Bleeping Computer ☛ New Linux ‘Copy Fail’ flaw gives hackers root on major distros

  An exploit has been published for a local privilege escalation vulnerability dubbed “Copy Fail” that impacts Linux kernels released since 2017, allowing an unprivileged local attacker to gain root permissions.

  The vulnerability is tracked as CVE-2026-31431 and was discovered by the offensive security company Theori, using its AI-driven pentesting platform Xint Code after scaning the Linux crypto/ sybsystem for about an hour.

  Theori reported the finding to the Linux kernel security team on March 23, and patches became available within a week. Technical details and a proof-of-concept exploit for the flaw emerged publicly yesterday.

• Gov Info Sec News ☛ Linux 'Copy Fail' Flaw Delivers Root-Level Access to Distros

  The Linux kernel needs to be patched to fix a vulnerability that exists in every distribution of the operating system created from 2017, onward. Successfully exploiting the flaw in the kernel's cryptography API would give an attacker root-level access to the operating system.

• Hacker News ☛ New Linux 'Copy Fail' Vulnerability Enables Root Access on Major Distributions

  Cybersecurity researchers have disclosed details of a Linux local privilege escalation (LPE) flaw that could allow an unprivileged local user to obtain root.

  The high-severity vulnerability tracked as CVE-2026-31431 (CVSS score: 7.8) has been codenamed Copy Fail by Xint.io and Theori.

• Cybernews ☛ One tiny exploit gives full Linux access: all kernels since 2017 are vulnerable

  All Linux kernels released after 2017 are vulnerable to critical privilege escalation bugs. A tiny 732-byte exploit grants root privileges across all major Linux distributions, with containerized environments being especially vulnerable. The proof of concept and patches are publicly available.

• Security Boulevard ☛ Linux Kernel Flaw ‘Copy Fail’ Exposes Widespread Privilege Escalation Risk - Security Boulevard

  A newly disclosed Linux kernel vulnerability is exposing a pathway for unprivileged users to gain full admin control on a wide range of systems. The flaw, identified as CVE-2026-31431 and dubbed Copy Fail, affects nearly all major Linux distros released over the past eight years.

• IT News AU ☛ 'Copy Fail' Linux privesc bug lay dormant in kernel since 2017 - iTnews

  A logic flaw sitting undetected in the Linux kernel for nearly nine years lets any unprivileged local user gain root access on virtually every mainstream Linux distribution shipped since 2017, security researchers at Theori said.

• Dolphin Publications B V ☛ Critical kernel vulnerability affects a wide range of Linux distributions - Techzine Global

  The vulnerability, known as Copy Fail and registered as CVE-2026-31431, resides in a cryptographic component of the kernel. Researchers at Theori discovered that a user without special privileges can make limited modifications to the so-called page cache of files. According to the company, this mechanism can be exploited to ultimately gain full system access.

An update

• Noë Flatreaud ☛ 732-Bytes to Pwn Linux Kernel | Noë Flatreaud

  Copyfail (CVE-2026-31431) - recently found by Taeyang Lee with a little help from AI - doesn't do any of that.

  No race. No heap spray. No KASLR bypass. No ROP chain. No compiled binary. Just a logic flaw sitting in plain sight since 2017, weaponizable in 732 bytes of Python, yielding a juicy root shell on every major distro shipped in the last nine years.

  You don't even need to be fast. Just a loop, four bytes at a time, from a Python script.

  So, how does it work ?.

Lots more today:

• Unicorn Media ☛ Is It Panic Time? Linux’s Big Bad ‘Copy Fail’ Security Exploit

  ‘Copy Fail’ puts GNU/Linux users on alert as kernel patches race out and distros scramble to push them to the update channel.

• Information Security Media Group, Corporation ☛ Linux 'Copy Fail' Flaw Delivers Root-Level Access to Distros

  The Linux kernel needs to be patched to fix a vulnerability that exists in every distribution of the operating system created from 2017, onward. Successfully exploiting the flaw in the kernel's cryptography API would give an attacker root-level access to the operating system.

  "An unprivileged local user can write 4 controlled bytes into the page cache of any readable file on a Linux system, and use that to gain root," said researchers at offensive security firm Theori on Wednesday of the local privilege escalation flaw, CVE-2026-31431. They nicknamed it "Copy Fail."

• ‘Copy Fail’ bug can obtain root privileges in Linux distributions since 2017

  A logic bug in the Linux kernel called “Copy Fail” raised eyebrows because researchers found that a single 732-byte Python script can edit a setuid binary and obtain root privileges on essentially all Linux distribution shipped since 2017.

  Combined with the speed of AI, security researchers were also concerned because Copy Fail was found in about one hour of scan time and could take over hundreds, if not thousands, of Linux systems in short order.

• Tom's Hardware ☛ Linux exploit instantly grants administrator access on most distributions since 2017 — cryptography optimization snafu grants root privileges to local users

  Zero-day exploit instantly grants administrator access on most GNU/Linux distributions since 2017

• OSTechNix ☛ Debian 13 Trixie Just Patched Copy Fail (CVE-2026-31431) Vulnerability

  The Copy Fail fix is officially available in the Debian Trixie [security] repository. Users should ensure their systems are updated to the following version or higher:

  Fixed Version: 6.12.85-1

• Ubuntu ☛ Fixes available for CVE-2026-31431 (Copy Fail) Linux Kernel Local Privilege Escalation Vulnerability

  A local privilege escalation (LPE) vulnerability affecting the Linux kernel has been publicly disclosed on April 29, 2026. The vulnerability has been assigned CVE ID CVE-2026-31431 and is referred to as Copy Fail. The affected component is a kernel module that provides hardware-accelerated cryptographic functions: algif_aead. The vulnerability affects all Ubuntu releases before Resolute (26.04).

• TechRadar ☛ 'An hour of scan time is all it took': "Copy Fail" flaw impacts all Linux kernels released since 2017, so patch now or face the consequences

  Security experts have warned of a major new vulnerability affecting Linux kernels, urging users to patch and upgrade without delay.

  The critical privilege escalation flaw, discovered by experts at Theori and dubbed "Copy Fail" can grant root privileges across all major Linux distributions, with containerized environments being especially vulnerable.

• Dark Reading ☛ Another AI-Assisted Software Scan Yields 9-Year-Old Linux Bug

  The vulnerability, which researchers at Xint are calling "Copy Fail," has officially been given the designation CVE-2026-31431. It allows any local user to escalate root by leveraging a logic flaw in the Linux kernel's cryptography system. The flaw allows any unprivileged attacker to write four specific bytes of data to the in-memory copy of a readable file, to essentially piggyback on the program's default root powers.

• Help Net Security ☛ Nine-year-old Linux kernel flaw enables reliable local privilege escalation (CVE-2026-31431)

  Security researchers at Theori have disclosed a high-severity local privilege escalation (LPE) vulnerability (CVE-2026-31431) in the Linux kernel.

  The flaw, nicknamed “Copy Fail”, has affected virtually every major Linux distribution shipped since 2017, and a working proof-of-concept (PoC) exploit is publicly available.

• WARNING: New Linux Vulnerability Enables Root Access Across Every Major Linux Distribution

  A newly disclosed security flaw in the Linux kernel is raising serious concerns across the cybersecurity community, after researchers revealed that it can grant full root access on a wide range of systems with remarkable reliability.

• Kapersky ☛ Information about the Copy Fail vulnerability, which allows attackers to gain root access on virtually any modern Linux distribution

  A working exploit written in Python (later released in other programming languages as well) consists of about ten lines of code and uses standard system calls that are indistinguishable from normal system activity. We explain what the CVE-2026-31431 vulnerability, unofficially named as Copy Fail and published on April 29, is. We also have some advice on its mitigation and detection.

• Computing UK ☛ Nine-year-old high-severity Linux bug discovered

  Security researchers have unearthed a high severity local privilege escalation bug that affects almost all Linux distributions and dates back to 2027.

  The vulnerability has been named “Copy Fail” (CVE-2026-31431, CVSS 7.8, high severity) and was discovered by the Xint Code Research Team at bug bounty platform Theori.

• Dolphin Publications B V ☛ Linux distributions worldwide targeted by the Copy Fail exploit

  An exploit for the “Copy Fail” security vulnerability (CVE-2026-31431) in the Linux kernel has been made public. The vulnerability affects all major Linux distributions released since 2017 and grants attackers without administrator privileges full root access. Patches are available in new kernel versions; those who have not yet patched can disable the algif_aead module as a mitigation measure. The vulnerability, disclosed before a fix was ready, has caused frustration within the Linux community.

• The Record ☛ Nearly every Linux system built since 2017 vulnerable to ‘Copy Fail’ flaw

  Security researchers and European cybersecurity officials are urging administrators to address the risk posed by a newly discovered security flaw that has been hiding in the Linux operating system for nearly a decade.

  The bug allows anyone with a basic account on an affected computer to seize full administrative control. It also works as an escape route from cloud containers, meaning a compromised application running inside a supposedly isolated environment can break out and take control of the entire host server — a major risk given the cloud industry’s dependence on Linux distributions.

• InfoSecurity Magazine ☛ Nine-Year-Old Zero-Day Flaw in Linux Kernel Discovered by AI-Equipped Security Researcher

  A new high-security zero-day vulnerability that has lurked in the Linux kernel since 2017 has just been found with the help of AI.

  This nine-year-old flaw, dubbed ‘Copy Fail’, was discovered by Taeyang Lee, a vulnerability researcher at offensive security firm Theori

• HowTo Geek ☛ Linux faces its largest security threat in years—here's how to deal with Copy Fail

  The Linux community is dealing with its gravest security risk since 2022's Dirty Pipe. Researchers at cybersecurity firm Theori have shared details of Copy Fail, a vulnerability that gives attackers root access to nearly all Linux distributions with relatively little effort.

• CSO ☛ ‘Trivial’ exploit can give attackers root access to Linux kernel

  CSOs must ensure their Linux-based systems block unauthorized privilege escalation until distros release patches to plug a serious kernel vulnerability affecting all Linux distributions shipped since 2017.

  Until fixes are available for what’s been dubbed the Copy Fail logic bug (CVE-2026-31431), which lets users easily obtain root access, there isn’t much CSOs can do, says Johannes Ullrich, dean of research at the SANS Institute, as long as they have monitoring for privilege escalation already in place.

• TechSpot ☛ "Copy Fail" is a rare Linux bug that can turn an unprivileged user into a root admin in seconds

  Security researchers recently unveiled "Copy Fail," a bug that could potentially bring the entire Linux ecosystem to a screeching halt. The flaw can be reliably exploited across all Linux-based systems, both on local machines and in cloud environments. Vendors are now scrambling to patch the issue.

Rated 7.8:

• OSTechNix ☛ Fix Copy Fail (CVE-2026-31431) on Ubuntu and Linux Mint

  Copy Fail (CVE-2026-31431) is a Linux kernel local privilege escalation vulnerability that lets any unprivileged local user gain root access on virtually every Linux distribution built since 2017. It carries a CVSS score of 7.8 (HIGH).

  Ubuntu has released a mitigation through the kmod package that blocks the vulnerable algif_aead module.

  To fix it on Ubuntu and its derivatives like Linux Mint, do the following: [...]

• Jan Wildeboer ☛ PSA on Copy Fail (CVE-2026-31431)

  This is a short PSA (Public Service Announcement) on how I dealt with the Copy Fail vulnerability. This will be updated as soon as the updated kernel packages are made available. This is a pragmatic post on how to deploy a mitigiation RIGHT NOW.

4 more and some trolls:

• CVE-2026-31431: Copy Fail vulnerability enables Linux root privilege escalation across cloud environments [Ed: Microsoft trash-talking the competition while putting back doors in Windows]

• Neowin ☛ Microsoft, CISA warn on flaw affecting miilions of systems running major Linux distros [Ed: Microsoft is concern-trolling the thing it spent decades attacking

• The Verge ☛ Severe Linux Copy Fail security flaw uncovered using AI scanning help

  Some distributions have already released patches or mitigations for the exploit, including Arch Linux and RedHat Fedora.

• Hackster ☛ Researchers Warn of an Easily-Exploitable Privilege Escalation Vuln in Linux: Copy Fail

  Security researchers have warned of a local privilege execution vulnerability in the Linux kernel, exploitable via a small Python script across a wide variety of distributions — and affecting kernel versions stretching back to 2017: Copy Fail.

Many more today:

• Russell Coker ☛ Russell Coker: Copy Fail on Debian and SE Linux

  I have just learned of the Copy Fail kernel vulnerability [1] thanks to alexanderkjall@mastodon.social (who I have just followed on Mastodon and I recommend that you follow too). The question for me (after installing the patched kernel the systems of mine that are most exposed) is whether SE Linux would have stopped that.

• Help Net Security ☛ Week in review: High-severity LPE vulnerability in the Linux kernel, cPanel 0-day exploited for months

• US CISA adds ‘insane’ Linux Copy Fail flaw to watch list

  The flaw, titled “Copy Fail,” caught the attention of the US Cybersecurity and Infrastructure Agency (CISA), who added it to the Known Exploited Vulnerabilities (KEV) catalog on Saturday, warning it poses “significant risks to the federal enterprise.”

• CISA adds Linux Copy Fail flaw to exploited bug list

  A newly disclosed Linux security flaw has drawn attention from U.S. cyber officials after researchers warned that attackers could use a small Python script to gain root access on affected systems.

• Hacker News ☛ CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV

  The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a recently disclosed security flaw impacting various Linux distributions to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.

  The vulnerability, tracked as CVE-2026-31431 (CVSS score: 7.8), is a case of local privilege escalation (LPE) flaw that could allow an unprivileged local user to obtain root. The nine-year-old flaw is also tracked as Copy Fail by Theori and Xint. Fixes have been made available in Linux kernel versions 6.18.22, 6.19.12, and 7.0.

Still in headlines, Microsoft FUD included:

• Linux Kernel Elevation of Privilege Vulnerability

  A vulnerability was identified in Linux Kernel. A local attacker can exploit this vulnerability to trigger elevation of privilege on the targeted system.

• Forbes ☛ Update Linux Now As 9-Year-Old Root Hack Confirmed, CISA Warns Users

  With more than 27 million active users and powering 75% of all web-facing servers, it’s surprising that we don’t hear more about Linux security issues. Which isn’t to say they don’t occur, but media headlines tend to focus more on Windows users than on Linux users. However, when a nine-year-old security vulnerability that can grant an attacker root access in just 732 bytes of code is confirmed, impacting “every major Linux distribution,” according to the researchers who uncovered it, you’d better start paying attention. The U.S. Cybersecurity and Infrastructure Agency has very quickly added the vulnerability, known colloquially as Copy Fail, to its known exploited vulnerabilities catalog within just 24 hours of the official disclosure. Here’s what you need to know, and more importantly, what you need to do as a matter of some urgency.

• PC World ☛ Linux 'Copy Fail' flaw lets anyone hijack system privileges. Update ASAP

  Xint Code discovered the flaw in Linux’s authencesn cryptographic template, which “lets an unprivileged local user trigger a deterministic, controlled 4-byte write into the page cache of any readable file on the system.” In other words, anyone can potentially change the cached copy of any file in memory without actually changing the real file.

• Security Week ☛ Exploitation of ‘Copy Fail’ Linux Vulnerability Begins [Ed: Microsoft owns and speaks for Linux now? This is insane 'reporting']

  CISA has added the bug to its KEV list, and Abusive Monopolist Microsoft has observed limited exploitation, mainly associated with PoC testing.

• Scoop News Group ☛ ‘Copy Fail’ is a real Linux security crisis wrapped in Hey Hi (AI) slop

  The actively exploited defect could affect every mainstream GNU/Linux distribution built since 2017, but some researchers found Theori’s AI-generated disclosure unhelpful and lacking.

• Tom's Hardware ☛ CISA flags actively exploited ‘Copy Fail’ Linux kernel flaw enabling root takeover across major distros — unpatched systems may remain vulnerable to attack

  CISA warns of the actively exploited “Copy Fail” Linux flaw (CVE-2026-31431), enabling root access, with a public exploit released before patches were ready.

• Security Affairs ☛ U.S. CISA adds a flaw in Linux Kernel to its Known Exploited Vulnerabilities catalog

  The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in the Linux Kernel, tracked as CVE-2026-31431 (CVSS score of 7.8), to its Known Exploited Vulnerabilities (KEV) catalog.

  Recently, Xint Code researchers warned of a serious Linux flaw, tracked as CVE-2026-31431, dubbed Copy Fail. It lets any local, unprivileged user write four controlled bytes into the page cache of any readable file, enabling escalation to root on major distributions.

  The bug combines AF_ALG and splice() to write 4 bytes into the page cache of any readable file. A 732-byte script can modify a setuid binary in memory, without changing the file on disk, making detection difficult. The issue affects major distributions like Ubuntu, RHEL, SUSE, and Amazon Linux, and can even cross container boundaries due to shared page cache.

Terrible coverage, some of it slop, some cites Microsoft as Linux authority:

• Linux Magazine ☛ Microsoft Issues Warning About Linux Vulnerability [Ed: Microsoft as 'spokesperson' for Linux now?]

  The company behind backdoored Windows has released information about a flaw that affects millions of GNU/Linux systems.

• Microsoft warns of high-severity Linux privilege escalation flaw

• Linux Copy Fail vulnerability puts cloud systems at risk [Ed: Citing Microsoft again as authority on Linux]

  The vulnerability has a CVSS score of 7.8. Microsoft said it affects Linux kernels released from 2017 until patched versions are applied.

• PC Perspective ☛ Ubuntu And Canonical’s Lousy Thursday

  Thursday was a lousy day for Ubuntu users and Canonical as they found themselves under a DDoS attack which took down their site. That meant that it became rather challenging to get the patch for CopyFail, a rather terrifying threat to all Linux systems which was discovered last week. The good news was that mirror sites could still be reached, so with a little extra effort systems were still being patched.

• Heise ☛ Linux vulnerability "Copy Fail" is already being attacked

  Updated Linux source code has been available for about two weeks. Greg Kroah-Hartman has announced the first patches for kernels 6.18.22, 6.19.12, and 7.0 and has indicated further backports. Most Linux distributions now also offer corrected installation packages. IT managers should download and install them quickly.

• Copy Fail bug added to CISA’s list of known exploited vulnerabilities

  The Cybersecurity and Infrastructure Security Agency (CISA) on May 1 added the “Copy Fail” bug to its Known Exploited Vulnerabilities (KEV) catalog.

  Security pros were concerned about CVE-2026-31431 when it was first reported last week because a single 732-byte Python script could obtain root privileges on essentially all Linux distributions shipped since 2017.

• Bleeping Computer ☛ CISA says ‘Copy Fail’ flaw now exploited to root Linux systems

  CISA has warned that threat actors have started exploiting the "Copy Fail" Linux security vulnerability in the wild, one day after Theori researchers disclosed it and shared a proof-of-concept (PoC) exploit.

  Tracked as CVE-2026-31431, this security flaw was found in the Linux kernel's algif_aead cryptographic algorithm interface and enables unprivileged local users to gain root privileges on unpatched Linux systems by writing four controlled bytes to the page cache of any readable file.

• U.S. government warns of severe CopyFail bug affecting major versions of Linux

  U.S. cybersecurity agency CISA says the CopyFail bug is being actively used in hacking campaigns, and poses a major risk to servers and datacenters that rely on Linux.

• Critical Linux flaw "CopyFail" is being actively exploited — federal agencies have until May 15 to patch

  A critical Linux kernel vulnerability called CopyFail is under active exploitation, and US federal agencies have a hard deadline of May 15 to apply fixes. The flaw affects the vast majority of Linux systems built since 2017 — including Ubuntu, Red Hat Enterprise Linux, Amazon Linux, and SUSE — and gives an attacker full root control over a compromised machine. For anyone running Linux servers, cloud workloads, or containerized infrastructure, this one demands immediate attention.

• US Government Warns of Critical ‘Copy Fail’ Linux Bug as Active Exploitation Begins - CXO Digitalpulse

• MLQ ☛ CISA Elevates CopyFail Linux Flaw to Actively Exploited Vulnerabilities List [Ed: This seems to be LLM slop disguised as "news"]

• Critical Copy Fail Flaw Puts Millions of Linux Systems at Risk

  I think this is one of those moments where the scale of risk feels bigger than the current attacks. Even if exploitation is still limited, the combination of wide exposure and easy privilege escalation makes this a serious wake up call. Linux runs the backbone of the internet, and a flaw like this shows how quickly things can spiral if patching is delayed. If I were running any infrastructure, this would be top priority right now.

Still all over the news:

• antiX Linux ☛ Copy Fail Kernel upgrades available

  Users are strongly recommended to update to one of the latest available antiX kernels for antiX-26, antiX-23, antiX-22/21 and antiX-sid/testing 5.10.254-antix.1 6.6.137-antix.1 (x64 only)

• CopyFail Bug Lets Attackers Seize Root on Almost Every Linux System

  A freshly weaponized hole in the Linux kernel has security teams working overtime, and the U.S. government wants federal systems patched before the middle of May. Researchers nicknamed the flaw CopyFail, and after exploit code went public, attackers wasted no time putting it to work against real machines.

• Graham Cluley ☛ Smashing Security podcast #466: Meta sees everything, Copy Fail, and a deepfake gets hired

  Meanwhile, the IT press is in a frenzy over a new Linux bug called “Copy Fail” – complete with logo, dedicated website, and a marketing-friendly name. But is it really the disaster everyone’s making it out to be?

• CopyFail in Linux: a critical vulnerability that gives full system control

  US government structures are sounding the alarm: a vulnerability has been discovered in the Linux ecosystem that can give attackers full access to the system. This is a bug with the code CVE-2026-31431, which was unofficially named CopyFail. Although the patch has already been released, much of the infrastructure around the world is still at risk.

• ZDNet ☛ This critical Linux vulnerability is putting millions of systems at risk - how to protect yours

  CVE-2026-31431, also known as Copy Fail, is a critical Linux kernel vulnerability that's been hiding out since 2017 and is now getting the security spotlight it deserves.

• SUSE Linux Kernel Multiple Vulnerabilities

  Multiple vulnerabilities were identified in SUSE Linux Kernel. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, security restriction bypass, sensitive information disclosure, remote code execution and data manipulation on the targeted system.

• Debian Linux Kernel Multiple Vulnerabilities

  CVE-2026-31431 is being exploited in the wild. Copy Fail (CVE-2026-31431) is a logic bug in the Linux kernel's authencesn cryptographic template. It lets an unprivileged local user trigger a deterministic, controlled 4-byte write into the page cache of any readable file on the system. A single 732-byte Python script can edit a setuid binary and obtain root on essentially all Linux distributions shipped since 2017.

• It's FOSS ☛ Should You Be Worried About The Copy Fail Linux Exploit?

  It's been patched, but cloud and container users should update sooner than later.

  [...]

  The actual file on disk stays intact the whole time, so any tool checking file integrity will see nothing wrong. The exploit is just a 732-byte Python script that doesn't require any additional dependencies or compilation.

• The Register UK ☛ Attackers are cashing in on fresh 'CopyFail' Linux flaw

  CISA is warning that a newly-disclosed Linux kernel bug dubbed "CopyFail" is already being exploited, just days after researchers dropped a working root-level exploit.