flash on Nostr: ⚡🚨 NEW - A newly discovered security vulnerability known as Copy Fail, or ...
⚡🚨 NEW - A newly discovered security vulnerability known as Copy Fail, or CVE-2026-31431, has been disclosed in the Linux kernel.
It affects virtually every major Linux distribution released since 2017.
The flaw sits in the kernel’s cryptographic subsystem and stems from a logic error introduced back in 2017:
- It allows any local user without special privileges to escalate directly to root.
- The exploit is unusually simple: a short Python script can reliably achieve this by modifying data only in the system’s memory cache rather than on disk.
- In practice, an attacker can target any readable file, such as a setuid-root binary like sudo or su, and alter it only in RAM.
- The change is invisible to file integrity monitors and leaves no trace on the hard drive.
- The same technique also works from inside containers, potentially allowing an escape from Docker, Kubernetes, or similar environments to compromise the host server.
- This makes Copy Fail both stealthy and highly portable across systems.
Patches have already begun rolling out from major distributors. System administrators should apply the latest kernel updates and reboot as soon as possible.
Published at
2026-04-30 18:56:32 UTCEvent JSON
{
"id": "9c6409bc88918ba5e06ac84412d7d4c1c6ccbe64e2e942a31e5dd76d9c8bd2d2",
"pubkey": "4d7842051782e0d3feb034d150adc2b6bae4ee3b49786793bffa468b6f5b96b3",
"created_at": 1777575392,
"kind": 1,
"tags": [],
"content": "⚡🚨 NEW - A newly discovered security vulnerability known as Copy Fail, or CVE-2026-31431, has been disclosed in the Linux kernel.\n\nIt affects virtually every major Linux distribution released since 2017.\n\nThe flaw sits in the kernel’s cryptographic subsystem and stems from a logic error introduced back in 2017:\n\n- It allows any local user without special privileges to escalate directly to root.\n\n- The exploit is unusually simple: a short Python script can reliably achieve this by modifying data only in the system’s memory cache rather than on disk.\n\n- In practice, an attacker can target any readable file, such as a setuid-root binary like sudo or su, and alter it only in RAM.\n\n- The change is invisible to file integrity monitors and leaves no trace on the hard drive.\n\n- The same technique also works from inside containers, potentially allowing an escape from Docker, Kubernetes, or similar environments to compromise the host server.\n\n- This makes Copy Fail both stealthy and highly portable across systems.\n\nPatches have already begun rolling out from major distributors. System administrators should apply the latest kernel updates and reboot as soon as possible. https://blossom.primal.net/0de1348838cb232017a667b41f1e4a9def786bcf335747260514f15bd71d1ba7.jpg\nhttps://blossom.primal.net/2d13c9189e1180aba2c635164ec7d5646119328eadbc5032592bc417515c3eb1.png",
"sig": "f9d5b9aa7402fe39adf27cd3404a8ec5e2213e7c4543a5807acd34dd8a8bf21cef04dd04652db970ff084ca06dd26b936e9ffbe821e3f10f6dbec35bf6919dfd"
}
