Back

Copy Fail: Critical Linux Kernel Vulnerability Allows Root Access via Simple Exploit

Severity: High (Score: 74.0)

Sources: security-tracker.debian.org, Theregister, Xint, Reddit, ubuntu.com

Summary

A newly discovered local privilege escalation vulnerability, Copy Fail (CVE-2026-31431), affects major Linux distributions, allowing unprivileged users to gain root access by executing a 732-byte Python script. This exploit modifies the page cache of readable files without altering the on-disk version, evading traditional integrity checks. The vulnerability impacts all Linux distributions released since 2017, including Ubuntu, RHEL, and SUSE. It can also cross container boundaries, posing risks for multi-tenant systems and Kubernetes environments. Patches have been released by several major Linux distributions, including Debian and Ubuntu, while Red Hat has reversed its initial decision to delay a fix. The CVE has been rated high severity, with a score of 7.8 out of 10. The exploit is not remotely exploitable by itself but could be chained with other vulnerabilities for broader attacks. The discovery was aided by AI tools, highlighting a trend in vulnerability research. Key Points: • Copy Fail (CVE-2026-31431) allows root access via a simple 732-byte script on major Linux distros. • The exploit modifies the page cache, bypassing traditional integrity checks and affecting container environments. • Patches have been released by multiple Linux distributions, with Red Hat reversing its initial delay on fixes.

Key Entities

  • Zero-day Exploit (attack_type)
  • Internet Bug Bounty (ibb) Program (company)
  • Microsoft (company)
  • Theori (company)
  • Trend Micro (company)
  • SuSE (company)
  • CVE-2016-5195 (cve)
  • CVE-2022-0847 (cve)
  • CVE-2026-31431 (cve)
  • CWE-269 - Improper Privilege Management (cwe)
  • Cwe-787 - Out-of-bounds Write (cwe)
  • T1059.006 - Python (mitre_attack)
  • T1068 - Exploitation for Privilege Escalation (mitre_attack)
  • Amazon Linux (platform)
  • Kubernetes (platform)
  • Linux (platform)
  • RHEL (platform)
  • Python (tool)
  • Copy Fail (vulnerability)
  • Dirty Cow (vulnerability)
  • Dirty Pipe (vulnerability)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed