Back

Critical Linux Kernel Vulnerability 'Copy Fail' Allows Root Access Across Major Distros

Severity: High (Score: 72.0)

Sources: Cybernews, Itnews.Au, News.Ycombinator, ubuntu.com, Theregister

Summary

A newly disclosed local privilege escalation vulnerability, identified as Copy Fail (CVE-2026-31431), affects virtually all major Linux distributions released since 2017. This flaw allows unprivileged local users to execute a 732-byte Python script that modifies the page cache of readable files, enabling root access without altering the on-disk file. The vulnerability stems from a logic flaw in the Linux kernel's authencesn cryptographic template and has been rated with a severity score of 7.8 out of 10. Major distributions including Ubuntu, RHEL, and SUSE have begun issuing patches. The exploit is particularly concerning for environments using multi-tenant systems or shared-kernel containers, as it can cross container boundaries. The vulnerability was discovered by Theori researcher Taeyang Lee, aided by AI tools. A second part of the disclosure will address its implications for Kubernetes container escapes. Immediate patching is recommended for affected systems. Key Points: • Copy Fail (CVE-2026-31431) allows unprivileged users to gain root access on major Linux distros. • The exploit is a simple 732-byte Python script that modifies the page cache, evading integrity checks. • Patches have been released by major Linux distributions, and immediate action is advised for affected systems.

Key Entities

  • Zero-day Exploit (attack_type)
  • Internet Bug Bounty (ibb) Program (company)
  • Microsoft (company)
  • Theori (company)
  • Trend Micro (company)
  • Debian (company)
  • CVE-2016-5195 (cve)
  • CVE-2022-0847 (cve)
  • CVE-2026-31431 (cve)
  • CWE-120 - Classic Buffer Overflow (cwe)
  • CWE-269 - Improper Privilege Management (cwe)
  • Cwe-787 - Out-of-bounds Write (cwe)
  • T1059.006 - Python (mitre_attack)
  • T1068 - Exploitation for Privilege Escalation (mitre_attack)
  • Alma (platform)
  • Amazon Linux (platform)
  • Arch (platform)
  • Kubernetes (platform)
  • Linux (platform)
  • Docker (tool)
  • GitHub Actions (tool)
  • Python (tool)
  • Xint Code (tool)
  • Copy Fail (vulnerability)
  • Dirty Cow (vulnerability)
  • Dirty Pipe (vulnerability)
  • Pack2TheRoot (vulnerability)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed