1. Forum
  2. tqwNet
  3. TQW GENTECH

  • 'An hour of scan time is all it took': "Copy Fail" flaw impacts a

    From TechnologyDaily@1337:1/100 to All on Friday, May 01, 2026 13:15:24
    'An hour of scan time is all it took': "Copy Fail" flaw impacts all Linux kernels released since 2017, so patch now or face the consequences

    Date:
    Fri, 01 May 2026 12:10:00 +0000

    Description:
    Linux users should update their servers now, or face possible attack.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter Experts reveal "CopyFail" flaw affecting Linux distros All Linux kernels released after 2017 are vulnerable Users urged to patch now or risk account takeover Security experts have
    warned of a major new vulnerability affecting Linux kernels, urging users to patch and upgrade without delay.

    The critical privilege escalation flaw, discovered by experts at Theori and dubbed "Copy Fail" can grant root privileges across all major Linux distributions , with containerized environments being especially vulnerable. All Linux kernels released after 2017 are vulnerable to the issue, which
    could allow an unprivileged local attacker to gain root permissions - but patches are available now for users to secure their systems. Article
    continues below You may like BeyondTrust RCE flaw lets hackers run code without logging in New cPanel vulnerability can grant root server access, so patch now SolarWinds Serv-U has some critical security flaws, so users should update now or face attack Update now Tracked as CVE-2026-31431, the exploit, which is just 732 bytes of Python code rooting Ubuntu, Amazon Linux, RHEL,
    and SUSE, is a straight-line logic flaw, requiring no race conditions or kernel-specific offsets.

    It added the issue "is a logic bug in the Linux kernel's authencesn cryptographic template" which means an authenticated user can reliably
    perform a "4-byte write in to the page cache of any readable file on the system."

    BleepingComputer notes that by combining the AF_ALG socket-based interface, which gives access to the Linux kernel crypto functions from user space, and the splice() system call, then means an unprivileged user can make a 4-byte controlled write in the page cache of a file, instead of a normal buffer -
    and if those 4 bytes hit a setuid-root binary, they can alter its behavior when executed, giving the attacker root privileges.

    Theori says it found the flaw using Xint Code, its AI-powered pentesting platform, which had been tasked with scanning the Linux crypto / sybsystem
    for issues. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners
    or sponsors By submitting your information you agree to the Terms &
    Conditions and Privacy Policy and are aged 16 or over.

    Same script, four distributions, four root shells in one take. The same exploit binary works unmodified on every Linux distribution, its blog post explains.

    Theori says it reported its finding to the Linux kernel security team on
    March 23 2026, and patches became available within a week. It also created a proof-of-concept exploit for the flaw, which it says is "100% reliable"
    across the major Linux distros listed above.

    "Copy Fail is not a story about a single bug, or about one teams tooling. Its a data point that the cost of finding deep logic flaws may have dropped by something like an order of magnitude," noted David Brumley, Chief AI and Science Officer at Bugcrowd.

    "If your threat model still budgets kernel LPEs as rare, you probably have weeks to update thatnot years." Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/an-hour-of-scan-time-is-all-it-took-cop y-fail-flaw-impacts-all-linux-kernels-released-since-2017-so-patch-now-or-face -the-consequences


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)