"Copy Fail allows an attacker with local code execution privileges to modify the in-memory copy of any setuid-root binary readable by the user, thus achieving root shell access."
"The vulnerability poses a high risk for multi-tenant Linux environments, as well as for shared-kernel containers and CI runners executing untrusted code."
"According to Theori, successful exploitation can be achieved with a simple 732-byte Python script, on essentially any Linux distribution shipped since 2017."
"Copy Fail differs from both Dirty Pipe, a page cache corruption flaw that abuses pipe buffer flags, and Dirty Cow, which exploits a race condition in the COW path."
A critical logic bug in the Linux kernel, tracked as CVE-2026-31431 and named Copy Fail, enables unprivileged attackers to write code into other files' memory, potentially gaining root shell access. This vulnerability affects all Linux distributions since 2017 and is linked to the kernel's AEAD template used in IPsec. The flaw allows modification of in-memory copies of setuid-root binaries, posing significant risks in multi-tenant environments and shared-kernel containers. Organizations are urged to update their systems promptly to mitigate this threat.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]