"An unprivileged local user can write four controlled bytes into the page cache of any readable file on a Linux system, and use that to gain root. The kernel reads the page cache when it loads a binary, so modifying the cached copy amounts to altering the binary for the purpose of program execution."
"Copy Fail is similar to other LPE bugs such as Dirty Cow and Dirty Pipe, but its finders claim it doesn't require winning a race condition and it's more broadly applicable. The proof of concept exploit is a 10-line, 732-byte Python script capable of editing a setuid binary to gain root on almost all Linux distributions released since 2017."
"The vulnerability also represents a potential container escape primitive that could affect Kubernetes nodes, because the page cache is shared across the host. Linux distros Debian, Ubuntu, and SUSE have issued patches for the problem, as have overseers of other distros."
A local privilege escalation vulnerability, Copy Fail (CVE-2026-31431), has been identified in the Linux kernel's authencesn cryptographic template. An unprivileged user can manipulate the page cache of readable files to gain root access. The exploit is a simple Python script that modifies setuid binaries. While not remotely exploitable alone, it poses risks when combined with other vulnerabilities. The issue is particularly concerning for multi-tenant systems and shared-kernel containers. Major Linux distributions have begun issuing patches, with a high severity rating of 7.8 out of 10.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]