"An unprivileged local user can write four controlled bytes into the page cache of any readable file on a Linux system, and use that to gain root."
"Successful exploitation of the shortcoming could allow a simple 732-byte Python script to edit a setuid binary and obtain root on essentially all Linux distributions shipped since 2017."
"While the vulnerability is not remotely exploitable in isolation, a local unprivileged user can get root simply by corrupting the page cache of a setuid binary."
""Copy Fail is the same class of primitive, in a different subsystem," Bugcrowd's David Brumley."
A Linux local privilege escalation vulnerability, tracked as CVE-2026-31431, allows unprivileged users to obtain root access. The flaw, with a CVSS score of 7.8, is due to a logic error in the Linux kernel's cryptographic subsystem, specifically in the algif_aead module. Introduced in 2017, it can be exploited using a short Python script to manipulate the page cache of setuid binaries. Although not remotely exploitable, it poses risks across containers as the page cache is shared. Linux distributions have issued advisories in response to this vulnerability.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]