"'Local privilege escalation' sounds dry, so let me unpack it. It means: an attacker who already has some way to run code on the machine, even as the most boring unprivileged user, can promote themselves to root. From there they can read every file, install backdoors, watch every process, and pivot to other systems."
"The same Python script Theori released works reliably for Ubuntu 22.04, Amazon Linux 2023, SUSE 15.6, and Debian 12."
A newly disclosed vulnerability, CVE-2026-31431, known as CopyFail, allows local privilege escalation on various Linux distributions. Researchers from Theori released exploit code that works across all affected versions without modification. Although the Linux kernel security team issued patches for several versions, many distributions had not yet implemented these fixes. The exploit enables attackers to gain root access, compromising systems, breaking out of containers, and executing malicious actions through CI/CD workflows.
Read at Ars Technica
Unable to calculate read time
Collection
[
|
...
]