Linux cryptographic code flaw offers fast route to root • The Register
Developers of main Linux distributions have begun delivery patches to tackle an area privilege escalation (LPE) vulnerability arising from a logic flaw.
The newly disclosed LPE, dubbed Copy Fail (CVE-2026-31431), comes from a vulnerability within the Linux kernel’s authencesn cryptographic template.
“An unprivileged local user can write four controlled bytes into the page cache of any readable file on a Linux system, and use that to gain root,” the writeup from safety biz Theory explains.
The kernel reads the web page cache when it hundreds a binary, so modifying the cached copy quantities to alter the binary for the aim of program execution. But doing so would not set off any defenses targeted on file system occasions like inotify.
The proof of concept exploit is a 10-line, 732-byte Python script able to enhancing a setuid binary to achieve root on nearly all Linux distributions launched since 2017.
Copy Fail is analogous to different LPE bugs resembling Dirty Cow and Dirty Pipe, however its finders declare it would not require successful a race situation and it is extra typically relevant.
It’s not remotely exploitable by itself – therefore LPE – but when chained with an online RCE, malicious CI runner, or SSH compromise, it could possibly be related to an exterior attacker. The bug is of most quick concern to these utilizing multi-tenant Linux techniques, shared-kernel containers, or CI runners that execute untrusted code.
According to Theori, the vulnerability additionally represents a possible container escape primitive that would have an effect on Kubernetes nodes, as a result of the web page cache is shared throughout the host.
Linux distros Debian, Ubuntuand SUSE have issued patches for the issue, as have overseers of different distros.
Red Hat initially mentioned it was going to defer the fix however later modified its
guidance to point out it would associate with different distros and patch promptly.
The CVE has been rated High severity, 7.8 out of 10.
Theori researcher Taeyang Lee recognized the vulnerability, with the assistance of the corporate’s AI safety scanning software program, Xint Code.
The variety of bug reviews has emerged in current months, helped by AI-powered flaw-finders. Microsoft simply reported the second largest variety of patches ever.
Dustin Childs, head of risk consciousness for Trend Micro’s Zero Day Initiative, expects that is due to safety groups utilizing AI to hunt bugs. “There are many things we could speculate on to justify the size, but if Microsoft is like the other programs out there (including ours), they are likely seeing a rise in submissions found by AI tools,” he wrote earlier this month.
AI-assisted vulnerability analysis lately prompted the Internet Bug Bounty (IBB) program to droop awards till it could actually perceive how to handle the rising quantity of reviews. ®
