Cve-2026-31431: koko tarina

The high-severity vulnerability tracked as CVE-2026-31431 (CVSS score: 7.8) has been codenamed Copy Fail by Xint.io and Theori. Cve-2026-31431 nousee tänä lauantai yhdeksi aiheista, jotka kiinnittävät huomion maassa Finland.

Faktat

• The high-severity vulnerability tracked as CVE-2026-31431 (CVSS score: 7.8) has been codenamed Copy Fail by Xint.io and Theori.
• The newly disclosed LPE, dubbed Copy Fail (CVE-2026-31431), comes from a vulnerability in the Linux kernel's authencesn cryptographic template.
• A critical zero-day vulnerability in the Linux kernel has been publicly disclosed, enabling any unprivileged local user to obtain root access on virtually every major Linux distribution shipped since 2017.
• Dubbed “Copy Fail” and tracked as CVE-2026-31431, the flaw was discovered by Theori researcher Taeyang Lee and scaled into a full exploit chain by the Xint Code Research Team using AI-assisted analysis.
• Cybersecurity researchers have disclosed details of a Linux local privilege escalation (LPE) flaw that could allow an unprivileged local user to obtain root.

Mitä tiedämme

Yksityiskohtaisesti, the newly disclosed LPE, dubbed Copy Fail (CVE-2026-31431), comes from a vulnerability in the Linux kernel's authencesn cryptographic template.

Konkreettisesti, a critical zero-day vulnerability in the Linux kernel has been publicly disclosed, enabling any unprivileged local user to obtain root access on virtually every major Linux distribution shipped since 2017.

Lisäksi Dubbed “Copy Fail” and tracked as CVE-2026-31431, the flaw was discovered by Theori researcher Taeyang Lee and scaled into a full exploit chain by the Xint Code Research Team using AI-assisted analysis.

On syytä huomata, että Cybersecurity researchers have disclosed details of a Linux local privilege escalation (LPE) flaw that could allow an unprivileged local user to obtain root.

Tässä vaiheessa the issue was introduced in a source code commit made in August 2017.

Luvut

Yksityiskohtaisesti, Successful exploitation of the shortcoming could allow a simple 732-byte Python script to edit a setuid binary and obtain root on essentially all Linux distributions shipped since 2017, including Amazon Linux, RHEL, SUSE, and Ubuntu.

Konkreettisesti, Open an AF_ALG socket and bind to authencesn(hmac(sha256),cbc(aes)).

Lisäksi Copy Fail has its echoes in Dirty Pipe (CVE-2022-0847), another Linux kernel LPE vulnerability that could permit unprivileged users to splice data into the page cache of read-only files and ultimately overwrite sensitive files on the system to achieve code execution.

On syytä huomata, että the 2017 in-place optimization in algif_aead allows a page-cache page to end up in the kernel’s writable destination scatterlist for an AEAD operation submitted over an AF_ALG socket.

Tausta

On syytä huomata, että: Patches land for authencesn flaw enabling local privilege escalation.

Tässä vaiheessa the proof of concept exploit is a 10-line, 732-byte Python script capable of editing a setuid binary to gain root on almost all Linux distributions released since 2017.

Yksityiskohtaisesti, Microsoft's patch for a 0-day exploited by Russian spies fell short.

Konkreettisesti, the CVE has been rated High severity, 7.8 out of 10.

Lisäksi Unlike predecessors such as Dirty Cow (CVE-2016-5195) or Dirty Pipe (CVE-2022-0847), this vulnerability requires no race-winning, no kernel version offsets, no recompilation, and no compiled payloads.

Yhteenveto

• The newly disclosed LPE, dubbed Copy Fail (CVE-2026-31431), comes from a vulnerability in the Linux kernel's authencesn cryptographic template.
• A critical zero-day vulnerability in the Linux kernel has been publicly disclosed, enabling any unprivileged local user to obtain root access on virtually every major Linux distribution shipped since 2017.
• The issue was introduced in a source code commit made in August 2017.