A high-severity Linux kernel flaw dubbed ‘Copy Fail’ allows unprivileged users to gain root access across major distributions. The bug, present since 2017, exploits a cryptographic subsystem issue to overwrite cached files. Researchers warn the exploit is reliable and works across systems, prompting urgent patch advisories from vendors.
A high-severity vulnerability lurking in the Linux kernel since 2017 has been publicly disclosed, and it allows an unprivileged local user to gain full root access on virtually every major Linux distribution. Researchers have named the flaw 'Copy Fail', and it is drawing immediate comparisons to some of the most notorious Linux security bugs in recent memory.
What is the vulnerability?
Tracked as CVE-2026-31431 with a CVSS score of 7.8, Copy Fail was uncovered and named by researchers at Xint.io and Theori. The flaw allows an unprivileged local user to write four controlled bytes into the page cache of any readable file on a Linux system, which can then be leveraged to obtain root privileges.
At its core, the bug stems from a logic flaw in the Linux kernel's cryptographic subsystem, specifically within the 'algif_aead' module, introduced via a source code commit made in August 2017.
-
Hundreds of TVK supporters return disappointed from cancelled swearing in ceremony venue
-
Doctor explains what you need to know about hantavirus as 3 evacuated from cruise ship
-
Nationwide update over payment rules for these customers
-
'Unimaginative': President's menu for Vietnam leader, UP food list trigger criticism, jokes online
-
Saturday Night Live UK renewed despite viewer backlash 'excruciating'
