Linux cryptographic code flaw offers fast route to root • The Register

Staff Editor 2026-04-29
Linux cryptographic code flaw offers fast route to root • The Register

Linux cryptographic code flaw offers fast route to root • The Register

https://www.theregister.com/2026/04/30/linux_cryptographic_code_flaw/

Publish Date: 2026-04-29 20:01:00

Source Domain: www.theregister.com

Developers of major Linux distributions have begun shipping patches to address a local privilege escalation (LPE) vulnerability arising from a logic flaw.

The newly disclosed LPE, dubbed Copy Fail (CVE-2026-31431), comes from a vulnerability in the Linux kernel’s authencesn cryptographic template.

“An unprivileged local user can write four controlled bytes into the page cache of any readable file on a Linux system, and use that to gain root,” the writeup from security biz Theori explains.

The kernel reads the page cache when it loads a binary, so modifying the cached copy amounts to altering the binary for the purpose of program execution. But doing so doesn’t trigger any defenses focused on file system events like inotify.

The proof of concept exploit is a 10-line, 732-byte Python script capable of editing a setuid binary to gain root on almost all Linux distributions released since 2017.

Copy Fail is similar to other LPE bugs such as Dirty Cow and Dirty Pipe, but its finders claim it doesn’t require winning a race condition and it’s more broadly applicable.

It’s not remotely exploitable on its own – hence LPE – but if chained with a web RCE, malicious CI runner, or SSH compromise, it could be relevant to an external attacker. The bug is of most immediate concern to those using multi-tenant Linux systems, shared-kernel containers, or CI runners that execute untrusted code.

According to Theori, the vulnerability also represents a potential container escape primitive that could affect Kubernetes nodes, because the page cache is shared across the host.

Linux distros Debian, Ubuntu, and SUSE have issued patches for the problem, as have overseers of other distros.

Red Hat initially said it was going to defer the fix but later changed its

guidance to indicate it will go along with other distros and patch…

Source

More Stories

Proton Drive just got 3x faster, and Linux users will finally get what they’ve been asking for

Proton Drive just got 3x faster, and Linux users will finally get what they’ve been asking for

Staff Editor 2026-06-06
Linux DRM Ioctl Developed By AMD Being Disabled Following Ongoing Security Issue

Linux DRM Ioctl Developed By AMD Being Disabled Following Ongoing Security Issue

Staff Editor 2026-06-05
Proton Drive is Now a Lot Faster and it’s Coming Soon to Linux

Proton Drive is Now a Lot Faster and it’s Coming Soon to Linux

Staff Editor 2026-06-05

Terms and Conditions - Privacy Policy