{"id":237264,"date":"2026-04-29T23:23:00","date_gmt":"2026-04-30T03:23:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/04\/29\/copy-fail-linux-privesc-bug-lay-dormant-in-kernel-since-2017\/"},"modified":"2026-04-30T00:20:11","modified_gmt":"2026-04-30T04:20:11","slug":"copy-fail-linux-privesc-bug-lay-dormant-in-kernel-since-2017","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/04\/29\/copy-fail-linux-privesc-bug-lay-dormant-in-kernel-since-2017\/","title":{"rendered":"&#8216;Copy Fail&#8217; Linux privesc bug lay dormant in kernel since 2017"},"content":{"rendered":"<p><a href=\"https:\/\/www.itnews.com.au\/news\/copy-fail-linux-privesc-bug-lay-dormant-in-kernel-since-2017-625492\">&#8216;Copy Fail&#8217; Linux privesc bug lay dormant in kernel since 2017<\/a><\/p>\n<p><a href=\"https:\/\/www.itnews.com.au\/news\/copy-fail-linux-privesc-bug-lay-dormant-in-kernel-since-2017-625492\">https:\/\/www.itnews.com.au\/news\/copy-fail-linux-privesc-bug-lay-dormant-in-kernel-since-2017-625492<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-04-29 23:23:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.itnews.com.au\">www.itnews.com.au<\/a><\/p>\n<p>A logic flaw sitting undetected in the Linux kernel for nearly nine years lets any unprivileged local user gain root access on virtually every mainstream Linux distribution shipped since 2017, security researchers at Theori said.<\/p>\n<p>The vulnerability, CVE-2026-31431, is named Copy Fail\u00a0and carries a severity rating of 7.8 out of 10.<\/p>\n<p>It affects Ubuntu, Amazon Linux, Red Hat Enterprise Linux, SUSE, and others, spanning multiple kernel lines since 2017.<\/p>\n<p>Unlike earlier high-profile Linux privilege escalation bugs such as Dirty Cow, Copy Fail requires no race condition, no kernel-version-specific offsets, and no compiled payload to exploit.<\/p>\n<p>&#8220;The same exact script works on every tested distribution and architecture,&#8221; Theori&#8217;s Xint Code research team said in their technical report.<\/p>\n<p>That exploit is a 732-byte Python script using only standard library modules, and it works unmodified across every distribution the researchers tested.<\/p>\n<p>The root cause lies in the intersection of three independent kernel changes spanning 2011 to 2017, none of which was problematic in isolation.<\/p>\n<p>A 2017 performance optimisation to algif_aead.c switched the kernel&#8217;s authenticated encryption with associated data (AEAD) cryptographic interface to in-place operation.<\/p>\n<p>This meant that the same memory region served as both input and output during decryption.<\/p>\n<p>As a result, cached memory pages fed into the cryptographic subsystem via\u00a0splice()were left sitting inside a buffer the Linux kernel could write into.<\/p>\n<p>Meanwhile, a separate component, the authencesn cryptographic template used by IPsec protocol suite&#8230;<\/p>\n<p><a href=\"https:\/\/www.itnews.com.au\/news\/copy-fail-linux-privesc-bug-lay-dormant-in-kernel-since-2017-625492\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8216;Copy Fail&#8217; Linux privesc bug lay dormant in kernel since 2017 https:\/\/www.itnews.com.au\/news\/copy-fail-linux-privesc-bug-lay-dormant-in-kernel-since-2017-625492 Publish Date: 2026-04-29&#8230;<\/p>\n","protected":false},"author":1,"featured_media":237265,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/i.nextmedia.com.au\/News\/penguins_in_lederhosen.jpg","fifu_image_alt":"","footnotes":""},"categories":[48],"tags":[90,31,89,71,94,57,79,27],"class_list":["post-237264","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux","tag-cve","tag-exploit","tag-flaw","tag-linux","tag-red-hat-enterprise-linux","tag-security","tag-ubuntu","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/237264"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=237264"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/237264\/revisions"}],"predecessor-version":[{"id":237266,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/237264\/revisions\/237266"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/237265"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=237264"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=237264"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=237264"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}