{"id":237878,"date":"2026-05-01T06:45:00","date_gmt":"2026-05-01T10:45:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/01\/zero-day-flaw-in-linux-kernel-found-by-ai-equipped-security-researcher\/"},"modified":"2026-05-01T10:45:11","modified_gmt":"2026-05-01T14:45:11","slug":"zero-day-flaw-in-linux-kernel-found-by-ai-equipped-security-researcher","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/01\/zero-day-flaw-in-linux-kernel-found-by-ai-equipped-security-researcher\/","title":{"rendered":"Zero-Day Flaw in Linux Kernel Found by AI-Equipped Security Researcher"},"content":{"rendered":"<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/zero-day-2017-linux-kernel\/\">Zero-Day Flaw in Linux Kernel Found by AI-Equipped Security Researcher<\/a><\/p>\n<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/zero-day-2017-linux-kernel\/\">https:\/\/www.infosecurity-magazine.com\/news\/zero-day-2017-linux-kernel\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-01 06:45:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.infosecurity-magazine.com\">www.infosecurity-magazine.com<\/a><\/p>\n<p>A new high-security zero-day vulnerability that has lurked in the Linux kernel since 2017 has just been found with the help of AI.<\/p>\n<p>This nine-year-old flaw, dubbed \u2018Copy Fail\u2019, was discovered by Taeyang Lee, a vulnerability researcher at offensive security firm Theori<\/p>\n<p>Lee openly disclosed he used Xint Code, a source code analyzing tool part of Theori\u2019s AI-driven penetration testing platform, Xint.io, to discover the vulnerability.<\/p>\n<p>He reported the vulnerability to the Linux kernel security team on March 23, who started working on a patch over the next few days.<\/p>\n<p>The Linux kernel security team assigned Copy Fail a unique CVE identifier, CVE-2026-31431, on April 22 and Xint.io publicly disclosed it seven days later.<\/p>\n<h2><strong>Copy Fail: An Old\u00a0Linux Kernel Vulnerability<\/strong><\/h2>\n<p>Copy Fail is a logic bug in the Linux kernel&#8217;s authencesn cryptographic template. It lets an unprivileged local user trigger a deterministic, controlled four-byte write into the page cache of any readable file on the system.<\/p>\n<p>Exploiting this vulnerability can allow an attacker to gain root access to the Linux kernel of a machine for all Linux distributions shipped since 2017.<\/p>\n<p>While it requires no network access, no kernel debugging features and no pre-installed primitives to successfully exploit the vulnerability, the attacker must have physical access to the target machine, with an unprivileged local user account.<\/p>\n<p>The vulnerability poses a risk to multi-user shared systems, container clusters (Kubernetes, Docker, etc.), and similar environments. A regular user could potentially access other users&#8217; data as a result.<\/p>\n<p>The vulnerability has been attributed a high-severity rating (CVSS) of 7.8.<\/p>\n<p>Theori has published a proof-of-concept (PoC) exploit so defenders can verify their own systems and validate vendor patches.<\/p>\n<p>The patch is now available. It reverts the optimization for Authenticated Encryption with Associated Data (AEAD) operations that was added in 2017.<\/p>\n<p>&#8220;Update your distribution\u2019s&#8230;<\/p>\n<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/zero-day-2017-linux-kernel\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Zero-Day Flaw in Linux Kernel Found by AI-Equipped Security Researcher https:\/\/www.infosecurity-magazine.com\/news\/zero-day-2017-linux-kernel\/ Publish Date: 2026-05-01 06:45:00&#8230;<\/p>\n","protected":false},"author":1,"featured_media":237879,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/assets.infosecurity-magazine.com\/webpage\/og\/714a9e81-2320-440b-81ef-533866751d44.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,31,27],"class_list":["post-237878","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-exploit","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/237878"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=237878"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/237878\/revisions"}],"predecessor-version":[{"id":237880,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/237878\/revisions\/237880"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/237879"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=237878"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=237878"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=237878"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}