{"id":238456,"date":"2026-05-03T02:26:00","date_gmt":"2026-05-03T06:26:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/03\/cisa-adds-actively-exploited-linux-root-access-bug-cve-2026-31431-to-kev\/"},"modified":"2026-05-03T05:05:08","modified_gmt":"2026-05-03T09:05:08","slug":"cisa-adds-actively-exploited-linux-root-access-bug-cve-2026-31431-to-kev","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/03\/cisa-adds-actively-exploited-linux-root-access-bug-cve-2026-31431-to-kev\/","title":{"rendered":"CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV"},"content":{"rendered":"<p><a href=\"https:\/\/thehackernews.com\/2026\/05\/cisa-adds-actively-exploited-linux-root.html\">CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV<\/a><\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/05\/cisa-adds-actively-exploited-linux-root.html\">https:\/\/thehackernews.com\/2026\/05\/cisa-adds-actively-exploited-linux-root.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-03 02:26:00<\/a><\/p>\n<p>Source Domain: <a href=\"thehackernews.com\">thehackernews.com<\/a><\/p>\n<p><span class=\"p-author\">\ue804<span class=\"author\">Ravie Lakshmanan<\/span>\ue802<span class=\"author\">May 03, 2026<\/span><\/span><span class=\"p-tags\">Vulnerability \/ Container Security<\/span><\/p>\n<p>The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a recently disclosed security flaw impacting various Linux distributions to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.<\/p>\n<p>The vulnerability, tracked as CVE-2026-31431 (CVSS score: 7.8), is a case of local privilege escalation (LPE) flaw that could allow an unprivileged local user to obtain root. The nine-year-old flaw is also tracked as <strong>Copy Fail<\/strong> by Theori and Xint. Fixes have been made available in Linux kernel versions 6.18.22, 6.19.12, and 7.0.<\/p>\n<p>&#8220;Linux Kernel contains an incorrect resource transfer between spheres vulnerability that could allow for privilege escalation,&#8221; CISA said in an advisory.<\/p>\n<p>In a write-up published earlier this week, the researchers said Copy Fail is the result of a logic bug in the Linux kernel&#8217;s authentication cryptographic template that allows an attacker to reliably trigger privilege escalation trivially by means of a 732-byte Python-based exploit. It was introduced through three separate, individually harmless changes to the Linux kernel made in 2011, 2015, and 2017.<\/p>\n<p>The high-severity security vulnerability impacts Linux distributions shipped since 2017, and permits an unprivileged local user to obtain root-level access by corrupting the kernel&#8217;s in-memory page cache of any readable file, including setuid binaries. This corruption could be carried out by unprivileged users and could result in code execution with root permissions.<\/p>\n<p>&#8220;Because the page cache represents the in-memory version of executables, modifying it effectively alters binaries at execution time without touching disk,&#8221; Google-owned Wiz said. &#8220;This enables attackers to inject code into privileged binaries (e.g., \/usr\/bin\/su) and thereby gain root privileges.&#8221;<\/p>\n<p>The prevalence of Linux in cloud environments means the vulnerability has a significant impact. Kaspersky,&#8230;<\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/05\/cisa-adds-actively-exploited-linux-root.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV https:\/\/thehackernews.com\/2026\/05\/cisa-adds-actively-exploited-linux-root.html Publish Date: 2026-05-03&#8230;<\/p>\n","protected":false},"author":1,"featured_media":238457,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEibNApjovicg4aFV0VPiue9cUMmH_D-GkLlWwgXunP_-fUi8cRWaNM6Kl2TV99eBRKKVdXNq-0iQ2EJLotLO_TAvIA3xW-mE-tS5BDHSKrUmTgGuGEbAp4ek6uFJk4yRTsgJu6LStR3BqJkIm4fyXgZiBKxNGI0YBLiiAneTRvem-Ydh3gbIVsz8O0VBUQy\/s1600\/linux-root.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,31,27],"class_list":["post-238456","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-exploit","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/238456"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=238456"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/238456\/revisions"}],"predecessor-version":[{"id":238458,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/238456\/revisions\/238458"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/238457"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=238456"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=238456"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=238456"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}