{"id":238881,"date":"2026-05-04T06:29:00","date_gmt":"2026-05-04T10:29:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/04\/u-s-cisa-adds-a-flaw-in-linux-kernel-to-its-known-exploited-vulnerabilities-catalog\/"},"modified":"2026-05-04T07:55:14","modified_gmt":"2026-05-04T11:55:14","slug":"u-s-cisa-adds-a-flaw-in-linux-kernel-to-its-known-exploited-vulnerabilities-catalog","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/04\/u-s-cisa-adds-a-flaw-in-linux-kernel-to-its-known-exploited-vulnerabilities-catalog\/","title":{"rendered":"U.S. CISA adds a flaw in Linux Kernel to its Known Exploited Vulnerabilities catalog"},"content":{"rendered":"<p><a href=\"https:\/\/securityaffairs.com\/191629\/hacking\/u-s-cisa-adds-a-flaw-in-linux-kernel-to-its-known-exploited-vulnerabilities-catalog.html\">U.S. CISA adds a flaw in Linux Kernel to its Known Exploited Vulnerabilities catalog<\/a><\/p>\n<p><a href=\"https:\/\/securityaffairs.com\/191629\/hacking\/u-s-cisa-adds-a-flaw-in-linux-kernel-to-its-known-exploited-vulnerabilities-catalog.html\">https:\/\/securityaffairs.com\/191629\/hacking\/u-s-cisa-adds-a-flaw-in-linux-kernel-to-its-known-exploited-vulnerabilities-catalog.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-04 06:29:00<\/a><\/p>\n<p>Source Domain: <a href=\"securityaffairs.com\">securityaffairs.com<\/a><\/p>\n<p><h2>U.S. CISA adds a flaw in Linux Kernel to its Known Exploited Vulnerabilities catalog<\/h2>\n<\/p>\n<p>\t\t\t\t\t\t\t<span> Pierluigi Paganini<\/span><br \/>\n\t\t\t\t\t\t\t<span><img decoding=\"async\" src=\"https:\/\/securityaffairs.com\/wp-content\/themes\/security_affairs\/images\/clock-icon.svg\" alt=\"\"\/> May 04, 2026<\/span><\/p>\n<p>\t\t\t\t\t\t<img decoding=\"async\" class=\"img-fluid mb-4\" src=\"https:\/\/i0.wp.com\/securityaffairs.com\/wp-content\/uploads\/2020\/07\/CISA.jpeg?fit=700%2C368&#038;ssl=1\" alt=\"\"\/><\/p>\n<h2 class=\"wp-block-heading\">The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Linux Kernel to its Known Exploited Vulnerabilities catalog<\/h2>\n<p>The U.S. Cybersecurity and Infrastructure Security Agency (CISA)\u00a0added\u00a0a flaw in the Linux Kernel, tracked as CVE-2026-31431 (CVSS score of 7.8), to its\u00a0Known Exploited Vulnerabilities (KEV) catalog.<\/p>\n<p>Recently, Xint Code researchers warned of a serious Linux flaw, tracked as\u00a0<strong>CVE-2026-31431<\/strong>, dubbed Copy Fail. It lets any local, unprivileged user write four controlled bytes into the page cache of any readable file, enabling escalation to root on major distributions.<\/p>\n<p>The bug combines AF_ALG and splice() to write 4 bytes into the page cache of any readable file. A 732-byte script can modify a setuid binary in memory, without changing the file on disk, making detection difficult. The issue affects major distributions like Ubuntu, RHEL, SUSE, and Amazon Linux, and can even cross container boundaries due to shared page cache.<\/p>\n<p>\u201cCopy Fail\u00a0(CVE-2026-31431) is a logic bug in the Linux kernel\u2019s\u00a0authencesn\u00a0cryptographic template. It lets an unprivileged local user trigger a deterministic, controlled 4-byte write into the page cache of any readable file on the system.\u201d reads the\u00a0report\u00a0published by Xint Code.\u00a0\u201cA single 732-byte Python script can edit a setuid binary and obtain root on essentially all Linux distributions shipped since 2017.\u201c<\/p>\n<p>Copy Fail exploits a kernel logic flaw where corrupted page\u2011cache data is never marked dirty, leaving disk files unchanged while the in\u2011memory version is silently altered. Because the page cache is what processes read, an unprivileged user can corrupt a setuid binary\u2019s cached page and gain root. The shared cache also lets the attack cross container boundaries. The bug, surfaced&#8230;<\/p>\n<p><a href=\"https:\/\/securityaffairs.com\/191629\/hacking\/u-s-cisa-adds-a-flaw-in-linux-kernel-to-its-known-exploited-vulnerabilities-catalog.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>U.S. CISA adds a flaw in Linux Kernel to its Known Exploited Vulnerabilities catalog https:\/\/securityaffairs.com\/191629\/hacking\/u-s-cisa-adds-a-flaw-in-linux-kernel-to-its-known-exploited-vulnerabilities-catalog.html&#8230;<\/p>\n","protected":false},"author":1,"featured_media":238882,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/securityaffairs.com\/wp-content\/uploads\/2020\/07\/CISA.jpeg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24],"class_list":["post-238881","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/238881"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=238881"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/238881\/revisions"}],"predecessor-version":[{"id":238883,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/238881\/revisions\/238883"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/238882"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=238881"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=238881"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=238881"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}