Severe Linux Copy Fail security flaw uncovered using AI scanning help


Nearly every Linux distribution released since 2017 is currently vulnerable to a security bug called “Copy Fail” that allows any user to give themselves administrator privileges. The exploit, publicly disclosed as CVE-2026-31431 on Wednesday, uses a Python script that works across all of the vulnerable Linux distributions, requiring “no per-distro offsets, no version checks, no recompilation,” according to Theori, the security firm that uncovered it.

Ars Technica points out this blog post where DevOps engineer Jorijn Schrijvershof explains that what makes Copy Fail “unusually nasty” is the likelihood for it to go unnoticed by monitoring tools: “Page-cache corruption never marks the page dirty. The kernel’s writeback machinery never flushes the modified bytes back to disk.” As a result, “AIDE, Tripwire, OSSEC and any monitoring tool that compares on-disk checksums see nothing.”

Copy Fail was identified by Theori’s researchers with assistance from their Xint Code AI tool. According to a blog post, Taeyang Lee had an idea of looking into the crypto subsystem of Linux and created this prompt to run an automated scan that identified several vulnerabilities in “about an hour.”

“This is the linux crypto/ subsystem. Please examine all codepaths reachable from userspace syscalls. Note one key observation: splice() can deliver page-cache references of read-only files (including setuid binaries) to crypto TX scatterlists.”

According to the exploit’s disclosure page, a patch for Copy Fail was added to the mainline Linux kernel on April 1st. However, as Ars Technica notes, the researchers who identified Copy Fail published the details of the exploit publicly before all of the affected distributions could release patches for it. Some distros, including Arch Linux, RedHat Fedora, and Amazon Linux, have released patches, but many others were not immediately able to address the issue.



Source link

  • Related Posts

    Nvidia’s Xinzhou Wu on EVs, vehicle autonomy, AI, and China

    Today, I’m talking with Xinzhou Wu, who is the head of automotive at Nvidia. Nvidia is obviously in the news constantly because of the AI boom — it’s one of…

    23 Best Gifts for Cooks (2026): Panasonic, Frying Pans, Air Fryers

    Every cook has seen these checkerboard-looking cutting boards and thirsted for them a little. They’re handsome, of course, but they’re also functional. Using the smaller end-grain wood pieces makes your…

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    You Missed

    Nvidia’s Xinzhou Wu on EVs, vehicle autonomy, AI, and China

    Nvidia’s Xinzhou Wu on EVs, vehicle autonomy, AI, and China

    'Digger' Trailer

    'Digger' Trailer

    Judge refers Trump's attorneys for potential disciplinary action over IRS lawsuit

    Judge refers Trump's attorneys for potential disciplinary action over IRS lawsuit

    What B.C. businesses need to know about insurance recovery claims after a property loss

    What B.C. businesses need to know about insurance recovery claims after a property loss

    Conservatives could learn from Carney’s prudent approach to policies

    23 Best Gifts for Cooks (2026): Panasonic, Frying Pans, Air Fryers

    23 Best Gifts for Cooks (2026): Panasonic, Frying Pans, Air Fryers