Critical Linux vulnerability CopyFail grants root access across distributions
Original: The most severe Linux threat to surface in years catches the world flat-footed
Why This Matters
Universal exploit threatens critical infrastructure and cloud computing security
Security researchers released exploit code for CVE-2026-31431, a Linux kernel vulnerability allowing unprivileged users to gain root access. The flaw affects virtually all Linux distributions with a single script working across Ubuntu, Amazon Linux, SUSE, and Debian systems.
Security firm Theori disclosed CopyFail, a critical local privilege escalation vulnerability in the Linux kernel's crypto API, after five weeks of private disclosure. The flaw allows attackers with basic system access to instantly gain root privileges using a single Python script that works reliably across multiple distributions including Ubuntu 22.04, Amazon Linux 2023, SUSE 15.6, and Debian 12. The vulnerability poses severe risks to multi-tenant servers, Kubernetes containers, CI/CD workflows, and shared hosting environments. While kernel patches were released for versions 7.0, 6.19.12, 6.18.12, 6.12.85, 6.6.137, 6.1.170, 5.15.204, and 5.10.254, most Linux distributions had not incorporated the fixes when the exploit was publicly released Wednesday evening.