Critical Linux vulnerability CopyFail grants root access across distros
Original: The most severe Linux threat to surface in years catches the world flat-footed
Why This Matters
Local privilege escalation affects critical infrastructure including containers and cloud systems
Security researchers disclosed CVE-2026-31431, dubbed CopyFail, a Linux kernel vulnerability that allows unprivileged users to gain root access. A single exploit script works across all major distributions including Ubuntu, Amazon Linux, SUSE, and Debian.
The vulnerability stems from a logic flaw in the kernel's crypto API and affects virtually all Linux releases. Theori researchers released the exploit code Wednesday after privately disclosing it five weeks earlier to the Linux kernel security team. While patches exist for kernel versions 7.0, 6.19.12, 6.18.12, 6.12.85, 6.6.137, 6.1.170, 5.15.204, and 5.10.254, most distributions hadn't incorporated fixes when the exploit was published. The flaw poses severe risks to multi-tenant systems, Kubernetes containers, CI/CD workflows, and shared hosting environments. An attacker could exploit a WordPress vulnerability to gain shell access, then use CopyFail to escalate to root privileges and access other tenants' data.