US government warns of severe CopyFail bug in Linux systems
Original: US government warns of severe CopyFail bug affecting major versions of Linux
Why This Matters
Critical infrastructure vulnerability threatens enterprise Linux systems worldwide
The US government reports that CopyFail (CVE-2026-31431), a severe Linux kernel vulnerability affecting versions 7.0 and earlier, is being actively exploited. The bug allows attackers to gain root access on systems running major Linux distributions including Ubuntu, Red Hat, and Amazon Linux.
Security researchers at Theori discovered CopyFail, a critical vulnerability in the Linux kernel that affects almost every Linux distribution shipped since 2017. The bug was disclosed to the Linux kernel security team in late March and patched within a week, but patches have not yet fully propagated to downstream distributions. The vulnerability allows regular users to escalate privileges to full administrator access by corrupting sensitive kernel data. Verified affected systems include Red Hat Enterprise Linux 10.1, Ubuntu 24.04 LTS, Amazon Linux 2023, SUSE 16, Debian, Fedora, and Kubernetes. While the exploit requires local access, it can be chained with internet-deliverable vulnerabilities to enable remote root compromise of enterprise servers and data centers.