‘Copy Fail’ Logic Flaw in Linux Kernel Enables System Takeover
Affecting the kernel’s authencesn cryptographic template, the vulnerability was introduced in 2017 and impacts all distributions. The post ‘Copy Fail’ Logic Flaw in Linux Kernel Enables System Takeover appeared first on SecurityWeek.
A high-severity logic bug in the Linux kernel allows unprivileged attackers to write code to other files’ memory and obtain root shell, cybersecurity firm Theori reports.
Tracked as CVE-2026-31431 (CVSS score of 7.8) and dubbed Copy Fail, the issue is believed to affect all Linux distributions since 2017.
The security defect impacts the kernel’s authencesn Authenticated Encryption with Associated Data (AEAD) template, which IPsec uses for Extended Sequence Number (ESN) support.
Source: https://www.securityweek.com/copy-fail-logic-flaw-in-linux-kernel-enables-system-takeover/
Related breach coverage
- New Linux ‘Copy Fail’ flaw gives hackers root on major distros2026-04-30
An exploit has been published for a local privilege escalation vulnerability dubbed "Copy Fail" that impacts Linux kernels released since 2017, allowing an unprivileged local attacker to gain root permissions. [...]
- Critical cPanel & WHM Vulnerability Exploited as Zero-Day for Months2026-04-30
The authentication bypass flaw allows attackers to gain administrative access to vulnerable servers. The post Critical cPanel & WHM Vulnerability Exploited as Zero-Day for Months appeared first on SecurityWeek.
- Critical GitHub Vulnerability Exposed Millions of Repositories2026-04-29
The remote code execution flaw CVE-2026-3854 was found to impact GitHub.com and GitHub Enterprise Server. The post Critical GitHub Vulnerability Exposed Millions of Repositories appeared first on SecurityWeek.
- Easily Exploitable ‘Pack2TheRoot’ Linux Vulnerability Leads to Root Access2026-04-27
A race condition in PackageKit allows unprivileged users to escalate privileges when installing packages. The post Easily Exploitable ‘Pack2TheRoot’ Linux Vulnerability Leads to Root Access appeared first on SecurityWeek.