Abstract created by Sensible Solutions AI
In abstract:
- PCWorld experiences {that a} important Linux vulnerability referred to as ‘Copy Fail’ (CVE-2026-31431) permits unprivileged customers to hijack system privileges by altering cached information.
- This straight-line logic flaw impacts all main Linux distributions and represents probably the most extreme Linux menace since 2022’s Soiled Pipe vulnerability.
- Patches can be found in Linux kernel variations 7.0 and 6.19.12, making rapid system updates important for safety.
Safety researchers are warning of a brand new “logic flaw” in Linux referred to as Copy Fail (CVE-2026-31431), a important vulnerability that poses a menace to all customers working a Linux-based working system.
Xint Code found the flaw in Linux’s authencesn cryptographic template, which “lets an unprivileged native consumer set off a deterministic, managed 4-byte write into the web page cache of any readable file on the system.” In different phrases, anybody can doubtlessly change the cached copy of any file in reminiscence with out truly altering the actual file.
This flaw could be abused to deprave the cached model of a privileged course of, tricking the system into granting increased privileges to the consumer—even full entry to administrative processes. Utilizing Copy Fail, a hacker might entry delicate data and set up backdoors.
Based on Ars Technica, that is probably the most critical vulnerability in Linux since 2022, when Soiled Pipe was within the information. What makes Copy Fail extra of a menace than previous privilege escalation vulnerabilities is that it’s a “straight-line logic flaw”—no have to win a race situation as with Soiled Cow, no have to carry out exact pipe buffer manipulation.
It’s additionally transportable, that means the identical precise demo Python script can be utilized to interrupt all main Linux distributions. No have to recompile for various platforms and even run model checks. Learn extra within the complete clarification posted on Xint’s weblog.
Fortuitously, the Copy Fail vulnerability has been patched in Linux kernel variations 7.0, 6.19.12, 6.18.12, 6.12.85, 6.6.137, 6.1.170, 5.15.204, and 5.10.254. In case your PC is working on a Linux working system, you must replace your kernel as quickly as doable.
This text initially appeared on our sister publication PC för Alla and was translated and localized from Swedish.
