"'Local privilege escalation' sounds dry, so let me unpack it. It means: An attacker who already has some way to run code on the machine, even as the most boring unprivileged user, can promote themselves to root. From there they can read every file, install backdoors, watch every process, and pivot to other systems."
"The same Python script Theori released works reliably for Ubuntu 22.04, Amazon Linux 2023, SUSE 15.6, and Debian 12."
"CopyFail is particularly severe because it can be exploited with a single piece of exploit code that works across all vulnerable distributions with no modification."
A newly disclosed vulnerability, CVE-2026-31431, known as CopyFail, allows local privilege escalation on various Linux distributions. Researchers from Theori released exploit code that works across multiple versions without modification. Although the Linux kernel security team issued patches for several versions, many distributions had not yet implemented these fixes. The exploit enables attackers to gain root access, compromising systems, reading files, and installing backdoors. The exploit's simplicity and effectiveness raise significant concerns for shared infrastructure and security in data centers and personal devices.
Read at WIRED
Unable to calculate read time
Collection
[
|
...
]