"The vulnerability, registered as CVE-2026-31431 and discovered by security firm Theori, is present in all major Linux distributions released since 2017. Theori found the flaw using its AI-driven penetration testing platform, Xint Code, which scanned the kernel's crypto subsystem in about an hour."
"The root of the problem lies in the Linux kernel's 'authencesn' cryptographic template. By combining the AF_ALG socket interface with the splice() system call, an unprivileged user can write four controlled bytes to the page cache of any readable file, rather than to a normal buffer."
"The incident sparked frustration among developers and contributors to the Linux kernel and distributions. One user called it a 'disaster' and said it was 'extremely irresponsible' to demonstrate the vulnerability as a proof-of-concept before the patches were rolled out."
The 'Copy Fail' vulnerability, identified as CVE-2026-31431, affects all major Linux distributions since 2017, allowing attackers without admin rights to gain root access. Discovered by Theori using AI-driven testing, the flaw lies in the kernel's cryptographic template, enabling unprivileged users to manipulate four bytes in the page cache. Patches are available, and users can disable the algif_aead module as a temporary measure. The vulnerability's public disclosure before a fix has caused significant frustration within the Linux community.
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]