"Copy Fail is unusually nasty because it is likely to go unnoticed by monitoring tools: 'Page-cache corruption never marks the page dirty. The kernel's writeback machinery never flushes the modified bytes back to disk.' As a result, 'AIDE, Tripwire, OSSEC and any monitoring tool that compares on-disk checksums see nothing.'"
"Theori's researchers identified Copy Fail with the help of their Xint Code AI tool. Taeyang Lee created a prompt to run an automated scan that identified several vulnerabilities in 'about an hour.'"
"A patch for Copy Fail was added to the mainline Linux kernel on April 1st. However, the details of the exploit were published before all affected distributions could release patches."
The Copy Fail security vulnerability affects nearly every Linux distribution released since 2017, enabling users to obtain administrator privileges. This exploit, identified as CVE-2026-31431, utilizes a Python script that operates across all vulnerable distributions without requiring specific adjustments. The exploit's stealthy nature makes it difficult for monitoring tools to detect, as page-cache corruption does not mark pages as dirty. A patch was added to the Linux kernel on April 1st, but many distributions have not yet released fixes.
Read at The Verge
Unable to calculate read time
Collection
[
|
...
]