Copy Fail (CVE-2026-31431) is a trivially exploitable logic bug in Linux, reachable on all major distros released in the last 9 years. A small, portable python script gets root on all platforms.

rabber@lemmy.ca · 1 month ago

Eager Eagle@lemmy.world · edit-2 1 month ago

wtf

An unprivileged local user can write 4 controlled bytes into the page cache of any readable file on a Linux system, and use that to gain root.

If your kernel was built between 2017 and the patch — which covers essentially every mainstream Linux distribution — you’re in scope.

how does that only get a CVE score of 7.8, the impact of this is huge

Bitflip@lemmy.ml · 1 month ago

Probably because the attack vector is having a user account on the target

Sims@lemmy.ml · 1 month ago

Hm, I could use that on a few Android devices…