rabber@lemmy.ca to Linux@lemmy.mlEnglish · 1 month agoCopy Fail (CVE-2026-31431) is a trivially exploitable logic bug in Linux, reachable on all major distros released in the last 9 years. A small, portable python script gets root on all platforms.copy.failexternal-linkmessage-square3linkfedilinkarrow-up1133arrow-down12cross-posted to: technology@lemmy.world
arrow-up1131arrow-down1external-linkCopy Fail (CVE-2026-31431) is a trivially exploitable logic bug in Linux, reachable on all major distros released in the last 9 years. A small, portable python script gets root on all platforms.copy.failrabber@lemmy.ca to Linux@lemmy.mlEnglish · 1 month agomessage-square3linkfedilinkcross-posted to: technology@lemmy.world
minus-squareEager Eagle@lemmy.worldlinkfedilinkEnglisharrow-up18·edit-21 month agowtf An unprivileged local user can write 4 controlled bytes into the page cache of any readable file on a Linux system, and use that to gain root. If your kernel was built between 2017 and the patch — which covers essentially every mainstream Linux distribution — you’re in scope. how does that only get a CVE score of 7.8, the impact of this is huge
minus-squareBitflip@lemmy.mllinkfedilinkarrow-up31·1 month agoProbably because the attack vector is having a user account on the target
wtf
how does that only get a CVE score of 7.8, the impact of this is huge
Probably because the attack vector is having a user account on the target