"Linux Kernel contains an incorrect resource transfer between spheres vulnerability that could allow for privilege escalation, according to CISA's advisory."
"Copy Fail is the result of a logic bug in the Linux kernel's authentication cryptographic template that allows an attacker to reliably trigger privilege escalation trivially by means of a 732-byte Python-based exploit."
"Because the page cache represents the in-memory version of executables, modifying it effectively alters binaries at execution time without touching disk, enabling attackers to inject code into privileged binaries."
CISA added a significant Linux vulnerability, CVE-2026-31431, to its KEV catalog due to active exploitation. This local privilege escalation flaw allows unprivileged users to obtain root access. The vulnerability, known as Copy Fail, stems from a logic bug in the Linux kernel's authentication cryptographic template. It affects Linux distributions since 2017 and can be exploited using a 732-byte Python script. Fixes are available in recent kernel versions. The flaw's impact is heightened by the widespread use of Linux in cloud environments.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]