A new zero-day vulnerability, known as ‘Copy Fail,’ has been discovered in the Linux kernel, dating back to 2017. This high-security flaw was uncovered by Taeyang Lee, a vulnerability researcher at Theori, an offensive security firm. Lee employed Xint Code, a source code analysis tool from Theori’s AI-driven penetration testing platform, Xint.io, to identify the issue.
On March 23, Lee reported the vulnerability to the Linux kernel security team, who began patch development shortly thereafter. By April 22, the team assigned a unique CVE identifier, CVE-2026-31431, to the flaw, and Xint.io disclosed the vulnerability publicly a week later.
Copy Fail is classified as a logic bug in the Linux kernel’s authentication cryptographic template. It allows an unprivileged local user to perform a deterministic, controlled four-byte write into the page cache of any readable file on the system. If exploited, this vulnerability could enable an attacker to gain root access to the Linux kernel across all Linux distributions released since 2017.
Although exploitation does not require network access or pre-installed primitives, it does necessitate physical access to the target machine with an unprivileged local user account. The risk is significant for multi-user shared systems and container clusters like Kubernetes and Docker, as a regular user could potentially access other users’ data. The vulnerability has been rated with a high severity score (CVSS) of 7.8.
To assist in defense efforts, Theori has released a proof-of-concept exploit that allows organizations to verify their systems and assess vendor patches. The patch for the vulnerability is now available, rolling back an optimization related to Authenticated Encryption with Associated Data (AEAD) that was introduced in 2017. Users are advised to update their distribution’s kernel package to incorporate commit a664bf3d603d from the main branch. Major Linux distributions, including Debian, Ubuntu, SUSE, and Red Hat, have already implemented this fix.
For more information on the vulnerability and the necessary updates, you can visit Copy Fail or refer to Xint.io’s disclosure.
ChicagoVPS is your gateway to unparalleled hosting solutions. Our state-of-the-art datacenters and powerful network ensures lightning-fast speeds and uninterrupted connectivity for your websites and applications. Whether you’re a startup looking for scalable resources or an enterprise in need of enterprise-grade hosting, our range of plans and customizable solutions guarantee a perfect fit. Trust in ChicagoVPS to deliver excellence, combining unmatched reliability and top-tier support.
For Inquiries or to receive a personalized quote, please reach out to us through our contact form here or email us at sales@chicagovps.net.
