8legs: Suse

#1 out of 1

Linux cryptographic code flaw offers fast route to root

A high-severity Linux local privilege escalation flaw, tracked as CVE-2026-31431 and nicknamed Copy Fail, enables unprivileged users to gain root access by abusing the kernel’s cryptographic subsystem.
The attack leverages four controlled bytes written into a file's page cache to escalate privileges, a key detail echoed by researchers.
The vulnerability stems from a logic flaw in the Linux kernel’s cryptographic subsystem, specifically within the algif_aead module, introduced in 2017.
Exploitation can be portable across distributions, with a minimal Python script demonstrating how to write the exploit to the target's /usr/bin/su and gain root.
Chaining the local flaw with other vectors (web RCE, malicious CI runner, or SSH compromise) could expand risk to external attackers.
The bug can affect multi-tenant systems, shared-kernel containers, and CI runners that execute untrusted code due to shared page cache behavior.
AI-powered flaw-finders aided the surge in bug reports, highlighting how automated scanning tools contributed to disclosure.
Red Hat and other major distributions issued patches promptly after the vulnerability disclosure, aligning patching guidance across major distros.
The vulnerability raises concerns for Kubernetes environments where page cache sharing could enable container escapes on nodes.
The CVE carries a high severity rating of 7.8/10, underscoring the critical risk to Linux desktops, servers, and cloud deployments.

Vote 1