1. Forum
  2. Newsgroups
  3. comp.os.linux.advocacy

  • Linux ‘Copy Fail’ flaw lets anyone hijack system privileges. Update ASAP

    From Achmed@bunker9@sandpit.org to comp.os.linux.advocacy,alt.computer.workshop,comp.sys.mac.advocacy on Tue May 5 17:34:43 2026
    From Newsgroup: comp.os.linux.advocacy

    "Linux ‘Copy Fail’ flaw lets anyone hijack system privileges. Update
    ASAP"

    "Copy Fail is a critical Linux vulnerability that lets any local user
    corrupt cached files and escalate to admin. Update your kernel now."

    <https://www.pcworld.com/article/3131077/linux-copy-fail-flaw-lets- anyone-hijack-system-privileges-update-asap.html>

    "Security researchers are warning of a new “logic flaw” in Linux called
    Copy Fail (CVE-2026-31431), a critical vulnerability that poses a threat
    to all users running a Linux-based operating system.

    Xint Code discovered the flaw in Linux’s authencesn cryptographic
    template, which “lets an unprivileged local user trigger a deterministic, controlled 4-byte write into the page cache of any readable file on the system.” In other words, anyone can potentially change the cached copy of
    any file in memory without actually changing the real file.

    This flaw can be abused to corrupt the cached version of a privileged
    process, tricking the system into granting higher privileges to the
    user—even full access to administrative processes. Using Copy Fail, a
    hacker could access sensitive information and install backdoors.

    According to Ars Technica, this is the most serious vulnerability in
    Linux since 2022, when Dirty Pipe was in the news. What makes Copy Fail
    more of a threat than past privilege escalation vulnerabilities is that
    it’s a “straight-line logic flaw”—no need to win a race condition as with Dirty Cow, no need to perform precise pipe buffer manipulation.

    It’s also portable, meaning the same exact demo Python script can be used
    to break all major Linux distributions. No need to recompile for
    different platforms or even run version checks. Read more in the
    comprehensive explanation posted on Xint’s blog.

    Fortunately, the Copy Fail vulnerability has been patched in Linux kernel versions 7.0, 6.19.12, 6.18.12, 6.12.85, 6.6.137, 6.1.170, 5.15.204, and 5.10.254. If your PC is running on a Linux operating system, you should
    update your kernel as soon as possible.

    This article originally appeared on our sister publication PC för Alla
    and was translated and localized from Swedish
    --- Synchronet 3.22a-Linux NewsLink 1.2