Critical 'Copy Fail' Vulnerability Exploited on Linux Systems

Post Views: 1

CISA Warns of Critical Linux Vulnerability Exploited in the Wild

A critical Linux security vulnerability, tracked as CVE-2026-31431, has been identified in the Linux kernel’s algif_aead cryptographic algorithm interface. This flaw allows unprivileged local users to gain root privileges on unpatched Linux systems by writing four controlled bytes to the page cache of any readable file.

Wide Range of Affected Distributions

Ubuntu 24.04 LTS
Amazon Linux 2023
Red Hat Enterprise Linux 10.1
SUSE 16

The issue has been confirmed to affect a wide range of Linux distributions, including several popular ones. Researchers at Theori discovered the vulnerability and provided a proof-of-concept (PoC) exploit, describing it as “100% reliable” and capable of gaining root access on multiple Linux distributions.

According to researchers, the PoC exploit script works unmodified across various distributions, including those shipped since 2017, making it a significant concern for Linux administrators.

Following the disclosure, major Linux distributors quickly pushed out kernel updates to address the vulnerability. However, the US Cybersecurity and Infrastructure Security Agency (CISA) has taken a more urgent stance, adding the Copy Fail security flaw to its Known Exploited Vulnerabilities (KEV) Catalog.

CISA Urges Immediate Action

The CISA has added the Copy Fail security flaw to its KEV Catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to patch their Linux endpoints and servers within two weeks, by May 15, as mandated by Binding Operational Directive (BOD) 22-01.

CISA warns that this type of vulnerability is a common attack vector for malicious actors and poses significant risks to the federal enterprise. The agency urges all security teams to prioritize CVE-2026-31431 patches and apply mitigations per vendor instructions or discontinue use of the affected products if mitigations are unavailable.

Take Proactive Measures

While the BOD 22-01 directive applies specifically to US government agencies, CISA encourages all organizations to take proactive measures to secure their networks. Linux administrators should review their systems and apply the necessary patches to prevent exploitation of this critical vulnerability.