Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Publicly released code for an unmodified vulnerability that provides access to almost all Linux releases and sets off alarm bells as security guards rush to prevent massive intrusions inside data centers and on your devices.
Vulnerability is the use of code that uses these tools was released on Wednesday evening by researchers from the security firm Theori, five weeks after it was leaked to the Linux kernel security team. The group put the threat in the conversion 7.0, 6.19.12, 6.18.126.12.85, 6.6.137, 6.1.170, 5.15.204, and 5.10.254) but few of the Linux distributions included those fixes at the time the service was released.
One script messes with all distros
The main flaw, listed as CVE-2026-31431 and named CopyFail, is local privilege escalation, a type of vulnerability that allows unprivileged users to elevate themselves to administrators. CopyFail is particularly dangerous because it can be exploited by a single exploit – released on Wednesday – which works by distributing all of the vulnerable data without modification. With this, an attacker can, among other things, break into multi-tenant systems, break out of containers based on Kubernetes or other systems, and create malicious requests that call exploit code. CI/CD work in progress.
“‘Regional opportunity growth’ sounds dry, so let me strip it down,” researcher Jorijn Schrijvershof he wrote on Thursday. “It means: an attacker who already has access to the system, even a user without the most boring privileges, can upgrade themselves. From there they can read any file, install backdoors, inspect any process, and change other systems.”
Schrijvershof added that the same Python script Theori released works reliably for Ubuntu 22.04, Amazon Linux 2023, SUSE 15.6, and Debian 12. The researcher continued:
