VulnHub

Real-time Cybersecurity News

Copy Fail: New Linux bug enables Root via page‑cache corruption

Security Affairs
LinuxCVEVulnerabilityPrivilege Escalation

Overview

A newly discovered vulnerability in Linux, tracked as CVE-2026-31431 and named 'Copy Fail', could allow local, unprivileged users to escalate their privileges to root. This flaw lets attackers write four controlled bytes into page cache files, which is a significant security risk for many major Linux distributions. Researchers from Xint Code assigned a CVSS score of 7.8 to this vulnerability, indicating its seriousness. The issue affects various Linux systems, potentially putting numerous users at risk if they do not take action. Companies and users are urged to monitor their systems and apply necessary patches to mitigate this risk.

Key Takeaways

  • Affected Systems: Major Linux distributions including Ubuntu, Debian, Fedora, CentOS, and others that utilize the affected page cache mechanism.
  • Action Required: Users should apply security patches as soon as they are released by their respective Linux distribution maintainers.
  • Timeline: Newly disclosed

Original Article Summary

Linux flaw CVE‑2026‑31431, ‘Copy Fail,’ lets any local user write four bytes into page cache files, enabling easy escalation to root on major distros. Xint Code researchers warn of a serious Linux flaw, tracked as CVE-2026-31431 (CVSS score of 7.8), dubbed Copy Fail. It lets any local, unprivileged user write four controlled bytes into the […]

Impact

Major Linux distributions including Ubuntu, Debian, Fedora, CentOS, and others that utilize the affected page cache mechanism.

Exploitation Status

The exploitation status is currently unknown. Monitor vendor advisories and security bulletins for updates.

Timeline

Newly disclosed

Remediation

Users should apply security patches as soon as they are released by their respective Linux distribution maintainers. It is advisable to monitor official channels for updates and to consider restricting local user access until a patch is applied.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Linux, CVE, Vulnerability, and 1 more.

Read Original Article

Related Coverage

Nine-Year-Old Zero-Day Flaw in Linux Kernel Discovered by AI-Equipped Security Researcher

Infosecurity Magazine

A researcher from Theori, a security firm, has discovered a nine-year-old vulnerability in the Linux kernel using artificial intelligence tools. This flaw could potentially allow attackers to exploit systems running affected versions of the Linux kernel, putting many users and organizations at risk. The vulnerability's age raises concerns about how long it has gone unnoticed and the implications for systems that rely on Linux for their operations. As Linux is widely used across various platforms, including servers and embedded systems, this discovery highlights the need for ongoing vigilance in software security. Users and administrators are encouraged to review their systems and apply any available patches to mitigate the risk associated with this vulnerability.

May 1, 2026

SonicWall patches three SonicOS flaws in Gen 6, 7 and 8 firewalls. Patch them now

Security Affairs

SonicWall has released urgent firmware updates to address three vulnerabilities found in its SonicOS software, which affects Gen 6, Gen 7, and Gen 8 firewalls. These flaws could potentially allow attackers to bypass security controls and gain unauthorized access to restricted services. Users of these firewall models are strongly advised to apply the patches immediately to protect their systems from possible exploitation. The vulnerabilities underscore the importance of keeping security software up to date, as failure to patch could leave networks open to attacks. Companies relying on these firewalls should prioritize this update to safeguard their network environments.

May 1, 2026

US ransomware negotiators get 4 years in prison over BlackCat attacks

BleepingComputer

Two former employees from cybersecurity firms Sygnia and DigitalMint were sentenced to four years in prison for their involvement in BlackCat (ALPHV) ransomware attacks against U.S. companies. These individuals exploited their insider knowledge to facilitate cyberattacks that resulted in significant financial losses for the targeted organizations. The BlackCat ransomware group has gained notoriety for its sophisticated attacks and has been responsible for numerous breaches in recent years. This case underscores the risks posed by insider threats in the cybersecurity landscape, as even trusted employees can engage in malicious activities. The sentences aim to deter similar behavior and reinforce the importance of vigilance within the cybersecurity community.

May 1, 2026

Open-source privacy proxy masks PII before prompts reach external AI services

Help Net Security

Dataiku has introduced Kiji Privacy Proxy, an open-source tool designed to protect sensitive customer information when interacting with external AI services. Many organizations send prompts containing personally identifiable information (PII) to large language models without proper sanitization, risking data exposure. Kiji acts as a local gateway, filtering out customer emails, support transcripts, and other identifying data before requests reach APIs like OpenAI and Anthropic. This tool is particularly relevant for enterprise developers who need to ensure customer privacy while still utilizing advanced AI capabilities. By integrating this proxy, companies can better safeguard user data and comply with privacy regulations.

May 1, 2026

Ukrainian police arrest 3 hackers for hijacking 610,000 Roblox accounts

SCM feed for Latest

Ukrainian police have arrested three individuals, including a 19-year-old, for allegedly hijacking approximately 610,000 accounts on the popular gaming platform Roblox. The suspects reportedly exploited stolen session cookies, allowing them to bypass traditional password protections and gain unauthorized access to user accounts. This incident underscores the risks associated with session management and the potential for significant breaches in online gaming communities. The large number of affected accounts highlights the need for users to be vigilant about their account security and for platforms like Roblox to strengthen their defenses against such attacks. The situation serves as a reminder of the ongoing challenges in protecting digital identities in an increasingly interconnected world.

Apr 30, 2026

Former incident responders sentenced to 4 years in prison for committing ransomware attacks

CyberScoop

Ryan Goldberg and Kevin Martin, both former incident responders, have been sentenced to four years in prison for their involvement in a series of ransomware attacks against five companies in 2023. The duo extorted nearly $1.3 million from one of their victims, showcasing a troubling trend where individuals with cybersecurity expertise turn to criminal activities. This case raises concerns about trust within the cybersecurity community and highlights the ongoing risks of ransomware, which continues to threaten businesses across various sectors. The sentencing serves as a reminder that those who exploit their knowledge for malicious purposes will face serious consequences.

Apr 30, 2026