VulnHub

A newly disclosed Linux vulnerability, dubbed 'copy.fail', poses a serious risk across multiple distributions, including Ubuntu, RHEL, Debian, SUSE, Amazon Linux, and Fedora. Revealed by Theori on April 29, 2026, this local privilege escalation flaw allows attackers to manipulate the Linux kernel's crypto API to write unauthorized data into the page cache of files they do not own. Importantly, the exploit does not modify files on disk, making it difficult for traditional monitoring tools like AIDE and Tripwire to detect. This vulnerability is concerning because it affects a wide range of systems without requiring any specific modifications for different distributions. Organizations using these Linux variants should prioritize assessing their security posture and applying necessary mitigations to protect against potential exploitation.