US government warns of severe CopyFail bug affecting major versions of Linux
A critical security vulnerability known as CopyFail, affecting nearly all versions of Linux since 2017, is being actively exploited in the wild. The flaw, tracked as CVE-2026-31431, allows limited users to gain full administrative control of affected systems, posing significant risks to enterprise and datacenter environments. The U.S. government has mandated federal agencies to patch affected systems by May 15 due to the severity of the threat.
- ▪The CopyFail vulnerability, CVE-2026-31431, affects Linux kernel versions 7.0 and earlier and allows attackers to gain root access.
- ▪Security firm Theori discovered the bug, which impacts major Linux distributions including Red Hat, Ubuntu, Amazon Linux, and SUSE.
- ▪The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered civilian federal agencies to patch systems by May 15.
- ▪Exploitation requires initial access but can be combined with internet-based vulnerabilities to enable remote attacks.
- ▪CopyFail works by failing to copy critical data in the kernel, corrupting sensitive information and enabling privilege escalation.
Opening excerpt (first ~120 words) tap to expand
A severe security vulnerability affecting almost every version of the Linux operating system has caught defenders off-guard and scrambling to patch after security researchers publicly released exploit code that allows attackers to take complete control of vulnerable systems. The U.S. government says the bug, dubbed “CopyFail,” is now being exploited in the wild, meaning it’s being actively used in malicious hacking campaigns. The bug, officially tracked as CVE-2026-31431 and discovered in Linux kernel versions 7.0 and earlier, was disclosed to the Linux kernel security team in late March, and patched after about a week.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at TechCrunch.
Discussion
0 commentsMore from TechCrunch
