Copy Fail — 732 Bytes to Root
copy.fail
CVE-2026-31431. 100% Reliable Linux LPE — no race, no per-distro offsets, page-cache write that bypasses on-disk file-integrity tools and crosses containers. Found by Xint Code.
  • Eager Eagle@lemmy.worldEnglish
    26·
    25 days ago

    wtf

    An unprivileged local user can write 4 controlled bytes into the page cache of any readable file on a Linux system, and use that to gain root.

    If your kernel was built between 2017 and the patch — which covers essentially every mainstream Linux distribution — you’re in scope.

    how does that only get a CVE score of 7.8, the impact of this is huge

      • nyan@sh.itjust.works
        16·
        25 days ago

        Exactly. It’s Yet Another Privilege Escalation Vulnerability. Unless you’re dealing with a multiuser machine, the attacker first needs to use some other vuln to get into an unprivileged account. Without that additional vulnerability, this exploit is useless.

        • solrize@lemmy.ml
          13·
          25 days ago

          some other vuln

          You mean like inveigling it into a pypi or npm or whatever package? Checks out.

        • sakuraba@lemmy.ml
          5·
          25 days ago

          hey these exploits keep the lights on for some tech youtubers, stop making fun of it!! it is very dangerous!!!

          (video titled: LINUX HAS BEEN HACKED, AGAIN?!)