Dangerous New Linux Exploit Gives Attackers Root Access to Countless Computers
A critical Linux vulnerability named CopyFail, tracked as CVE-2026-31431, allows attackers with local access to gain root privileges on affected systems. The exploit is highly reliable and works across nearly all Linux distributions without modification, increasing its potential impact. Although patches have been released, many systems remain vulnerable due to slow adoption of updates.
- ▪The CopyFail exploit enables local privilege escalation to root on unpatched Linux systems.
- ▪The same Python script works across multiple Linux distributions including Ubuntu, Amazon Linux, SUSE, and Debian without changes.
- ▪CopyFail exploits a logic flaw in the kernel’s crypto API related to the AAD ESN bytes handling in the AEAD template process.
- ▪The vulnerability allows attackers to break out of containers, compromise multi-tenant systems, and pivot to other machines after initial access.
- ▪Patches were applied to specific kernel versions, but many Linux distributions had not yet incorporated them when the exploit was publicly released.
Opening excerpt (first ~120 words) tap to expand
Dan Goodin, Ars TechnicaSecurityMay 1, 2026 4:30 PMDangerous New Linux Exploit Gives Attackers Root Access to Countless ComputersThe exploit, dubbed CopyFail and tracked as CVE-2026-31431, allows hackers to take over PCs and data center servers. The Linux vulnerabilities have been patched—but many machines remain at risk.Photo-Illustration: WIRED Staff; Getty ImagesCommentLoaderSave StorySave this storyCommentLoaderSave StorySave this storyPublicly released exploit code for an effectively unpatched vulnerability that gives root access to virtually all releases of Linux is setting off alarm bells as defenders scramble to ward off severe compromises inside data centers and on personal devices.The vulnerability and exploit code that exploits it were released Wednesday evening by researchers…
Excerpt limited to ~120 words for fair-use compliance. The full article is at WIRED.
Discussion
0 commentsMore from WIRED
.jpg&w=800)
