Overview
Description
Statistics
- 27 Posts
- 28 Interactions
Fediverse
Heise berichtet: Die Linux-Lücke „Copy Fail“ (CVE-2026-31431) wird bereits aktiv ausgenutzt — lokaler Root-Zugriff. Admins sollten sofort verfügbare Kernel-Updates/Packages einspielen. Details & PoC: https://www.heise.de/news/Linux-Luecke-Copy-Fail-wird-bereits-angegriffen-11279850.html 🔥🛡️🐧 #Linux #Security #CVE202631431
Edit/Korrektur: Laut @giggls
ist ein Container-Escape nicht möglich.
Kritische #Kernel #Lücke bedroht zahlreiche #Linux Systeme - #fosstopia
#IT #Security #Forscher haben eine schwere #Schwachstelle im #Linux_Kernel offengelegt (CVE-2026-31431). Die Lücke trägt den Namen Copy Fail und erlaubt lokalen Nutzern den Zugriff auf höchste Systemrechte (root). Angreifer können gezielt vier Bytes in den Seitencache beliebiger Dateien schreiben und so die Kontrolle über ein System übernehmen...
Security teams: "Copy Fail" (CVE-2026-31431) is now being exploited — a local→root Linux kernel LPE affecting many distros since 2017. Patches are available; update immediately. Details: https://www.heise.de/en/news/Linux-vulnerability-Copy-Fail-is-already-being-attacked-11279917.html 🚨🛡️ #Linux #infosec #CVE202631431
Heads up: CVE-2026-31431 (Copy Fail) is a kernel crypto vulnerability affecting Rocky Linux. Our community is on it: tracking patches and sharing Rocky-specific guidance as it develops.
If you're running Rocky in production, check the forum thread for the latest:
https://forums.rockylinux.org/t/cve-2026-31431-copy-fail-linux-kernel-crypto-vulnerability/20375/8
#RockyLinux #LinuxSecurity #OpenSource
Copy.fail: a small Linux kernel bug with an unusually big blast radius https://jorijn.com/en/blog/copy-fail-cve-2026-31431-linux-kernel-bug-explained/
"CISA flags actively exploited ‘Copy Fail’ Linux kernel flaw enabling root takeover across major distros — unpatched systems may remain vulnerable to attack"
"CISA warns of the actively exploited “Copy Fail” Linux flaw (CVE-2026-31431), enabling root access, with a public exploit released before patches were ready."
CVE-2026-31431, also known as CopyFail, is a Local Privilege Escalation (LPE) vulnerability in which an attacker can escalate an already compromised and authenticated standard user to root privileges, which are the highest privileges on the host. This vulnerability affects most popular Linux distributions, as well as many virtualized and hardware environments where Linux is present.
The vulnerability is present in the algif_aead module of the Linux kernel, which is responsible for hardware-accelerated cryptography. Canonical, the company behind Ubuntu, pushed out an update that disables the algif_aead module to mitigate the CopyFail vulnerability, however, Canonical notes that this mitigation will not be necessary once the kernel is updated.
Disabling the affected module should make applications fallback from hardware-accelerated cryptography to userspace cryptographic functions. However, because of the complexity and variation of configurations across many environments, it is recommended to test this mitigation in staging first, as some applications may not include or support userspace cryptographic functions. A reboot is also recommended to complete the mitigation, as some applications may require a reboot to trigger the fallback.
To protect systems running Ubuntu and Ubuntu-based distributions against this vulnerability, follow the steps below:
Open a terminal and type:
1. apt changelog kmod
This checks the changelog for the version of the kmod tool currently installed on your system and shows a list of changes, which will confirm whether the CopyFail vulnerability was mitigated. Check the top entry to confirm the mitigation, as shown in the attached screenshot, if the top entry mentions "* Disable loading of algif_aead module to mitigate CVE-2026-31431", you already have the update installed that mitigates the CopyFail vulnerability but if there is no mention of the CVE, continue with the steps below.
2. sudo apt-get update
This will update your package index files so you can install newly released updates.
3. sudo apt-get install --only-upgrade kmod
This command will upgrade only kmod, a tool used to configure kernel modules on Ubuntu, the new release contains the mitigation for your current kernel.
4. sudo reboot
This will reboot the operating system.
5. apt changelog kmod
Repeat the command from the first step to confirm whether the mitigation is in place. The top entry should now say "* Disable loading of algif_aead module to mitigate CVE-2026-31431".
#Ubuntu #Canonical #CopyFail #Linux #CVE #Mitigation #Cyber #CyberSecurity
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-31431, a Linux root access bug also known as Copy Fail, to its Known Exploited Vulnerabilities catalog due to active exploitation. This privilege escalation flaw allows unprivileged local users to gain root access by corrupting the kernel's page cache, posing a significant risk to cloud and containerized environments.
https://thehackernews.com/2026/05/cisa-adds-actively-exploited-linux-root.html
I don't know if this helps, but I don't see your kernel listed here: https://debiansupport.com/blog/copy-fail-cve-2026-31431-mitigation/
Edit to add that I also have not seen any differentiation between arm and x86_64 vulnerabilities (in general, not just pi-related).
@clock whilst I was doom-scrolling, this popped up from a few hours ago. I kinda think you're ok since you're on 6.x.
https://explains.social/@veronica/statuses/01KQQZ6X8QEKPBZQYXCA86XW0Y
also:
https://security-tracker.debian.org/tracker/CVE-2026-31431
60 Sekunden Cyber KW18 2026, 27. April - 3. Mai:
Daten von Kunden und Benutzern von Vimeo werden von der Gruppierung ShinyHunters ins Dark Net gestellt, Sicherheitsforscher finden mit Copy Fail eine seit 2017 (!) bestehende Schwachstelle (CVE-2026-31431), mit der man root-Zugriff auf allen bekannteren Linux-Distributionen erhalten kann, das NGO noyb klagt gegen die Hamburger
https://www.60-sekunden-cyber.de/kw18-2026/
#cyber #cybersicherheit #itsicherheit #itsecurity #infosec #threatint #threatintel #news #update
copy.fail (CVE-2026-31431): a small Linux kernel bug with an unusually big blast radius | Jorijn Schrijvershof https://jorijn.com/en/blog/copy-fail-cve-2026-31431-linux-kernel-bug-explained/
"CopyFail" (CVE-2026-31431) : un utilisateur local sans privilège peut écrire 4 bytes contrôlés dans le cache de TOUT fichier lisible ➡️ élévation root. Si vous avez du multi-tenant, des conteneurs, des CI runners non fiables : mettre à jour. Ordinateur perso ? Moins urgent mais mettez à jour quand même.
L'article : https://xint.io/blog/copy-fail-linux-distributions (en)
Le site : https://copy.fail/ (en)
#linux #cybersecurity
https://security-tracker.debian.org/tracker/CVE-2026-31431
« In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly. »
Bluesky
Overview
Description
Statistics
- 14 Posts
- 4 Interactions
Fediverse
cPanel zero-day active:
40K+ servers hit
CVE-2026-41940
→ auth bypass
→ admin access
Patch immediately.
Source: https://www.securityweek.com/over-40000-servers-compromised-in-ongoing-cpanel-exploitation/
Follow @technadu
🚨 In this week’s newsletter, we cover CVE-2026-41940, a cPanel & WHM authentication bypass that puts entire hosting environments at risk. We break down how it enables admin access and what defenders should do next.
Read the full analysis and protect your systems 👉 https://www.crowdsec.net/vulntracking-report/cve-2026-41940-cpanel-whm-authentication-bypass-exploitation
📰 cPanel Zero-Day Auth Bypass (CVE-2026-41940) Actively Exploited for Months Before Patch
🚨 CRITICAL ZERO-DAY 🚨 cPanel & WHM auth bypass (CVE-2026-41940, CVSS 9.8) exploited for months before patch! Unauthenticated attackers can get root access. 1.5M instances exposed. Patch NOW! #cPanel #ZeroDay #CVE #WebHosting
Bluesky
Overview
Description
Statistics
- 3 Posts
- 4 Interactions
Fediverse
FreeBSD DHCP Client Flaw CVE-2026-42511 Allows Root Code Execution via Rogue DHCP Server
#CyberSecurity
https://securebulletin.com/freebsd-dhcp-client-flaw-cve-2026-42511-allows-root-code-execution-via-rogue-dhcp-server/
Bluesky
Overview
Description
Statistics
- 2 Posts
- 1 Interaction
Fediverse
https://www.akamai.com/blog/security-research/2026/apr/incomplete-patch-apt28s-zero-day-cve-2026-32202
Overview
- GeoVision Inc.
- GV-VMS V20.0.2
Description
Statistics
- 2 Posts
Fediverse
🚨 CVE-2026-42369 (CRITICAL, CVSS 10): GeoVision GV-VMS V20.0.2 stack overflow in gvapi endpoint lets unauthenticated remote attackers execute code as SYSTEM. Restrict remote access, monitor for patches. https://radar.offseq.com/threat/cve-2026-42369-cwe-787-out-of-bounds-write-in-geov-0757b787 #OffSeq #CVE202642369 #infosec #zeroday
Overview
- Progress Software
- MOVEit Automation
Description
Statistics
- 3 Posts
Bluesky
Overview
- argoproj
- Argo CD
Description
Statistics
- 1 Post
- 2 Interactions
Overview
Description
Statistics
- 2 Posts
- 2 Interactions
Overview
- GeoVision Inc.
- GV-LPC2011/LPC2211
Description
Statistics
- 1 Post
- 1 Interaction
Fediverse
🌐 CVE-2026-42368 | CRITICAL privilege escalation in GeoVision GV-LPC2011/LPC2211 v1.10. Remote attackers can gain full control via crafted HTTP requests. No patch — restrict web interface access & monitor traffic. Details: https://radar.offseq.com/threat/cve-2026-42368-cwe-266-incorrect-privilege-assignm-b84e399c #OffSeq #Vuln #IoT #CyberSecurity
Overview
- @fastify/accepts-serializer
- @fastify/accepts-serializer
Description
Statistics
- 2 Posts