Overview
Description
Statistics
- 27 Posts
- 45 Interactions
Fediverse
#CopyFail **UPDATE 2025-05-05:** Red Hat has released the kernel updates for Red Hat Enterprise Linux 9 and 10. So if you followed the steps I described in this thread, you can now simply do
dnf update
on affected machines to get the new kernel and do a
grubby --update-kernel=ALL --remove-args='initcall_blacklist=algif_aead_init'
to remove the mitigation described in this post, before you finish the process with a
reboot
to switch to the fixed kernel.
Heise berichtet: Die Linux-Lücke „Copy Fail“ (CVE-2026-31431) wird bereits aktiv ausgenutzt — lokaler Root-Zugriff. Admins sollten sofort verfügbare Kernel-Updates/Packages einspielen. Details & PoC: https://www.heise.de/news/Linux-Luecke-Copy-Fail-wird-bereits-angegriffen-11279850.html 🔥🛡️🐧 #Linux #Security #CVE202631431
Edit/Korrektur: Laut @giggls
ist ein Container-Escape nicht möglich.
Kritische #Kernel #Lücke bedroht zahlreiche #Linux Systeme - #fosstopia
#IT #Security #Forscher haben eine schwere #Schwachstelle im #Linux_Kernel offengelegt (CVE-2026-31431). Die Lücke trägt den Namen Copy Fail und erlaubt lokalen Nutzern den Zugriff auf höchste Systemrechte (root). Angreifer können gezielt vier Bytes in den Seitencache beliebiger Dateien schreiben und so die Kontrolle über ein System übernehmen...
Security teams: "Copy Fail" (CVE-2026-31431) is now being exploited — a local→root Linux kernel LPE affecting many distros since 2017. Patches are available; update immediately. Details: https://www.heise.de/en/news/Linux-vulnerability-Copy-Fail-is-already-being-attacked-11279917.html 🚨🛡️ #Linux #infosec #CVE202631431
AlmaLinux 10.2 Beta is now live!
The release team of AlmaLinux, which is a free binary-compatible alternative to a commercial Linux distribution, Red Hat Enterprise Linux, has just released the beta version of the upcoming point release, which is AlmaLinux v10.2.
This beta version of AlmaLinux brings many improvements over the current version, which is version v10.1. The version is available for the following architectures listed:
- Intel/AMD (x86_64)
- Intel/AMD (x86_64_v2)
- Intel/AMD 32-bit (i686) (userspace only, no installation)
- ARM64 (aarch64)
- IBM PowerPC (ppc64le)
- IBM Z (s390x)
However, this beta version of AlmaLinux is not a production release, and is not guaranteed to be stable, especially when it comes to production installations. For users who rely on stability, you’ll have to wait until the official release. If you are curious about this beta version, and you intend to test and to report bugs and issues, you can download the beta version here.
AlmaLinux 10.2 brings i686 userspace packages to enable legacy 32-bit software, CI pipelines, and containerized workloads for users who rely on them in their workflow. It also presents you with updated toolsets and packages, such as the updated MariaDB 11.8, PHP 8.4, and Python 3.14. Security updates have also been provided, such as OpenSSL, Keylime, and SELinux policies, to enhance your computer’s security and to reduce attack vectors.
Also, a severe vulnerability that was left unnoticed since 2017, called Copy Fail (CVE-2026-31431) that exposed a flaw in authencesn, has been patched in this version of AlmaLinux, along with versions v10.x, v9.x, and v8.x.
You can learn more about this beta version here.
Learn more Download #AlmaLinux #AlmaLinux10 #AlmaLinux102 #Linux #news #Tech #Technology #updateHeads up: CVE-2026-31431 (Copy Fail) is a kernel crypto vulnerability affecting Rocky Linux. Our community is on it: tracking patches and sharing Rocky-specific guidance as it develops.
If you're running Rocky in production, check the forum thread for the latest:
https://forums.rockylinux.org/t/cve-2026-31431-copy-fail-linux-kernel-crypto-vulnerability/20375/8
#RockyLinux #LinuxSecurity #OpenSource
"CISA flags actively exploited ‘Copy Fail’ Linux kernel flaw enabling root takeover across major distros — unpatched systems may remain vulnerable to attack"
"CISA warns of the actively exploited “Copy Fail” Linux flaw (CVE-2026-31431), enabling root access, with a public exploit released before patches were ready."
60 Sekunden Cyber KW18 2026, 27. April - 3. Mai:
Daten von Kunden und Benutzern von Vimeo werden von der Gruppierung ShinyHunters ins Dark Net gestellt, Sicherheitsforscher finden mit Copy Fail eine seit 2017 (!) bestehende Schwachstelle (CVE-2026-31431), mit der man root-Zugriff auf allen bekannteren Linux-Distributionen erhalten kann, das NGO noyb klagt gegen die Hamburger
https://www.60-sekunden-cyber.de/kw18-2026/
#cyber #cybersicherheit #itsicherheit #itsecurity #infosec #threatint #threatintel #news #update
copy.fail (CVE-2026-31431): a small Linux kernel bug with an unusually big blast radius | Jorijn Schrijvershof https://jorijn.com/en/blog/copy-fail-cve-2026-31431-linux-kernel-bug-explained/
"CopyFail" (CVE-2026-31431) : un utilisateur local sans privilège peut écrire 4 bytes contrôlés dans le cache de TOUT fichier lisible ➡️ élévation root. Si vous avez du multi-tenant, des conteneurs, des CI runners non fiables : mettre à jour. Ordinateur perso ? Moins urgent mais mettez à jour quand même.
L'article : https://xint.io/blog/copy-fail-linux-distributions (en)
Le site : https://copy.fail/ (en)
#linux #cybersecurity
https://security-tracker.debian.org/tracker/CVE-2026-31431
« In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly. »
Bluesky
Overview
Description
Statistics
- 14 Posts
- 7 Interactions
Fediverse
Falla in cPanel e WHM mette a rischio gli account amministrativi sui server di hosting
@informatica
La pubblicazione di un PoC per la CVE-2026-41940 espone cPanel & WHM e WP Squared a rischi concreti di takeover. L’authentication bypass può compromettere server hosting e siti WordPress. Analisi tecnica, impatti e contromisure per
cPanel zero-day active:
40K+ servers hit
CVE-2026-41940
→ auth bypass
→ admin access
Patch immediately.
Source: https://www.securityweek.com/over-40000-servers-compromised-in-ongoing-cpanel-exploitation/
Follow @technadu
🚨 In this week’s newsletter, we cover CVE-2026-41940, a cPanel & WHM authentication bypass that puts entire hosting environments at risk. We break down how it enables admin access and what defenders should do next.
Read the full analysis and protect your systems 👉 https://www.crowdsec.net/vulntracking-report/cve-2026-41940-cpanel-whm-authentication-bypass-exploitation
📰 cPanel Zero-Day Auth Bypass (CVE-2026-41940) Actively Exploited for Months Before Patch
🚨 CRITICAL ZERO-DAY 🚨 cPanel & WHM auth bypass (CVE-2026-41940, CVSS 9.8) exploited for months before patch! Unauthenticated attackers can get root access. 1.5M instances exposed. Patch NOW! #cPanel #ZeroDay #CVE #WebHosting
Bluesky
Overview
Description
Statistics
- 4 Posts
- 4 Interactions
Fediverse
FreeBSD DHCP Client Flaw CVE-2026-42511 Allows Root Code Execution via Rogue DHCP Server
#CyberSecurity
https://securebulletin.com/freebsd-dhcp-client-flaw-cve-2026-42511-allows-root-code-execution-via-rogue-dhcp-server/
Not sure if it was a good idea to look this closely: CVE-2026-42511 (#freebsd #dhclient) looks awfully similar to CVE-2011-0997 (isc-dhcp).
Bluesky
Overview
- Weaver Network Co., Ltd.
- E-cology
Description
Statistics
- 2 Posts
- 5 Interactions
Bluesky
Overview
Description
Statistics
- 2 Posts
- 1 Interaction
Fediverse
https://www.akamai.com/blog/security-research/2026/apr/incomplete-patch-apt28s-zero-day-cve-2026-32202
Overview
- GeoVision Inc.
- GV-VMS V20.0.2
Description
Statistics
- 2 Posts
Fediverse
🚨 CVE-2026-42369 (CRITICAL, CVSS 10): GeoVision GV-VMS V20.0.2 stack overflow in gvapi endpoint lets unauthenticated remote attackers execute code as SYSTEM. Restrict remote access, monitor for patches. https://radar.offseq.com/threat/cve-2026-42369-cwe-787-out-of-bounds-write-in-geov-0757b787 #OffSeq #CVE202642369 #infosec #zeroday
Overview
- Progress Software
- MOVEit Automation
Description
Statistics
- 3 Posts
Bluesky
Overview
- Apache Software Foundation
- Apache HTTP Server
Description
Statistics
- 3 Posts
- 11 Interactions
Fediverse
Several vulnerabilities in #Apache HTTP Server 2.4 have been fixed in release 2.4.67. The most severe of these are:
- CVE-2026-23918: Apache HTTP Server: http2: double free and possible RCE on early reset
- CVE-2026-24072: Apache HTTP Server: mod_rewrite elevation of privileges via ap_expr
- CVE-2026-33006: Apache HTTP Server: mod_auth_digest timing attack
https://httpd.apache.org/security/vulnerabilities_24.html
#CVE_2026_23918 #CVE_2026_24072 #CVE_2026_33006 #infosec #cybersecurity
Bluesky
Overview
- argoproj
- Argo CD
Description
Statistics
- 1 Post
- 2 Interactions
Overview
Description
Statistics
- 2 Posts
- 2 Interactions