Une très bonne synthèse sur la faille CopyFail impactant le noyau Linux : historique de la faille, mécanisme d'exploitation, gestion érratique de la divulgation, mitigation - par Linuxtricks #Infosec #Linux https://www.linuxtricks.fr/news/10-logiciels-libres/600-copy-fail-cve-2026-31431-synthese-technique-sur-cette-faille-linux/

#CopyFail **UPDATE 2025-05-05:** Red Hat has released the kernel updates for Red Hat Enterprise Linux 9 and 10. So if you followed the steps I described in this thread, you can now simply do

dnf update

on affected machines to get the new kernel and do a

grubby --update-kernel=ALL --remove-args='initcall_blacklist=algif_aead_init'

to remove the mitigation described in this post, before you finish the process with a

reboot

to switch to the fixed kernel.

https://access.redhat.com/security/cve/cve-2026-31431

NicFab Newsletter #19 is out.

This week:
→ EDPB marks 10 years of GDPR
→ AI Act trilogue stalls — high-risk rules still set for 2 August 2026
→ EU Age Verification App found vulnerable hours after launch
→ First European standard on trusted data transactions (EN 18235-1:2026)
→ CopyFail (CVE-2026-31431) added to CISA KEV
→ Minnesota first US state to ban nudification apps

https://www.nicfab.eu/en/newsletter-issues/2026-05-05-issue-19/

#Privacy #DataProtection #AIAct #Cybersecurity #AI

Red Hat product updates to copy fail available https://access.redhat.com/security/cve/cve-2026-31431

#cve202631431 #CopyFail #RedHat

Oh hey, RHEL released patches for Copy Fail!

https://access.redhat.com/security/cve/cve-2026-31431

#CopyFail #RHEL #PatchesFinally

CVE-2026-31431 #CopyFail shows that #LLM-assisted #cybersecurity research is:
1. Already there and massively impactful without #mythos.
2. Digestible by current governance systems of responsible disclosure.
3. Way more realistic than agents discovering, deploying and scaling exploits autonomously.
Details: https://xint.io/blog/copy-fail-linux-distributions

🚨ATENCIÓN: un bug en #linux lleva escondido 9 años en el sistema, se llama Copy Fail, está asociado a CVE-2026-31431, y afecta a una parte crítica del #kernel relacionada con algif_aead, la interfaz criptográfica usada para mover datos entre espacio de usuario y kernel.

en pocas palabras, un bug de Linux escondido durante 9 años puede permitir que un usuario sin privilegios escale hasta root en segundos.

Aquí en el video lo explica de que trata esta vulnerabilidad.👇 https://www.youtube.com/watch?v=R7_Jrm7zY-0

Sobre a CVE-31431 "Copy Fail":

Escrevi alguma coisa no github: https://github.com/darioomatos/cve-2026-31431-copyfail

AlmaLinux 10.2 Beta is now live!

The release team of AlmaLinux, which is a free binary-compatible alternative to a commercial Linux distribution, Red Hat Enterprise Linux, has just released the beta version of the upcoming point release, which is AlmaLinux v10.2.

This beta version of AlmaLinux brings many improvements over the current version, which is version v10.1. The version is available for the following architectures listed:

• Intel/AMD (x86_64)
• Intel/AMD (x86_64_v2)
• Intel/AMD 32-bit (i686) (userspace only, no installation)
• ARM64 (aarch64)
• IBM PowerPC (ppc64le)
• IBM Z (s390x)

However, this beta version of AlmaLinux is not a production release, and is not guaranteed to be stable, especially when it comes to production installations. For users who rely on stability, you’ll have to wait until the official release. If you are curious about this beta version, and you intend to test and to report bugs and issues, you can download the beta version here.

AlmaLinux 10.2 brings i686 userspace packages to enable legacy 32-bit software, CI pipelines, and containerized workloads for users who rely on them in their workflow. It also presents you with updated toolsets and packages, such as the updated MariaDB 11.8, PHP 8.4, and Python 3.14. Security updates have also been provided, such as OpenSSL, Keylime, and SELinux policies, to enhance your computer’s security and to reduce attack vectors.

Also, a severe vulnerability that was left unnoticed since 2017, called Copy Fail (CVE-2026-31431) that exposed a flaw in authencesn, has been patched in this version of AlmaLinux, along with versions v10.x, v9.x, and v8.x.

You can learn more about this beta version here.

I just came across another article that was also published yesterday on #podman rootless containers and #copyfail. This one takes a closer look at the exploit itself and how the kernel handles the attempt to escalate privileges. It also draws a similar conclusion regarding the role of user namespaces in limiting exposure in rootless mode.

Great read! https://www.dragonsreach.it/2026/05/04/cve-2026-31431-copy-fail-rootless-containers/

@mttaggart https://blog.feistel.party/2026/04/30/deny-alg-socket-to-containers-with-selinux-to-mitigate-cve-2026-31431.html

Not sure if this helps

Presenting, for absolutely no reason at all, CVE-2026-31431 as a 587-byte x86_64 static ELF:
https://github.com/Rat5ak/CVE-2026-31431-CopyFail-static-ELF--POC

https://www.dragonsreach.it/2026/05/04/cve-2026-31431-copy-fail-rootless-containers/

Critical Android Zero-Click Vulnerability CVE-2026-0073 Allows Remote Shell Access Without User Interaction
#CyberSecurity
https://securebulletin.com/critical-android-zero-click-vulnerability-cve-2026-0073-allows-remote-shell-access-without-user-interaction/

Actualiza tu Android ya: este fallo permite atacar el móvil sin que pulses nada 👇
https://www.adslzone.net/noticias/moviles/parche-seguridad-android-vulnerabilidad-cve-2026-0073/
#Ciberseguridad #Seguridad #Privacidad 🔏

OpenSSL's "0 means fail and 1 means success and oh yeah -1 also means fail" APIs have been causing bugs for decades.

https://barghest.asia/blog/cve-2026-0073-adb-tls-auth-bypass/

Today we are disclosing CVE-2026-0073:

A critical no-interaction proximal/adjacent remote code execution vulnerability in adbd's ADB-over-TCP authentication path.

Full technical write-up + exploit flow:

https://barghest.asia/blog/cve-2026-0073-adb-tls-auth-bypass/

Barguest Research Group found a critical no-interaction remote RCE in Android's Wireless Debugging ADB functionality.

https://barghest.asia/blog/cve-2026-0073-adb-tls-auth-bypass/

#android #adb #CVE #wirelessdebug #RCE #authbypass

CVE-2026-0073 affects Android’s System component and it can be exploited without any user interaction. https://www.securityweek.com/critical-remote-code-execution-vulnerability-patched-in-android-2/

La importancia de las actualizaciones de seguridad en los sistemas operativos en teléfonos móviles que en realidad son pequeños ordenadores ⚠️ 📱 👾

Actualiza tu Android ya: este fallo permite atacar el móvil sin que pulses nada

https://www.adslzone.net/noticias/moviles/parche-seguridad-android-vulnerabilidad-cve-2026-0073/

Critical Apache HTTP Server 2.4.67 Patches RCE Flaw CVE-2026-23918 — Upgrade All Servers Immediately
#CyberSecurity
https://securebulletin.com/critical-apache-http-server-2-4-67-patches-rce-flaw-cve-2026-23918-upgrade-all-servers-immediately/

#Apache HTTP Server Vulnerability CVE-2026-23918 Exposes Millions of Servers to Remote Code Execution Attacks.
Anyone running Apache httpd version 2.4.66 or earlier are strongly urged to upgrade immediately!

👇
https://gbhackers.com/apache-http-server-vulnerability-exposes-millions-rce/

Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE

https://thehackernews.com/2026/05/critical-apache-http2-flaw-cve-2026.html

Read on HackerWorkspace: https://hackerworkspace.com/article/critical-apache-http-2-flaw-cve-2026-23918-enables-dos-and-potential-rce

Summary of all Apache vulnerabilities: https://www.hackerworkspace.com/article/apache-http-server-2-4-vulnerabilities-the-apache-http-server-project

#cybersecurity #vulnerability #exploit

Está a ser uns dias complicados para muitos... 🫠

https://support.cpanel.net/hc/en-us/articles/40229402602519-Security-CVE-2026-23918

@tychotithonus I just love the Debian security tracker, they manage the flood so good https://security-tracker.debian.org/tracker/CVE-2026-23918

Über 40.000 Server durch Zero-Day-Lücke in cPanel kompromittiert. Die Schwachstelle CVE-2026-41940 ermöglicht Angreifern Admin-Zugriff ohne Authentifizierung. #cPanel #Sicherheitslücke https://winfuture.de/news,158509.html?utm_source=Mastodon&utm_medium=ManualStatus&utm_campaign=SocialMedia

CVE-2026-41940 in cPanel & WHM under mass exploitation.
550K+ servers potentially exposed → auth bypass → ransomware deployment.
CISA urges immediate patching.

https://www.technadu.com/hackers-mass-exploit-critical-cpanel-vulnerability-may-impact-550000-potentially-vulnerable-servers/627301/

Patched yet?

#Infosec #Vulnerability

📰 Critical MetInfo CMS Vulnerability Under Active Exploitation

🚨 ACTIVE EXPLOITATION! A critical RCE flaw (CVE-2026-29014, CVSS 9.8) in MetInfo CMS is being widely exploited. Unauthenticated attackers can gain full server control. Patch immediately! #CVE #RCE #CyberSecurity #Vulnerability

🔗 https://cyber.netsecops.io

CVE‑2026‑22679 is a critical unauthenticated RCE in Weaver E‑cology 10.0 exploited within five days of patch release. Attackers abused an exposed debug API endpoint to execute system commands. No workaround exists — upgrade to build 20260312 immediately. #CyberSecurity #RCE #ZeroTrust

https://thecybermind.co/2026/05/05/cve-2026-22679-weaver-ecology-rce/?utm_source=mastodon&utm_medium=jetpack_social

AISLE boasts about their AI tooling and CVE-2026-42511:

"Our autonomous AI system found another critical vulnerability in the FreeBSD DHCP stack - an unauthenticated remote code execution vulnerability with root privileges.

This finding is significant not only because RCE as root is about as severe as it gets, but also because FreeBSD was explicitly included in Anthropic’s Mythos announcement, and Mythos did not identify this issue."

...sigh...
<insert HereWeGoAgain.gif meme>

~~~~~~~~~~~

Urgent Palo Alto Networks Security Advisory - Severity 9.3 · CRITICAL

Palo Alto Networks has published one new Security Advisory for a Critical Unauthenticated User initiated Buffer Overflow Vulnerability in User-ID™ Authentication Portal. This is available at https://security.paloaltonetworks.com/CVE-2026-0300

We strongly advise PAN-OS customers to read the advisory and take appropriate action immediately to protect their devices.

#PaloAlto #Cybersecurity #SysAdmin #Infosec