Le sigh. Every time we go around and have to do this again and manually figure out wtf each of the ten thousand linux distributions provides their security updates and current status.

Spending my Saturday morning searching for CVE-2026-31431 and "copyfail" patch status is just 👍.

Anyway, here's what I have so far:

Copy Fail (CVE-2026-31431) Patch Status for Debian:

- Debian Sid: Patched
- Forky: Patched
- Debian 13 Trixie: Patched
- Debian 12 Bookworm: Patched

Debian 11 Bullseye remains vulnerable.

#Debian #Copyfail #Linux #Security

ADDENDUM: Now also a blog post at https://jan.wildeboer.net/2026/05/PSA-CopyFail-CVE-2026-31431/

Some more details from our CVE page on CVE-2026-31431 at https://access.redhat.com/security/cve/cve-2026-31431 For more infos also on availability of updates see https://nvd.nist.gov/vuln/detail/CVE-2026-31431and https://www.cve.org/CVERecord?id=CVE-2026-31431 And check the errata/update/advisory pages of your distribution.

2/4

Ça y est le noyau #Linux pour #Debian 12 est sorti avec le correctif pour #CopyFail :

https://security-tracker.debian.org/tracker/CVE-2026-31431

Alma - https://almalinux.org/blog/2026-05-01-cve-2026-31431-copy-fail/
fixed

Alpine - https://security.alpinelinux.org/vuln/CVE-2026-31431
fixed (per https://fosstodon.org/@alpinelinux/116500119563494081)

Arch - https://security.archlinux.org/CVE-2026-31431
https://security.archlinux.org/AVG-2908
fixed in linux 6.19.12-1

Centos - pending RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=2460538
?

Debian - https://security-tracker.debian.org/tracker/CVE-2026-31431
13 (Trixie), 12 (bookworm), 11 (bullseye) all still vulnerable, but fixed in security releases

#copyfail

Fedora - https://bugzilla.redhat.com/show_bug.cgi?id=2460538
"For any Fedora users finding a link here: this was fixed in kernel 6.19.12, and all current Fedora branches are already at or past that version."

Gentoo - https://bugs.gentoo.org/973385

Kali - should have it by tracking Debian security

Suse / OpenSuse etc. - https://www.suse.com/security/cve/CVE-2026-31431.html

RedHat - https://access.redhat.com/security/cve/cve-2026-31431
relevant for various downstreams

#copyfail

Un kernel Linux patché est disponible pour Debian 11 (5.10.251-3), Debian 12 (6.1.170-1) et Debian 13 (6.12.85-1) : https://security-tracker.debian.org/tracker/CVE-2026-31431
Pour Debian 9 et 10 il faut suivre les paquets de Freexian : https://deb.freexian.com/extended-lts/tracker/CVE-2026-31431
#CopyFail #Debian

Linux-Kernel-Lücke CVE-2026-31431: Lokale Rechteerweiterung auf Root über algif_aead

Eine Schwachstelle im Krypto-Subsystem des Linux-Kernels erlaubt es nicht privilegierten lokalen Nutzern, Root-Rechte zu erlangen – ohne die Datei auf der Festplatte zu verändern.

https://www.all-about-security.de/linux-kernel-luecke-cve-2026-31431-lokale-rechteerweiterung-auf-root-ueber-algif_aead/

#linux #cve

Learn how to fix Copy Fail (CVE-2026-31431) in Ubuntu and Linux Mint. Copy Fail vulnerability allows any local user gain root access on Linux.

Full details here: https://ostechnix.com/fix-copy-fail-cve-2026-31431-ubuntu-linux-mint/

#Copyfail #CVE202631431 #Ubuntu #Linuxmint #Security #Linuxkernel

Because of the #copyfail cve, I booted up my MacBook Air running Linux Mint to get the patches.

https://copy.fail/

I took the chance to upgrade from Mint 21.3 to 22.3 too. I absolutely love how Mint has given so much extra life to the 2012 MBA.

@linuxmint

On my Pi though, DietPi is not patched yet, but I think it's waiting for Raspberry Pi's kernel or something. I don't really understand how or which party patches what!

https://github.com/MichaIng/DietPi/issues/8122

#cve202631431 #Linuxmint #DietPi

« Mettez à jour le paquet du noyau de votre distribution avec une version incluant le #commit a664bf3d603d de la branche principale », expliquent les chercheurs, « la plupart des principales distributions proposent désormais ce correctif », comme #Debian (https://security-tracker.debian.org/tracker/CVE-2026-31431) (Forky et Sid), #Ubuntu (https://ubuntu.com/security/CVE-2026-31431), par exemple mais la mise en place est encore en cours chez #RedHat (https://access.redhat.com/security/cve/cve-2026-31431) et #Suse.

Fin de l'article.

10/

#Patch #Linux #Ubuntu #CopyFail #Root #Cybersecurity #Docker #Kubernetes

Nine years in the Linux kernel and nobody noticed. "Copy Fail" (CVE-2026-31431) lets any local user grab root in seconds. CISA just added it to KEV. Working exploits for Ubuntu, Amazon Linux, RHEL, SUSE. Patch. - https://www.cisa.gov/news-events/alerts/2026/05/01/cisa-adds-one-known-exploited-vulnerability-catalog

@jorge bazzite is on a different machine but similarly vulnerable. It's on stable, kernel 6.19.11-ogc1.1.fc44.x86_64 and shows vulnerable to cve-2026-31431

https://ostechnix.com/debian-13-trixie-copy-fail-cve-2026-31431-vulnerability-fix/

Altro giro di aggiornamenti su vari server per #copyfail #CVE-2026-31431

Rocky - https://kb.ciq.com/article/rocky-linux/rl-cve-2026-31431-mitigation
(couldn't find an official link)

Slackware - nothing on http://www.slackware.com/security/list.php?l=slackware-security&y=2026

Ubuntu - https://ubuntu.com/security/CVE-2026-31431
all around very unclear

#copyfail - ¯\_(ツ)_/¯

I can't tell how dangerous Linux CVE-2026-31431 is, given it's just "local privilege escalation," but updating all my web servers anyway I guess 🤷🏻‍♂️

#Linux #Ubuntu

Copy Fail (CVE-2026-31431) is a Linux kernel LPE that gives root access on every major linux distro.

All that is needed is local shell access and a few lines of python.

https://forum.hashpwn.net/post/12727

#cybersecurity #copyfail #linux #exploit #cve202631431 #hashpwn

C’est l’entreprise de sécurité Xint.io qui a révélé (https://xint.io/blog/copy-fail-linux-distributions), ce mercredi 29 avril, cette vulnérabilité (CVE-2026-31431, d’une sévérité élevée de 7,8/10) permettant une élévation des privilèges en local.

Le score n’est « que » de 7,8 car le vecteur d’attaque est local (AV:L) : il faut déjà avoir un accès local sur la machine, ici un compte utilisateur. La même avec une attaque depuis le réseau (AV:N) se serait approchée de 10.

2/

En utilisant un script Python (https://github.com/theori-io/copy-fail-CVE-2026-31431/blob/main/copy_fail_exp.py) très court (732 octets) qui ne fait appel qu’à des bibliothèques standard et ciblant le page cache du noyau, il est possible d’accéder au binaire qui permet d’être superutilisateur : /usr/bin/su. La modification se fait en mémoire, pas directement sur le périphérique de stockage.

7/

CVE-2026-31431 added to KEV.
Linux kernel vuln, active exploitation confirmed.
Patch ASAP.

Source: https://www.cisa.gov/news-events/alerts/2026/05/01/cisa-adds-one-known-exploited-vulnerability-catalog

💬 Thoughts?
Follow @technadu

#Infosec #Linux #CyberSecurity

Copy Fail: la #vulnerabilidad de #Linux que lleva 9 años escondida y permite obtener root con un script de 732 bytes

https://wwwhatsnew.com/2026/05/02/copy-fail-cve-2026-31431-linux-kernel-vulnerabilidad-ia-mayo-2026/

cPanelSniper PoC Exploit Released for CVSS 9.8 Flaw CVE-2026-41940 — 44,000 Servers Already Compromised
#CyberSecurity
https://securebulletin.com/cpanelsniper-poc-exploit-released-for-cvss-9-8-flaw-cve-2026-41940-44000-servers-already-compromised/

Reports: A critical cPanel & WHM zero-day (CVE-2026-41940) is being actively exploited since Feb—attackers can bypass auth to gain full admin access. Patch immediately. 🔥🔐⚠️ Read: https://cyberinsider.com/critical-cpanel-zero-day-auth-bypass-exploited-since-february/ #cPanel #infosec #zeroDay #cybersecurity

cPanel CVE-2026-41940 now exploited in the wild.
Ransomware cases emerging, millions exposed.
CISA confirms active attacks.

Source: https://www.theregister.com/2026/05/01/critical_cpanel_vuln_hits_cisa/

💬 Thoughts?
Follow @technadu

#Infosec #ZeroDay #Ransomware

It's fair to say that <https://nitter.net/cperciva/status/2049591719143059860>, a few hours before Gary's video, was not bullshit:

＂ In April, FreeBSD issued eight security advisories. Six of them were for issues found by AI.＂

Colin Percival quotes his own post from March 2026:

＂… LLMs are producing lots of slop, but they're also finding a heck of a lot of real vulnerabilities.＂

@seuros if you disagree with CWE-121 – the Common Weakness Enumeration (CWE™) for CVE-2026-4747 – you might contact MITRE – <https://www.cve.org/CVERecord?id=CVE-2026-4747>.

Cc @garyhtech @cperciva@mastodon.social

@cperciva@bird.makeup (automated)

#AI #FreeBSD #vulnerability #Anthropic #Claude #Mythos #security #infosec

🔒 CVE-2026-2554: HIGH-severity IDOR in WCFM – Frontend Manager for WooCommerce lets Vendor+ users delete any account, incl. admins. No patch yet. Restrict Vendor access & monitor user deletions. More: https://radar.offseq.com/threat/cve-2026-2554-cwe-639-authorization-bypass-through-d8e3f679 #OffSeq #WordPress #WooCommerce #Infosec

🚨 CVE-2026-42786 (HIGH): mtrudel bandit 0.5.0 – <1.11.0 lets remote attackers cause DoS via unlimited WebSocket continuation frames (resource exhaustion). Affects Phoenix Channels & LiveView. Patch pending — monitor & limit connections. https://radar.offseq.com/threat/cve-2026-42786-cwe-770-allocation-of-resources-wit-56eb6fa8 #OffSeq #CVE #Elixir

CVE-2026-34159: llama.cpp RPC backend has an unauthenticated, no-bounds-check RCE. Zero buffer field in deserialize_tensor() allows arbitrary memory read/write. No auth, low complexity, CVSS 9.8. Patch to b8492 immediately. #infosec #llamacpp #rce

https://www.valtersit.com/cve/2026/04/cve-2026-34159/

⚠️ HIGH-severity vuln (CVE-2026-43824) in Argo CD 3.2.0 – 3.2.10 & 3.3.0 – 3.3.8: ServerSideDiff leaks cleartext Kubernetes Secrets. Restrict feature use & monitor for patches. Details: https://radar.offseq.com/threat/cve-2026-43824-cwe-212-improper-removal-of-sensiti-5eb1043e #OffSeq #ArgoCD #Kubernetes #Vuln

⚠️ CVE-2026-7491 (HIGH, CVSS 8.6): Zyosoft School App v0 is vulnerable to auth bypass via user-controlled keys (CWE-639). Authenticated users can access & modify others' data. No patch yet — restrict access & stay alert for updates. https://radar.offseq.com/threat/cve-2026-7491-cwe-639-authorization-bypass-through-2581445b #OffSeq #Vuln #AppSec

https://prog.hu/hirek/7088/github-cve-2026-3854-kritikus-rce-sebezhetoseg-kodtar

#magyar #hungarian #GitHub

🚨 CRITICAL: CVE-2026-7458 in User Verification by PickPlugins (≤2.0.46) enables auth bypass via weak OTP checks. Attackers can log in as any verified user, including admins. No patch yet — disable or restrict plugin! https://radar.offseq.com/threat/cve-2026-7458-cwe-288-authentication-bypass-using--78b8e551 #OffSeq #WordPress #Vuln