Overview
Description
Statistics
- 23 Posts
- 17 Interactions
Fediverse
Heise berichtet: Die Linux-Lücke „Copy Fail“ (CVE-2026-31431) wird bereits aktiv ausgenutzt — lokaler Root-Zugriff. Admins sollten sofort verfügbare Kernel-Updates/Packages einspielen. Details & PoC: https://www.heise.de/news/Linux-Luecke-Copy-Fail-wird-bereits-angegriffen-11279850.html 🔥🛡️🐧 #Linux #Security #CVE202631431
Edit/Korrektur: Laut @giggls
ist ein Container-Escape nicht möglich.
Security teams: "Copy Fail" (CVE-2026-31431) is now being exploited — a local→root Linux kernel LPE affecting many distros since 2017. Patches are available; update immediately. Details: https://www.heise.de/en/news/Linux-vulnerability-Copy-Fail-is-already-being-attacked-11279917.html 🚨🛡️ #Linux #infosec #CVE202631431
Copy.fail: a small Linux kernel bug with an unusually big blast radius https://jorijn.com/en/blog/copy-fail-cve-2026-31431-linux-kernel-bug-explained/
CVE-2026-31431, also known as CopyFail, is a Local Privilege Escalation (LPE) vulnerability in which an attacker can escalate an already compromised and authenticated standard user to root privileges, which are the highest privileges on the host. This vulnerability affects most popular Linux distributions, as well as many virtualized and hardware environments where Linux is present.
The vulnerability is present in the algif_aead module of the Linux kernel, which is responsible for hardware-accelerated cryptography. Canonical, the company behind Ubuntu, pushed out an update that disables the algif_aead module to mitigate the CopyFail vulnerability, however, Canonical notes that this mitigation will not be necessary once the kernel is updated.
Disabling the affected module should make applications fallback from hardware-accelerated cryptography to userspace cryptographic functions. However, because of the complexity and variation of configurations across many environments, it is recommended to test this mitigation in staging first, as some applications may not include or support userspace cryptographic functions. A reboot is also recommended to complete the mitigation, as some applications may require a reboot to trigger the fallback.
To protect systems running Ubuntu and Ubuntu-based distributions against this vulnerability, follow the steps below:
Open a terminal and type:
1. apt changelog kmod
This checks the changelog for the version of the kmod tool currently installed on your system and shows a list of changes, which will confirm whether the CopyFail vulnerability was mitigated. Check the top entry to confirm the mitigation, as shown in the attached screenshot, if the top entry mentions "* Disable loading of algif_aead module to mitigate CVE-2026-31431", you already have the update installed that mitigates the CopyFail vulnerability but if there is no mention of the CVE, continue with the steps below.
2. sudo apt-get update
This will update your package index files so you can install newly released updates.
3. sudo apt-get install --only-upgrade kmod
This command will upgrade only kmod, a tool used to configure kernel modules on Ubuntu, the new release contains the mitigation for your current kernel.
4. sudo reboot
This will reboot the operating system.
5. apt changelog kmod
Repeat the command from the first step to confirm whether the mitigation is in place. The top entry should now say "* Disable loading of algif_aead module to mitigate CVE-2026-31431".
#Ubuntu #Canonical #CopyFail #Linux #CVE #Mitigation #Cyber #CyberSecurity
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-31431, a Linux root access bug also known as Copy Fail, to its Known Exploited Vulnerabilities catalog due to active exploitation. This privilege escalation flaw allows unprivileged local users to gain root access by corrupting the kernel's page cache, posing a significant risk to cloud and containerized environments.
https://thehackernews.com/2026/05/cisa-adds-actively-exploited-linux-root.html
I don't know if this helps, but I don't see your kernel listed here: https://debiansupport.com/blog/copy-fail-cve-2026-31431-mitigation/
Edit to add that I also have not seen any differentiation between arm and x86_64 vulnerabilities (in general, not just pi-related).
@clock whilst I was doom-scrolling, this popped up from a few hours ago. I kinda think you're ok since you're on 6.x.
https://explains.social/@veronica/statuses/01KQQZ6X8QEKPBZQYXCA86XW0Y
also:
https://security-tracker.debian.org/tracker/CVE-2026-31431
60 Sekunden Cyber KW18 2026, 27. April - 3. Mai:
Daten von Kunden und Benutzern von Vimeo werden von der Gruppierung ShinyHunters ins Dark Net gestellt, Sicherheitsforscher finden mit Copy Fail eine seit 2017 (!) bestehende Schwachstelle (CVE-2026-31431), mit der man root-Zugriff auf allen bekannteren Linux-Distributionen erhalten kann, das NGO noyb klagt gegen die Hamburger
https://www.60-sekunden-cyber.de/kw18-2026/
#cyber #cybersicherheit #itsicherheit #itsecurity #infosec #threatint #threatintel #news #update
copy.fail (CVE-2026-31431): a small Linux kernel bug with an unusually big blast radius | Jorijn Schrijvershof https://jorijn.com/en/blog/copy-fail-cve-2026-31431-linux-kernel-bug-explained/
The Internet Last Week
* Ubuntu/Canonical DDoS
https://status.canonical.com/#/incident/KNms6QK9ewuzz-7xUsPsNylV20jEt5kyKsd8A-3ptQEHpOd8VQ40ZQs-KD81fboQXeGZB94okNHdHBGlCv58Sw==
https://techcrunch.com/2026/05/01/ubuntu-services-hit-by-outages-after-ddos-attack/
* Linux copy.fail vulnerability
https://nvd.nist.gov/vuln/detail/CVE-2026-31431
https://xint.io/blog/copy-fail-linux-distributions
* GitHub availability
https://github.blog/news-insights/company-news/an-update-on-github-availability/
https://www.githubstatus.com/incidents/ql942tw29yl6
https://www.githubstatus.com/incidents/dbypmw7h77l5
https://www.githubstatus.com/incidents/vq183jvj6vrw
* cPanel/WHM vulnerability
https://nvd.nist.gov/vuln/detail/CVE-2026-41940
https://support.cpanel.net/hc/en-us/articles/40073787579671-Security-CVE-2026-41940-cPanel-WHM-WP2-Security-Update-04-28-2026
https://censys.com/blog/the-cpanel-situation-is/
Bluesky
Overview
Description
Statistics
- 14 Posts
- 15 Interactions
Fediverse
CVE-2026-41940: il bug CRLF di cPanel che ha consegnato 44.000 server al ransomware “Sorry”
#CyberSecurity
https://insicurezzadigitale.com/cve-2026-41940-il-bug-crlf-di-cpanel-che-ha-consegnato-44-000-server-al-ransomware-sorry/
APT Campaign Exploits cPanel CVE-2026-41940 to Breach Government and Military Servers Across South-East Asia
#CyberSecurity
https://securebulletin.com/apt-campaign-exploits-cpanel-cve-2026-41940-to-breach-government-and-military-servers-across-south-east-asia/
CVE-2026-41940: il bug CRLF di cPanel che ha consegnato 44.000 server al ransomware “Sorry”
Una vulnerabilità critica CVSS 9.8 nel pannello di controllo hosting più diffuso al mondo — sfruttata in silenzio per mesi prima della patch — ha permesso a un gruppo criminale di compromettere oltre 44.000 server e distribuire il ransomware “Sorry”. La tecnica: un’iniezione CRLF nel daemon di autenticazione di cPanel che consente accesso root senza credenziali.cPanel zero-day active:
40K+ servers hit
CVE-2026-41940
→ auth bypass
→ admin access
Patch immediately.
Source: https://www.securityweek.com/over-40000-servers-compromised-in-ongoing-cpanel-exploitation/
Follow @technadu
The Internet Last Week
* Ubuntu/Canonical DDoS
https://status.canonical.com/#/incident/KNms6QK9ewuzz-7xUsPsNylV20jEt5kyKsd8A-3ptQEHpOd8VQ40ZQs-KD81fboQXeGZB94okNHdHBGlCv58Sw==
https://techcrunch.com/2026/05/01/ubuntu-services-hit-by-outages-after-ddos-attack/
* Linux copy.fail vulnerability
https://nvd.nist.gov/vuln/detail/CVE-2026-31431
https://xint.io/blog/copy-fail-linux-distributions
* GitHub availability
https://github.blog/news-insights/company-news/an-update-on-github-availability/
https://www.githubstatus.com/incidents/ql942tw29yl6
https://www.githubstatus.com/incidents/dbypmw7h77l5
https://www.githubstatus.com/incidents/vq183jvj6vrw
* cPanel/WHM vulnerability
https://nvd.nist.gov/vuln/detail/CVE-2026-41940
https://support.cpanel.net/hc/en-us/articles/40073787579671-Security-CVE-2026-41940-cPanel-WHM-WP2-Security-Update-04-28-2026
https://censys.com/blog/the-cpanel-situation-is/
Bluesky
Overview
Description
Statistics
- 2 Posts
- 4 Interactions
Fediverse
FreeBSD DHCP Client Flaw CVE-2026-42511 Allows Root Code Execution via Rogue DHCP Server
#CyberSecurity
https://securebulletin.com/freebsd-dhcp-client-flaw-cve-2026-42511-allows-root-code-execution-via-rogue-dhcp-server/
Bluesky
Overview
Description
Statistics
- 2 Posts
- 1 Interaction
Fediverse
https://www.akamai.com/blog/security-research/2026/apr/incomplete-patch-apt28s-zero-day-cve-2026-32202
Overview
Description
Statistics
- 3 Posts
- 1 Interaction
Bluesky
Overview
- GeoVision Inc.
- GV-VMS V20.0.2
Description
Statistics
- 2 Posts
Fediverse
🚨 CVE-2026-42369 (CRITICAL, CVSS 10): GeoVision GV-VMS V20.0.2 stack overflow in gvapi endpoint lets unauthenticated remote attackers execute code as SYSTEM. Restrict remote access, monitor for patches. https://radar.offseq.com/threat/cve-2026-42369-cwe-787-out-of-bounds-write-in-geov-0757b787 #OffSeq #CVE202642369 #infosec #zeroday
Overview
- GeoVision Inc.
- GV-LPC2011/LPC2211
Description
Statistics
- 1 Post
- 1 Interaction
Fediverse
🌐 CVE-2026-42368 | CRITICAL privilege escalation in GeoVision GV-LPC2011/LPC2211 v1.10. Remote attackers can gain full control via crafted HTTP requests. No patch — restrict web interface access & monitor traffic. Details: https://radar.offseq.com/threat/cve-2026-42368-cwe-266-incorrect-privilege-assignm-b84e399c #OffSeq #Vuln #IoT #CyberSecurity
Overview
- WebPros
- Comet Backup
Description
Statistics
- 1 Post
Fediverse
🚨 CVE-2026-29200: CRITICAL IDOR in WebPros Comet Backup (20.11.0 – 26.1.1, 26.2.1) lets tenant admins impersonate any end user on the server. No patch yet — restrict admin access and monitor for suspicious cross-tenant activity. https://radar.offseq.com/threat/cve-2026-29200-cwe-639-insecure-direct-object-refe-d3747bfb #OffSeq #infosec #CVE202629200
Overview
Description
Statistics
- 1 Post
Fediverse
⚠️ CVE-2026-7712: MEDIUM severity deserialization vuln in MindsDB ≤26.01 (pickle.loads). Public exploit available, remote attack possible. No vendor response yet. Check your exposure. https://radar.offseq.com/threat/cve-2026-7712-deserialization-in-mindsdb-da28edb5 #OffSeq #MindsDB #Vuln #Deserialization
Overview
- Totolink
- WA300
Description
Statistics
- 1 Post
Fediverse
Totolink WA300 (5.2cu.7112_B20190227) faces a CRITICAL buffer overflow (CVE-2026-7719) via http_host in /cgi-bin/cstecgi.cgi. Public exploit out, no patch yet. Limit exposure, monitor closely. https://radar.offseq.com/threat/cve-2026-7719-buffer-overflow-in-totolink-wa300-e943f95d #OffSeq #Vuln #IoTSecurity #CVE20267719