The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-31431, a critical Linux kernel flaw dubbed "Copy Fail," to its Known Exploited Vulnerabilities (KEV) catalog following evidence of active exploitation. This local privilege escalation (LPE) vulnerability allows unprivileged users to obtain root access by corrupting the kernel's in-memory page cache, effectively altering binaries at execution time. The flaw affects Linux distributions shipped since 2017 and is considered high-severity due to its potential for trivial exploitation.
Security experts emphasize that "Copy Fail" poses a significant risk to cloud and containerized environments, including Docker and Kubernetes, as it can be used to breach container isolation. Detection is particularly difficult because the exploit relies on legitimate system calls rather than suspicious memory techniques. Organizations are urged to patch to Linux kernel versions 6.18.22, 6.19.12, or 7.0 by May 15, 2026, to mitigate the risk of host compromise and unauthorized code execution.
Top comments (0)