Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
A critical vulnerability affecting almost every version of the Linux operating system caught defenders off guard and they rushed to patch it after security researchers publicly released exploit code that allows attackers to take full control of vulnerable systems.
The US government says the flaw, called “CopyFail”, now exists They are exploited in the wildWhich means it is actively used in malicious hacking campaigns.
defect, It has been officially tracked as CVE-2026-31431 It was discovered in Linux kernel versions 7.0 and earlier, was disclosed to the Linux kernel security team in late March, and was patched about a week later. But the patches have not yet reached many Linux distributions that rely on the vulnerable kernel, leaving any system running an affected version of Linux at risk of being hacked.
Linux is widely used in enterprise settings, powering the computers that power many of the world’s data centers.
The CopyFail website says that the same short Python script “has rooted every Linux distribution shipped since 2017.” According to security company Theori, Who discovered CopyFailThe vulnerability has been verified in several widely used Linux versions including Red Hat Enterprise Linux 10.1, Ubuntu 24.04 (LTS), Amazon Linux 2023 as well as SUSE 16.
Written by Devops engineer and developer Jorijn Schrijvershof In a blog post This exploit works on versions of Debian and Fedora, as well as Kubernetes, which is based on the Linux kernel. Schrijvershof described the bug as having an “unusually large burst range” because it runs on “almost every modern distribution” of Linux.
The error is called CopyFail because the affected component is in Linux nucleusthe core of the operating system that has almost complete access to the entire device, and does not copy certain data when it should. This corrupts sensitive data within the kernel, allowing an attacker to exploit the kernel’s access to the rest of the system, including its data.
If the bug is exploited, it is particularly problematic because it allows a regular user with limited access to gain full administrator access on the affected Linux system. Successful compromise of a server in a data center could allow an attacker to gain access to every application, server, and database of multiple enterprise customers, and potentially gain access to other systems on the same network or data center.
The CopyFail bug cannot be exploited online alone, but can be weaponized if used in conjunction with an exploit running online. Per MicrosoftIf the CopyFail bug is correlated with another vulnerability that can be delivered over the Internet, an attacker can use the flaw to gain root access to the affected server. A user running a Linux computer with a vulnerable kernel can also be tricked into opening a malicious link or attachment that triggers the vulnerability.
The bug can also be introduced via supply chain attacks, where malicious actors hijack an open source developer’s account and implant malware into their code in order to compromise a large number of devices at once.
Given the risks to the network of federal institutions, the US cybersecurity agency CISA did this commander All civilian federal agencies must patch any affected systems by May 15.
When you make a purchase through the links in our articles, We may earn a small commission. This does not affect our editorial independence.