Forgot your password?
Close
typodupeerror

Submission + - Newly discovered Linux local privilege escalation bug "CopyFail" (copy.fail)

Submitted by tylerni7
tylerni7 writes: A recently discovered logic bug dubbed "CopyFail" in Linux dates back to 2017 and allows local privilege escalation across kernels/distros with a single exploit. The POC exploit works out of the box today, but a future version that can escape from containers like Docker is promised soon. Technical details are available at https://xint.io/blog/copy-fail...

Submission + - Copy Fail exploit lets 732 bytes hijack Linux systems and quietly grab root (nerds.xyz)

Submitted by BrianFagioli
BrianFagioli writes: A newly disclosed Linux kernel vulnerability called Copy Fail (CVE-2026-31431) allows an unprivileged user to gain root access using a tiny 732-byte script, and it works with unsettling consistency across major distributions. Unlike older exploits that relied on race conditions or fragile timing, this one is a straight-line logic flaw in the kernelâ(TM)s crypto subsystem. It abuses AF_ALG sockets and splice to overwrite a few bytes in the page cache of a target file, such as /usr/bin/su. Because the kernel executes from the page cache, not directly from disk, the attacker can inject code into a setuid binary in memory and immediately escalate privileges.

What makes this especially concerning is how quiet it is. The file on disk remains unchanged, so standard integrity checks see nothing wrong, while the in-memory version has already been tampered with. The same primitive can also cross container boundaries since the page cache is shared, raising the stakes for multi-tenant environments and Kubernetes nodes. The underlying issue traces back to an in-place optimization added years ago, now being rolled back as part of the fix. Until patched kernels are widely deployed, this is one of those bugs that feels less like a theoretical risk and more like a practical, reliable path to full system compromise.

Comment Re: Leviticus 19:28 nor print any marks upon you (Score 1) 201

by Lanforod (#65833173) Attached to: Study Finds Tattoo Ink Moves Through the Body, Killing Immune Cells
I think he's conflating the Passover story (the angel of death killing all the first born in Egypt except those with the blood of lambs on the door posts and lintel) with the earlier genocide command of Pharoah to kill all boy children of the Israelites in Goshen (why Moses was hidden and eventually raised by a princess of Egypt).

Comment What are they talking about? (Score 1) 20

by Lanforod (#65553930) Attached to: Opera Accuses Microsoft of Anti-Competitive Edge Tactics
" frustrates users' ability to download alternative browsers"

Has anyone ever been unable to download and install xyz browser? C'mon now.
Ultimately, isn't this true for every OS provider that also makes a browser? Android comes with Chrome. iOS comes with Safari, MacOS comes with Safari, Windows comes with Edge. ChromeOS basically IS a browser. It's normal.

One thing they may have merit on is that MS has been baking features like Smartscreen in that other browsers don't have but those are primarily of value to Enterprise setups that leverage Defender for Endpoint and Purview.

Comment Insurance (Score 1) 35

So put yourself in Big Insurance's shoes. Folks don't want their data tracked. They also want cheap insurance coverage and generally, fair insurance coverage where riskier drivers pay more. Right now, its general factors like age, experience, distance driven that are used. Is it not better to use real data?

Slashdot Top Deals

1000 pains = 1 Megahertz

Close