“CopyFail” Attackers Begin Cashing In on a Critical Linux Kernel Flaw
A critical Linux kernel bug nicknamed CopyFail (CVE-2026-31431) lets local users grab root and is now being exploited in the wild, prompting CISA to order urgent patching.
A critical Linux kernel flaw nicknamed “CopyFail” has gone from disclosure to active exploitation, prompting urgent patching orders.
The short version
- The bug (CVE-2026-31431) lets unprivileged local users write controlled bytes into the page cache to gain root.
- Attackers are now exploiting it in the wild.
- CISA added it to its Known Exploited Vulnerabilities catalog and set a patch deadline for federal agencies.
What to do
Administrators are urged to apply kernel updates immediately, as working exploits are already circulating.
Summary by Nerd News Network. Read the full article at The Register via the links above and below.