1 hour ago
5
Follow ZDNET: Add america arsenic a preferred source connected Google.
ZDNET cardinal takeaways
- Copy Fail is simply a unsafe Linux vulnerability.
- This flaw makes gaining basal entree casual for attackers.
- Copy Fail affects millions of Linux systems.
CVE-2026-31431, besides known arsenic Copy Fail, is simply a captious Linux kernel vulnerability that's been hiding retired since 2017 and is present getting the information spotlight it deserves.
Also: This elemental Linux tweak fixes crashes automatically - and it costs maine nothing
Oftentimes, Linux vulnerabilities tin beryllium a spot overblown, but not successful this case. Copy Fail is superior concern and should beryllium considered an contented that indispensable beryllium mitigated.
What is Copy Fail?
Let's speech astir Copy Fail successful presumption that anyone tin understand.
Imagine your computer's representation arsenic a chalkboard, wherever a teacher keeps way of your grades successful existent time. You don't let students to usage either chalk oregon erasers, truthful they can't alteration their grades. The "Copy Fail" vulnerability is similar a sneaky pupil who someway gains entree to an eraser and chalk, and helium changes conscionable his people portion you're not looking.
Essentially, Copy Fail is simply a flaw successful the Linux strategy that is successful complaint of handling information for definite types of data. The flaw allows an attacker, who has conscionable basal entree to a system, to change a important portion of information that exists wrong the computer's RAM. Once the alteration is made, the altered information tin instrumentality the strategy into reasoning that the attacker is the basal user, giving the attacker afloat power implicit the system.
Also: 6 reasons a minimal Linux instal mightiness beryllium the smartest determination you make
Think of it this way: A janitor takes the nameplate from the boss's bureau and slaps it connected the partition beside his closet truthful everyone thinks helium is the boss.
That's Copy Fail.
A quality betwixt Copy Fail and different vulnerabilities that person deed Linux is that this 1 doesn't necessitate circumstantial timing oregon definite events to hap successful an nonstop order. It's overmuch easier, and its effects tin beryllium devastating.
A spot much item
For those who privation a spot much item astir Copy Fail: It abuses the AF_ALG socket interface and splice() strategy telephone to overwrite a specified 4 bytes successful the kernel's leafage cache for immoderate readable file. Once this occurs, attackers tin past modify the setuid binaries, specified arsenic the su command, that are successful representation to summation basal access.
Copy Fail is antithetic from "race condition" exploits due to the fact that it's a stable, straight-line vulnerability that doesn't necessitate timing-dependent retries to elevate permissions.
Also: The archetypal 8 Linux commands each caller idiosyncratic should learn
Copy Fail affects each Linux kernels from 4.14 to 6.19.12. You work that right: kernels from 2017 to the present.
According to the Xint Code Research Team, "This uncovering was AI-assisted, but began with an penetration from Theori researcher Taeyang Lee, who was studying however the Linux crypto subsystem interacts with page-cache-backed data. He utilized Xint Code to standard his probe crossed the full crypto subsystem, and Copy Fail was the astir captious uncovering successful the report."
How to debar Copy Fail
The easiest mode to mitigate the Copy Fail Linux vulnerability is to update your kernel to the latest version. To find retired if your kernel has been patched against Copy Fail, contented the pursuing command:
dpkg -l kmod grep -qE '^algif_aead ' /proc/modules && echo "Affected module is loaded" || echo "Affected module is NOT loaded"
If your kernel has been patched, you'll spot "Affected module is NOT loaded." If your kernel has not been patched, you'll spot "Affected module is loaded." If you tally into the latter, marque definite to update your strategy and rerun the command. If, aft an update, your strategy is inactive not patched, you tin disable the algif_aead module with the command:
install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf
Also: You tin usage Linux 7.0 connected these 7 distros contiguous - here's what to expect
You tin past unload the module with:
rmmod algif_aead
You present cognize capable astir Copy Fail to enactment protected.
.jpg?mbid=social_retweet)
English (US) ·