Signal

New 'Copy Fail' Linux kernel flaw allows local attackers to gain root access

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-03-30 00:22 UTCUpdated 2026-05-01 01:14 UTC

rss

cvelinuxkernellocal_privilege_escalationvulnerabilityexploit

Trend in the last 24h

Source links open

Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.

Back Evidence (9)Get the free brief by email Start free trial

No card needed for the free brief.

Evidence trail (top sources)

top sources (4 domains)

4 top sources shown

‘Trivial’ exploit can give attackers root access to Linux kernel

CSO Online · News · csoonline.com · 2026-05-01 01:14 UTC

‘Copy Fail’ bug can obtain root privileges in Linux distributions since 2017

SC Media · News · scworld.com · 2026-04-30 20:11 UTC

Linux 'Copy Fail' Flaw Delivers Root-Level Access to Distros

BankInfoSecurity · News · bankinfosecurity.com · 2026-04-30 15:18 UTC

New Linux ‘Copy Fail’ flaw gives hackers root on major distros

bleepingcomputer_all · News · bleepingcomputer.com · 2026-04-30 13:54 UTC

View all evidence

Overview

A critical local privilege escalation vulnerability, CVE-2026-31431, nicknamed 'Copy Fail,' has been disclosed affecting Linux kernels released since 2017.

Entities

Johannes Ullrich

Score total

1.97

Momentum 24h

9

Posts

9

Origins

9

Source types

1

Duplicate ratio

0%

Why now

A public proof-of-concept exploit is available, increasing the risk of active exploitation.
No major Linux distributions have yet released patches, leaving systems vulnerable.
Security advisories urge immediate mitigation to protect exposed environments.

Why it matters

The vulnerability allows attackers to gain root access, risking full system compromise.
It affects virtually all Linux distributions with kernels since 2017, impacting a wide range of systems.
Critical infrastructure like Kubernetes nodes and CI/CD runners are especially at risk without immediate mitigation.

LLM analysis

Topic mix: lowPromo risk: lowSource quality: medium

Recurring claims

The 'Copy Fail' vulnerability (CVE-2026-31431) allows unprivileged local users to gain root access on Linux systems with kernels released since 2017.
A public proof-of-concept exploit is available, making the vulnerability trivial to exploit.
No major Linux distributions have yet released patches, though a mainline fix was committed on April 1, 2026.

How sources frame it

Johannes Ullrich, SANS Institute: neutral

All evidence

All evidence

‘Trivial’ exploit can give attackers root access to Linux kernel

CSO Online · csoonline.com · 2026-05-01 01:14 UTC

‘Copy Fail’ bug can obtain root privileges in Linux distributions since 2017

SC Media · scworld.com · 2026-04-30 20:11 UTC

Linux 'Copy Fail' Flaw Delivers Root-Level Access to Distros

BankInfoSecurity · bankinfosecurity.com · 2026-04-30 15:18 UTC

New Linux ‘Copy Fail’ flaw gives hackers root on major distros

bleepingcomputer_all · bleepingcomputer.com · 2026-04-30 13:54 UTC

Nine-year-old Linux kernel flaw enables reliable local privilege escalation (CVE-2026-31431)

Help Net Security · helpnetsecurity.com · 2026-04-30 11:41 UTC

‘Copy Fail’ Logic Flaw in Linux Kernel Enables System Takeover

SecurityWeek · securityweek.com · 2026-04-30 10:06 UTC

Show filters & breakdown

Posts loaded: 0Publishers: 6Origin domains: 6Duplicates: -

Platform

Publisher

Origin domain

Relevance tier

Duplicates only

Showing 6 / 0

Top publishers (this list)

CSO Online (1)
SC Media (1)
BankInfoSecurity (1)
bleepingcomputer_all (1)
Help Net Security (1)
SecurityWeek (1)

Top origin domains (this list)

csoonline.com (1)
scworld.com (1)
bankinfosecurity.com (1)
bleepingcomputer.com (1)
helpnetsecurity.com (1)
securityweek.com (1)