US Sounds Alarm Over “CopyFail” Bug Hitting Core Linux Systems - 22 hours ago

A critical flaw in the Linux kernel is triggering an urgent global scramble to patch servers after researchers released exploit code that lets attackers seize full control of vulnerable machines.

The vulnerability, dubbed CopyFail and tracked as CVE-2026-31431, affects Linux kernel versions 7.0 and earlier. It was privately disclosed to the Linux kernel security team and fixed within about a week, but many Linux distributions have yet to ship or apply the necessary patches, leaving a vast number of systems exposed.

US cybersecurity officials say CopyFail is already being exploited in the wild, elevating it from a theoretical risk to an active threat. Federal agencies have been ordered to identify and patch affected systems on an accelerated timeline, reflecting concern that the bug could be used to pivot deep inside government and critical infrastructure networks.

Linux underpins much of the world’s computing backbone, from hyperscale cloud platforms and enterprise data centers to embedded devices. The CopyFail website claims a short Python script can “root every Linux distribution shipped since 2017.” Security firm Theori, which discovered the flaw, has confirmed successful exploitation against major distributions including Red Hat Enterprise Linux 10.1, Ubuntu 24.04 LTS, Amazon Linux 2023, and SUSE 16.

Independent testing by engineers has shown the exploit working on Debian and Fedora, as well as Kubernetes clusters that rely on the vulnerable kernel. One researcher described the bug’s “unusually big blast radius,” warning that it affects “nearly every modern distribution” of Linux.

CopyFail stems from a failure in a kernel component to correctly copy certain data. That oversight corrupts sensitive kernel memory and allows an attacker to hijack the kernel’s powerful privileges. In practice, it lets an ordinary, low-privilege user escalate to full administrator, or root, on an affected system.

The bug is not directly exploitable over the internet by itself, but it becomes highly dangerous when chained with other vulnerabilities that provide initial remote access. Security experts warn that a successful compromise of a single server could expose every application, database, and tenant on that machine, and potentially enable lateral movement across entire networks.

Attackers could also weaponize CopyFail through supply chain attacks, by slipping malicious code into widely used open source projects that are then deployed onto vulnerable Linux systems at scale.

View likes

152

Views
View Coins

Related Stories

Liked by
- 3 months ago
Emoruwa Deborah and 8 others

Adesanya041

@oluwadaminiola

Science and technology reporting

3 months ago

AI IS NOT MAGIC! Artificial intelligence is everywhere. From chatbots and facial recognition to content creation and smart assistants, AI is often p...Read more

2
Liked by
- 2 months ago
FelixBS and 6 others

Jesusemilore

@riibena

Continuous assessment by professor Olufesi suraj

3 months ago

Adeniyi Jesusemilore Anuoluwa 240902501 A 300 level mass communication, UNILAG student. 🌍 Renewable Energy Technology One important aspect of scienc...Read more

Liked by
- 3 months ago
Nmesoma Princess and 9 others

Adewoyin

@marvelous01

Kiki Mordi: Redefining Journalism Through Digital Technology
3 months ago

Kiki Mordi’s Use of Digital Tools and Online Platforms. ‎Kiki Mordi’s journalism is deeply rooted in digital media practices, making her a strong ex...Read more

Liked by
- 3 months ago
Victor Nwakwasi and 8 others

Raheemah Salaudeen

@tigress

What is AI, and how is it currently impacting Africans?
4 months ago

What is AI, and how is it currently impacting Africans? As part of the Global South, Africa often experiences delayed access to emerging technologie...Read more

Attach Product

Cancel

Information

View story comments

Comment on this story

Quote this story

You have a new feedback message

view