CopyFail Was Not Disclosed to Distros
4 hours ago
- #Linux Kernel
- #CVE-2026-31431
- #Privilege Escalation
- CVE-2026-31431 (CopyFail) is a severe Linux kernel vulnerability allowing local privilege escalation.
- The issue was introduced in kernel version 4.14 with commit 72548b093ee38a6d4f2a19e6ef1948ae05c181f7.
- Fixed versions include 6.18.22, 6.19.12, and 7.0 with specific commits.
- Long-term stable kernels (6.12, 6.6, 6.1, 5.15, 5.10) are affected and have not yet received backported fixes.
- A workaround patch disabling the authencesn module was provided due to difficulties in backporting the fix.
- No early embargo break was reported; distributions did not receive a heads-up as the issue wasn't brought to the linux-distros ML.