Find notable cyber news and cases, enriched with sources, timelines, and signals.

Linux distributions mitigation advisories for CVE-2026-31431

Advisory/Mitigation
First reported
Last updated
Happening score
H score 39
2 unique sources, 2 articles

Summary

Hide ▲

Multiple Linux distributions released advisories for CVE-2026-31431, adding mitigation guidance for a Linux kernel local privilege escalation that can let an unprivileged local user gain root. The response covers AlmaLinux, Amazon Linux, Arch Linux, CloudLinux, Debian, Gentoo, Red Hat Enterprise Linux, SUSE, and Ubuntu. The disclosures center on Copy Fail in the kernel's algif_aead module, a flaw with cross-container implications because the page cache is shared across processes.

Related Happenings

Linux kernel GhostLock root privilege escalation (CVE-2026-43499)

Vulnerability
H score28 First: 08.07.2026 09:16 Last: 08.07.2026 09:16 Sources 1

About this happening: Researchers disclosed **GhostLock (CVE-2026-43499)**, a **Linux kernel** use-after-free that can let a **logged-in local user** gain **full root control** on unpatched systems. Th...

Linux kernel Bad Epoll use-after-free privilege-escalation flaw (CVE-2026-46242)

Vulnerability
H score23 First: 03.07.2026 22:40 Last: 03.07.2026 22:40 Sources 1

About this happening: **Bad Epoll (CVE-2026-46242)** is a newly disclosed **Linux kernel** use-after-free flaw that can let an **unprivileged local user** gain **root** on affected systems. It affects...

Progress LoadMaster CVE-2026-8037 patch release

Security Patch Release
H score52 First: 30.06.2026 10:38 Last: 30.06.2026 10:38 Sources 1

About this happening: **Progress** published fixed **LoadMaster** versions for **CVE-2026-8037**, closing a **pre-auth root command execution** path on appliances with the API enabled. Administrators r...

Progress Kemp LoadMaster pre-auth command injection (CVE-2026-8037)

Vulnerability
H score49 First: 30.06.2026 10:38 Last: 30.06.2026 10:38 Sources 1

About this happening: **CVE-2026-8037** gives **Progress Kemp LoadMaster** with the **API enabled** a **pre-auth command injection** path that can run **root commands** on affected appliances. A **patc...

Linux kernel act_pedit out-of-bounds write security flaw (CVE-2026-46331)

Vulnerability
H score30 First: 26.06.2026 16:00 Last: 26.06.2026 16:00 Sources 1

About this happening: A **Linux kernel** traffic-control flaw, **CVE-2026-46331**, lets a **local unprivileged user** gain **root** by abusing an **out-of-bounds write** in **act_pedit**. A **public wo...

Timeline

  1. 30.04.2026 12:24 2 articles · 2mo ago

    Linux distributions issue CVE-2026-31431 advisories

    Mitigation Patch Update

    Multiple Linux distributions, including Amazon Linux, Red Hat Enterprise Linux, SUSE, and Ubuntu, issued advisories for CVE-2026-31431, also called Copy Fail, a Linux kernel local privilege escalation flaw in algif_aead that can let an unprivileged local user write four controlled bytes into the page cache of a readable file, corrupt a setuid binary, and gain root; the same primitive also affects cross-container isolation because the page cache is shared across processes.

    Show sources