Linux kernel security update for Copy Fail (CVE-2026-31431)
Security Patch Release
Summary
Hide ▲
Show ▼
Linux kernel maintainers have fixed CVE-2026-31431 and are rolling out updates to close a local privilege escalation flaw that lets an unprivileged attacker gain root on vulnerable kernels released since 2017. The upstream fix reverted the problematic “in-place” crypto behavior that enabled the Copy Fail issue. Patched builds are available in 6.18.22, 6.19.12, and 7.0, and major distributions are already pushing the update. The release matters because a public proof-of-concept exploit emerged alongside the fix, increasing pressure to patch exposed systems quickly.
Related Happenings
Linux kernel maintainers security patch release for CVE-2026-43503
Security Patch Release
H score34
First: 26.06.2026 14:51
Last: 26.06.2026 14:51
Sources 1
About this happening:
**Linux kernel** merged and shipped the **DirtyClone** security fix for **CVE-2026-43503**, closing a **CVSS 8.8** local privilege-escalation path that could let affected systems...
Linux kernel maintainers security patch release for CVE-2026-43503
Security Patch ReleaseAbout this happening: **Linux kernel** merged and shipped the **DirtyClone** security fix for **CVE-2026-43503**, closing a **CVSS 8.8** local privilege-escalation path that could let affected systems...
Google Vertex AI SDK for Python security patch release (1.144.0–1.148.0)
Security Patch Release
H score15
First: 16.06.2026 22:05
Last: 16.06.2026 22:05
Sources 1
About this happening:
Google released staged fixes for **Google Cloud Vertex AI SDK for Python**, closing a **bucket-squatting** path that could hijack model uploads and enable code execution in Google...
Google Vertex AI SDK for Python security patch release (1.144.0–1.148.0)
Security Patch ReleaseAbout this happening: Google released staged fixes for **Google Cloud Vertex AI SDK for Python**, closing a **bucket-squatting** path that could hijack model uploads and enable code execution in Google...
LiteLLM v1.83.14-stable security fix release (multiple vulnerabilities)
Security Patch Release
H score42
First: 15.06.2026 19:39
Last: 15.06.2026 19:39
Sources 1
About this happening:
**BerriAI** shipped **LiteLLM v1.83.14-stable** to close a **three-CVE chain** that could let a low-privilege proxy user reach **full admin** and **run code on the server**. The u...
LiteLLM v1.83.14-stable security fix release (multiple vulnerabilities)
Security Patch ReleaseAbout this happening: **BerriAI** shipped **LiteLLM v1.83.14-stable** to close a **three-CVE chain** that could let a low-privilege proxy user reach **full admin** and **run code on the server**. The u...
Langflow security patch release for CVE-2026-5027
Security Patch Release
H score38
First: 11.06.2026 00:23
Last: 11.06.2026 00:23
Sources 1
About this happening:
**Langflow** shipped fixes for **CVE-2026-5027**, closing a **path traversal** flaw that let attackers write arbitrary files on exposed servers. The patch landed in **langflow-bas...
Langflow security patch release for CVE-2026-5027
Security Patch ReleaseAbout this happening: **Langflow** shipped fixes for **CVE-2026-5027**, closing a **path traversal** flaw that let attackers write arbitrary files on exposed servers. The patch landed in **langflow-bas...
Ivanti Sentry patch release for CVE-2026-10520 and CVE-2026-10523
Security Patch Release
H score54
First: 10.06.2026 09:26
Last: 10.06.2026 09:26
Sources 1
About this happening:
**Ivanti** released a **patch bundle** for **Sentry** after identifying **two critical vulnerabilities** in the secure mobile gateway appliance, including **CVE-2026-10520** and *...
Ivanti Sentry patch release for CVE-2026-10520 and CVE-2026-10523
Security Patch ReleaseAbout this happening: **Ivanti** released a **patch bundle** for **Sentry** after identifying **two critical vulnerabilities** in the secure mobile gateway appliance, including **CVE-2026-10520** and *...
Timeline
-
30.04.2026 03:00 1 articles · 2mo ago
Public Copy Fail proof-of-concept exploit emerges
Technical Analysis UpdateTechnical details and a 732-byte Python-based proof-of-concept exploit for Copy Fail emerged publicly on the previous day, showing how unprivileged local attackers can combine AF_ALG and `splice()` to perform a controlled 4-byte write in the page cache and gain root on vulnerable Linux distributions such as Ubuntu 24.04 LTS, Amazon Linux 2023, RHEL 10.1, and SUSE 16.
Show sources
- New Linux ‘Copy Fail’ flaw gives hackers root on major distros — www.bleepingcomputer.com — 30.04.2026 16:54
-
30.04.2026 03:00 1 articles · 2mo ago
Interim AF_ALG mitigation guidance for vulnerable Linux systems
Mitigation Patch UpdateResearchers advised operators of vulnerable Linux hosts to disable AF_ALG socket creation or unload the `algif_aead` module until kernel updates are installed, and to prioritize multi-tenant Linux hosts, Kubernetes/container clusters, CI runners/build farms, and cloud SaaS running user code.
Show sources
- New Linux ‘Copy Fail’ flaw gives hackers root on major distros — www.bleepingcomputer.com — 30.04.2026 16:54
-
01.04.2026 03:00 2 articles · 3mo ago
Upstream Linux kernel fix for CVE-2026-31431
Mitigation Patch UpdateLinux kernel maintainers reverted the problematic 'in-place' crypto behavior introduced in Linux kernel version 4.14 in 2017, and fixed builds for CVE-2026-31431 became available in 6.18.22, 6.19.12, and 7.0 on April 1.
Show sources
- New Linux ‘Copy Fail’ flaw gives hackers root on major distros — www.bleepingcomputer.com — 30.04.2026 16:54
- CISA says ‘Copy Fail’ flaw now exploited to root Linux systems — www.bleepingcomputer.com — 04.05.2026 14:28
-
23.03.2026 02:00 1 articles · 3mo ago
Theori discloses Copy Fail to Linux kernel security team
Initial DisclosureTheori discovered CVE-2026-31431, dubbed Copy Fail, after using its Xint Code platform to scan the Linux crypto subsystem for about an hour, then reported the finding to the Linux kernel security team on March 23.
Show sources
- New Linux ‘Copy Fail’ flaw gives hackers root on major distros — www.bleepingcomputer.com — 30.04.2026 16:54