Linux kernel security update for Copy Fail (CVE-2026-31431)
Security Patch Release
Summary
Hide ▲
Show ▼
Linux kernel maintainers have fixed CVE-2026-31431 and are rolling out updates to close a local privilege escalation flaw that lets an unprivileged attacker gain root on vulnerable kernels released since 2017. The upstream fix reverted the problematic “in-place” crypto behavior that enabled the Copy Fail issue. Patched builds are available in 6.18.22, 6.19.12, and 7.0, and major distributions are already pushing the update. The release matters because a public proof-of-concept exploit emerged alongside the fix, increasing pressure to patch exposed systems quickly.
Related Happenings
Ivanti security patch release for CVE-2026-8043
Security Patch Release
First: 18.05.2026 13:54
Last: 18.05.2026 13:54
Sources 1
About this happening:
**Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...
Ivanti security patch release for CVE-2026-8043
Security Patch ReleaseAbout this happening: **Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...
Avada Builder 3.15.3 patch release (CVE-2026-4782, CVE-2026-4798)
Security Patch Release
First: 15.05.2026 18:56
Last: 15.05.2026 18:56
Sources 1
About this happening:
**Avada Builder** shipped **version 3.15.3** as the full fix for **CVE-2026-4782** and **CVE-2026-4798**, closing the plugin flaws that could expose files and database data. A pri...
Avada Builder 3.15.3 patch release (CVE-2026-4782, CVE-2026-4798)
Security Patch ReleaseAbout this happening: **Avada Builder** shipped **version 3.15.3** as the full fix for **CVE-2026-4782** and **CVE-2026-4798**, closing the plugin flaws that could expose files and database data. A pri...
Linux distros patch release for Fragnasia (CVE-2026-46300)
Security Patch Release
First: 14.05.2026 10:34
Last: 14.05.2026 10:34
Sources 1
About this happening:
Linux distros are rolling out **patches** for **CVE-2026-46300**, a high-severity kernel flaw that can let unprivileged local attackers gain **root** on vulnerable Linux systems....
Linux distros patch release for Fragnasia (CVE-2026-46300)
Security Patch ReleaseAbout this happening: Linux distros are rolling out **patches** for **CVE-2026-46300**, a high-severity kernel flaw that can let unprivileged local attackers gain **root** on vulnerable Linux systems....
Berz0k advertises zero-day Linux LPE exploit for sale
Threat Actor Meta
First: 14.05.2026 10:06
Last: 14.05.2026 10:06
Sources 1
About this happening:
**berz0k** is advertising a **zero-day Linux LPE exploit** for **$170,000** on **cybercrime forums**, signaling active monetization of root-level access in the exploit market. The...
Berz0k advertises zero-day Linux LPE exploit for sale
Threat Actor MetaAbout this happening: **berz0k** is advertising a **zero-day Linux LPE exploit** for **$170,000** on **cybercrime forums**, signaling active monetization of root-level access in the exploit market. The...
F5 security patch release for CVE-2026-42945
Security Patch Release
First: 14.05.2026 09:00
Last: 14.05.2026 09:00
Sources 1
About this happening:
F5 released **security fixes** for **NGINX Plus** and **NGINX Open Source** after disclosing **multiple vulnerabilities**, including **CVE-2026-42945**. The patch release covers i...
F5 security patch release for CVE-2026-42945
Security Patch ReleaseAbout this happening: F5 released **security fixes** for **NGINX Plus** and **NGINX Open Source** after disclosing **multiple vulnerabilities**, including **CVE-2026-42945**. The patch release covers i...
Latest development: 17.05.2026 14:57
VulnCheck reported active exploitation of CVE-2026-42945 against NGINX Plus and NGINX Open, saying honeypot networks saw weaponized crafted HTTP requests that can crash worker processes and, when ASLR is disabled, enable remote code execution.
Timeline
-
30.04.2026 03:00 1 articles · 27d ago
Public Copy Fail proof-of-concept exploit emerges
Technical Analysis UpdateTechnical details and a 732-byte Python-based proof-of-concept exploit for Copy Fail emerged publicly on the previous day, showing how unprivileged local attackers can combine AF_ALG and `splice()` to perform a controlled 4-byte write in the page cache and gain root on vulnerable Linux distributions such as Ubuntu 24.04 LTS, Amazon Linux 2023, RHEL 10.1, and SUSE 16.
Show sources
- New Linux ‘Copy Fail’ flaw gives hackers root on major distros — www.bleepingcomputer.com — 30.04.2026 16:54
-
30.04.2026 03:00 1 articles · 27d ago
Interim AF_ALG mitigation guidance for vulnerable Linux systems
Mitigation Patch UpdateResearchers advised operators of vulnerable Linux hosts to disable AF_ALG socket creation or unload the `algif_aead` module until kernel updates are installed, and to prioritize multi-tenant Linux hosts, Kubernetes/container clusters, CI runners/build farms, and cloud SaaS running user code.
Show sources
- New Linux ‘Copy Fail’ flaw gives hackers root on major distros — www.bleepingcomputer.com — 30.04.2026 16:54
-
01.04.2026 03:00 2 articles · 1mo ago
Upstream Linux kernel fix for CVE-2026-31431
Mitigation Patch UpdateLinux kernel maintainers reverted the problematic 'in-place' crypto behavior introduced in Linux kernel version 4.14 in 2017, and fixed builds for CVE-2026-31431 became available in 6.18.22, 6.19.12, and 7.0 on April 1.
Show sources
- New Linux ‘Copy Fail’ flaw gives hackers root on major distros — www.bleepingcomputer.com — 30.04.2026 16:54
- CISA says ‘Copy Fail’ flaw now exploited to root Linux systems — www.bleepingcomputer.com — 04.05.2026 14:28
-
23.03.2026 02:00 1 articles · 2mo ago
Theori discloses Copy Fail to Linux kernel security team
Initial DisclosureTheori discovered CVE-2026-31431, dubbed Copy Fail, after using its Xint Code platform to scan the Linux crypto subsystem for about an hour, then reported the finding to the Linux kernel security team on March 23.
Show sources
- New Linux ‘Copy Fail’ flaw gives hackers root on major distros — www.bleepingcomputer.com — 30.04.2026 16:54