Severe Linux Copy Fail security flaw uncovered using AI scanning help
Tech Close Tech Posts from this topic will be added to your daily email digest and your homepage feed. Follow Follow See All Tech News Close News Posts from this topic will be added to your daily email digest and your...
Anthropic — What company has the best second artificial intelligence model at the end of June?
A striking development has emerged in artificial intelligence. Tech Close Tech Posts from this topic will be added to your daily email digest and your homepage feed. Follow Follow See All Tech News Close News Posts from this topic will be added to your daily email digest and your homepage feed. Follow Follow See All News Linux Close Linux Posts from this topic will be added to your daily email digest and your homepage feed.
Follow Follow See All Linux Severe Linux Copy Fail security flaw uncovered using AI scanning help Some distributions have already released patches or mitigations for the exploit, including Arch Linux and RedHat Fedora. Some distributions have already released patches or mitigations for the exploit, including Arch Linux and RedHat Fedora. by Stevie Bonifield Close Stevie Bonifield News Writer Posts from this author will be added to your daily email digest and your homepage feed.
Technical Details
Follow Follow See All by Stevie Bonifield May 1, 2026, 4:55 PM UTC Link Share Gift Image: Cath Virginia / The Verge, Getty Images Stevie Bonifield Close Stevie Bonifield Posts from this author will be added to your daily email digest and your homepage feed. Follow Follow See All by Stevie Bonifield is a news writer covering all things consumer tech. Stevie started out at Laptop Mag writing news and reviews on hardware, gaming, and AI.
Nearly every Linux distribution released since 2017 is currently vulnerable to a security bug called “Copy Fail” that allows any user to give themselves administrator privileges. The exploit, publicly disclosed as CVE-2026-31431 on Wednesday, uses a Python script that works across all of the vulnerable Linux distributions, requiring “no per-distro offsets, no version checks, no recompilation,” according to Theori, the security firm that uncovered it. Ars Technica points out this blog post where DevOps engineer Jorijn Schrijvershof explains that what makes Copy Fail “unusually nasty” is the likelihood for it to go unnoticed by monitoring tools: “Page-cache corruption never marks the page dirty.
The kernel’s writeback machinery never flushes the modified bytes back to disk. ” As a result, “AIDE, Tripwire, OSSEC and any monitoring tool that compares on-disk checksums see nothing. ” Related Attack of the killer script kiddies Anthropic’s ‘Project Mythos’ model found security problems ‘in every major operating system and web browser’ Copy Fail was identified by Theori’s researchers with assistance from their Xint Code AI tool.
Industry Implications
According to a blog post , Taeyang Lee had an idea of looking into the crypto subsystem of Linux and created this prompt to run an automated scan that identified several vulnerabilities in “about an hour. ” “This is the linux crypto/ subsystem. Please examine all codepaths reachable from userspace syscalls.
Note one key observation: splice() can deliver page-cache references of read-only files (including setuid binaries) to crypto TX scatterlists. ” According to the exploit’s disclosure page, a patch for Copy Fail was added to the mainline Linux kernel on April 1st.
This advance offers important signals about the future of the sector, and the tech world is watching closely.
