The US CISA agency has added a critical vulnerability in the Linux kernel, known as Copy Fail (CVE-2026-31431), to its list of actively exploited security issues. According to Kaspersky experts, this flaw has existed in Linux systems since 2017, allowing a local attacker to gain root privileges. This was reported by Ixbt.com reports .
Cybersecurity experts note that a compact exploit of just 732 bytes is sufficient to carry out the attack. All server and user Linux distributions with the algif_aead module loaded are at risk.
This vulnerability poses a serious threat, especially to container environments such as Docker, LXC, and Kubernetes. Since processes inside a container typically have access to the AF_ALG subsystem, an attacker can escape the container and take full control of the host.
The issue has been fixed in Linux kernel versions 6.18.22, 6.19.12, and 7.0. Given that this vulnerability is already being actively exploited, experts strongly recommend that all users install system updates immediately.
Read “Zamin” on Telegram!
