Copy Fail
unsnap_biceps
794 points
311 comments
April 29, 2026
Related Discussions
Found 5 related stories in 86.1ms across 8,303 title embeddings via pgvector HNSW
- Copy Fail 2: Electric Boogaloo larusso · 15 pts · May 08, 2026 · 78% similar
- Copyfail2 sickthecat · 14 pts · May 07, 2026 · 76% similar
- Copy Fail: 732 Bytes to Root on Every Major Linux Distributions fratellobigio · 15 pts · April 29, 2026 · 59% similar
- Copy Fail: 732 Bytes to Root on Every Major Linux Distribution eyalitki · 15 pts · April 30, 2026 · 58% similar
- Copy Fail, Dirty Frag, and Fragnesia kernel vulnerabilities akhuettel · 120 pts · May 19, 2026 · 56% similar
Discussion Highlights (20 comments)
not_your_vase
Is there a readable version of the exploit readily available by any chance? Gotta admit that I failed binary-zip-interpretation-with-naked-eye class twice
Lorin
What is the rationale behind naming CVEs and individual domains? Marketing?
baggy_trough
Is this fixed in any stable release kernel yet?
skilled
This looks like an extraordinary find at first glance. Does this mean you can go from a basic web shell from a shared hosting account to root? I can see how that could wreak havoc really quickly.
corvad
If this is verified, this is a very big deal. Root access on any shared computer. Additionally do we know what kernel versions and stable versions have the patch?
Ekaros
So this could be usable in lot of places with Python and Linux running? Not that I have too many Linux devices around. Still, might be handy sometimes on personal devices.
porridgeraisin
Better explanation of the write up (still from original exploit author) : https://xint.io/blog/copy-fail-linux-distributions
embedding-shape
For mitigation, the page currently basically just says: > Update your distribution's kernel package to one that includes mainline commit a664bf3d603d But it isn't very clear to me what Kernel version you can expect that to be in. For Arch/CachyOS, the patch seems to be included in 6.18.22+, 6.19.12+ and 7.0+. If you're on any of the lower versions in the same upstream stable series, you're likely vulnerable right now. Some distro kernels may include the fix in other versions, so check for your distribution.
TehCorwiz
It does not behave as described on EndeavorOS (arch-based) running kernel 6.19.14-arch1-1. I receive the error: Password: su: Authentication token manipulation error I'm guessing this means it's already patched?
w2seraph
holy smokes it just rooted my just installed from ISO Ubuntu server
rany_
Could this be used to root Android devices? Does Android ship with algif_aead?
jzb
This is amazing. Page says it works on RHEL 14.3, which doesn’t exist. Current RHEL is 10.x, this must’ve been done in a TARDIS.
themafia
> If your kernel was built between 2017 and the patch This is why I compile my own kernel. I disable things I don't use. If it's not present it can't hurt you. > block AF_ALG socket creation via seccomp regardless of patch state. Likewise I use seccomp to only allow syscalls that are necessary. Everything else is disabled. In the programs I have that need to connect to a backend socket, that is done, and then socket creation is disabled.
maxtaco
Use extreme caution running arbitrary code on your machines, especially obfuscated code that tickles kernel bugs! (edited)
charcircuit
SUID binaries once again assisted a local privilege escalation attack. This is a major problem that distros can't keep ignoring.
bblb
What is "RHEL 14.3"? Was this site a one shot prompt. Quality.
DetroitThrow
Despite the copy/images being weird about RHEL 14.3, this seems to work. Wow?
layer8
Debian page: https://security-tracker.debian.org/tracker/CVE-2026-31431
dgellow
That’s the most AI-written page ever made
phreack
The page itself seems vibecoded and a bit of an advertisement, but it does look like the vulnerability is real and high risk. It does explain the big security update I just got, guess I'll prioritize updating today.