Linux Kernel 'Copy Fail' Vulnerability Disclosed: High Risk Identified
On 29 April 2026, a high local privilege escalation vulnerability in the Linux kernel, tracked as CVE-2026-31431 and named "Copy Fail", was publicly disclosed. The vulnerability affects every mainstream Linux distribution shipping a kernel built since 2017. A public proof-of-concept exploit has also been released. As of this advisory's date, no distribution has shipped a fixed kernel package. The mainline fix was committed on April 1, 2026.
On 29 April 2026, a high local privilege escalation vulnerability in the Linux kernel, tracked as CVE-2026-31431 and named "Copy Fail", was publicly disclosed.
The vulnerability affects every mainstream Linux distribution shipping a kernel built since 2017. A public proof-of-concept exploit has also been released.
As of this advisory's date, no distribution has shipped a fixed kernel package. The mainline fix was committed on April 1, 2026. However, vendor updates are still pending across all major distributions.
CERT-EU strongly recommends applying interim mitigation immediately. Prioritize Kubernetes nodes and CI/CD runners exposed to untrusted workloads to reduce risk.