News and Announcements

Copy Fail Vulnerability (CVE-2026-31431)

Posted: 2026-05-06 09:52:51   Expiration: 2026-05-13 09:52:51

On April 29, 2026, Xint.io released a security write up for a privilege escalation vulnerability in the Linux kernel that has existed since 2017 and affects every major Linux distribution.

About the Event: 
On April 29, 2026, Xint.io released a security write up for a privilege escalation vulnerability in the Linux kernel that has existed since 2017 and affects every major Linux distribution. 
Actions to Consider: 
Cybersecurity recommends Linux administrators apply patches where they are available within 3 days. Mitigations for Copy Fail are being published. Admins should review the potential impact and test where possible before deploying mitigations in their environments.
Please see distro specific resources below.
Cybersecurity recommends prioritizing Linux devices that are/have:
  • Open to the world
  • Shared, where multiple users share the device. Such as shared development boxes, jump boxes, build servers, lab machines.
  • Kubernetes/container clusters.
  • GitLab runners, Jenkins agents, anything that automatically executes code as a regular user.
  • Software as a service that runs user code. Such as JuypterHub, Juypter Notebook
Cybersecurity is continuing to evaluate/develop detections for indicators of compromise and will share information as they become available. If you believe you may have been compromised please contact the Office of Cybersecurity at cybersecurity@cio.wisc.edu.
Event Impact: 
Any local unprivileged user would be able to obtain root-level access resulting in a full system takeover. Proof of concept code is already publicly available.
References: 

Distro resources:

-- Public Cloud