A high-severity local privilege escalation vulnerability (CVE-2026-31431, CVSS 7.8) named "Copy Fail" affects Linux kernels built since 2017, with a public proof-of-concept exploit available. While a mainline kernel fix was committed on 1 April 2026, no distribution has yet shipped a patched kernel package. The interim mitigation should be applied immediately, prioritizing Kubernetes nodes and CI/CD runners exposed to untrusted workloads.
On 29 April 2026, a high local privilege escalation vulnerability in the Linux kernel, tracked as CVE-2026-31431 and named "Copy Fail", was publicly disclosed. The vulnerability affects every mainstream Linux distributions shipping a kernel built since 2017. A public proof-of-concept exploit has been released. As of the date of this advisory, no distribution has shipped a fixed kernel package. The mainline fix was committed on 1 April 2026, but vendor updates are still pending across all major distributions. CERT-EU strongly recommends applying the interim mitigation immediately, prioritising Kubernetes nodes, and CI/CD runners exposed to untrusted workloads.