CVE-2026-31431 aka "Copy fail" allows root exploit from local access

CIP-dev Archive on lore.kernel.org
 help / color / mirror / Atom feed

From: Pavel Machek <pavel@nabladev.com>
To: cip-dev@lists.cip-project.org
Subject: CVE-2026-31431 aka "Copy fail" allows root exploit from local access
Date: Thu, 30 Apr 2026 15:04:44 +0200	[thread overview]
Message-ID: <afNTbMBYYVXVvTYF@duo.ucw.cz> (raw)

[-- Attachment #1: Type: text/plain, Size: 1117 bytes --]

Hi!

Apparently there's new CVE with a name:

https://nvd.nist.gov/vuln/detail/CVE-2026-31431
https://xint.io/blog/copy-fail-linux-distributions

You may have already heard about it, or likely you'll hear about it,
soon, as it is widespread and easy to exploit for local users.

If you don't have local untrusted users, you don't need to do
anything urgently.

If you don't have CONFIG_CRYPTO_AUTHENC enabled, you are not
vulnerable and don't need to do anything. CRYPTO_AUTHENC is "Authenc:
Combined mode wrapper for IPsec. This is required for IPSec ESP
(XFRM_ESP)."

4.4-cip is not affected, other -cip branches are affected. If you are
running affected -cip branch, have CRYPTO_AUTHENC enabled, have local
untrusted users and have security requirements, you may want to
investigate immediately and let us know.

[This may be another reminder to disable config options you don't
strictly needed.]

Current plan is to release 6.12-cip, 6.1-cip, 5.10-cip and 4.19-cip
ahead of their normal schedule, followed by -cip-rt kernels.

If you believe you are affected by this bug, let us know.

Best regards,
								Pavel

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

                 reply	other threads:[~2026-04-30 13:05 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=afNTbMBYYVXVvTYF@duo.ucw.cz \
    --to=pavel@nabladev.com \
    --cc=cip-dev@lists.cip-project.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox