Linux Security Flaw 'Copy Fail' Exposes Vulnerabilities in Distributions Since 2017
A significant security flaw known as 'Copy Fail' has been identified in nearly every Linux distribution released since 2017. This vulnerability allows users to gain administrator privileges without detection by monitoring tools. The flaw, disclosed as CVE-2026-31431, was discovered by Theori, a security firm, with the help of their AI tool, Xint Code. The exploit uses a Python script that operates across all affected Linux distributions without needing specific adjustments for different versions. The flaw is particularly concerning because it can go unnoticed by tools that monitor on-disk checksums, as it does not mark the page dirty or flush modified bytes back to disk. A patch for the flaw was added to the mainline Linux kernel on April 1st, but not all distributions have released patches yet. 
