not_IO@lemmy.blahaj.zone to Linux@programming.devEnglish · 2 days ago

The same 732-byte Python script roots every Linux distribution shipped since 2017

154

The same 732-byte Python script roots every Linux distribution shipped since 2017

not_IO@lemmy.blahaj.zone to Linux@programming.devEnglish · 2 days ago

Copy Fail — 732 Bytes to Root

CVE-2026-31431. 100% Reliable Linux LPE — no race, no per-distro offsets, page-cache write that bypasses on-disk file-integrity tools and crosses containers. Found by Xint Code.

woaw

also a good blog post about it https://xint.io/blog/copy-fail-linux-distributions

Chat

Successful_Try543@feddit.org
link
fedilink
arrow-up
4·
edit-2
12 hours ago
The kernel 6.12.73-1 used by Debian Trixie is still vulnerable. Applying security updates should update the kernel to 6.12.85-1 and fix the issue.

https://security-tracker.debian.org/tracker/CVE-2026-31431

Edit: Kernel 6.1.170-1 just got released and fixes the vulnerability.

Linux@programming.dev

linux@programming.dev

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !linux@programming.dev

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

192 users / day
986 users / week
1.35K users / month
1.38K users / 6 months
1 local subscriber
13.5K subscribers
122 Posts
389 Comments
Modlog