A critical vulnerability called Copy Fail, with code CVE-2026-31431, affects almost all Linux distributions since 2017. This flaw allows any user to obtain administrator privileges by running a Python script that works without adjustments. The company Theori, using its AI Xint Code, found the exploit by scanning the cryptographic subsystem in one hour.
The invisible corruption that fools monitors 🔍
The danger of Copy Fail lies in the fact that it corrupts the page cache without marking it as dirty. This means that traditional monitoring tools like AIDE or Tripwire do not detect the changes, leaving the system exposed without visible signs. Although a patch was added to the main kernel on April 1, researchers published the exploit details before all affected distributions released their own fixes. Arch Linux, RedHat Fedora, and Amazon Linux already have patches, but many others do not yet.
April patch: the joke that came late 😅
The researchers released the exploit before all affected parties were ready, like someone revealing the ending of a movie before its premiere. The distributions that have already patched are safe, but the rest wait with the door open. Meanwhile, administrators pray that no one runs a Python script. At least Theori's AI was fast: it scanned everything in an hour, something that would take humans weeks. Ironies of progress.