Cve-2026-31431 : tout ce que l'on sait à l'instant

Cve-2026-31431 en Germany fait l'actualité ce jeudi. Selon Theregister, the newly disclosed LPE, dubbed Copy Fail (CVE-2026-31431), comes from a vulnerability in the Linux kernel's authencesn cryptographic template.

Les faits

• The newly disclosed LPE, dubbed Copy Fail (CVE-2026-31431), comes from a vulnerability in the Linux kernel's authencesn cryptographic template.
• Pack2TheRoot, a high-severity vulnerability in PackageKit, allows users to install packages on Linux systems with root privileges.
• A critical zero-day vulnerability in the Linux kernel has been publicly disclosed, enabling any unprivileged local user to obtain root access on virtually every major Linux distribution shipped since 2017.
• Dubbed “Copy Fail” and tracked as CVE-2026-31431, the flaw was discovered by Theori researcher Taeyang Lee and scaled into a full exploit chain by the Xint Code Research Team using AI-assisted analysis.
• : Patches land for authencesn flaw enabling local privilege escalation.

L'essentiel

SecurityWeek indique que Pack2TheRoot, a high-severity vulnerability in PackageKit, allows users to install packages on Linux systems with root privileges. D'après Cyber Security News, a critical zero-day vulnerability in the Linux kernel has been publicly disclosed, enabling any unprivileged local user to obtain root access on virtually every major Linux distribution shipped since 2017. Comme le souligne Cyber Security News, Dubbed “Copy Fail” and tracked as CVE-2026-31431, the flaw was discovered by Theori researcher Taeyang Lee and scaled into a full exploit chain by the Xint Code Research Team using AI-assisted analysis. Selon Theregister, : Patches land for authencesn flaw enabling local privilege escalation.

Les chiffres

Theregister indique que the proof of concept exploit is a 10-line, 732-byte Python script capable of editing a setuid binary to gain root on almost all Linux distributions released since 2017. D'après Theregister, Microsoft's patch for a 0-day exploited by Russian spies fell short. Comme le souligne Theregister, the CVE has been rated High severity, 7.8 out of 10. Selon SecurityWeek, Tracked as CVE-2026-41651 (CVSS score of 8.1), the flaw is described as a time-of-check time-of-use (TOCTOU) race condition on transaction flags.

Le contexte

Selon SecurityWeek, an easily exploitable, high-severity vulnerability in the PackageKit cross-distro package management abstraction layer allows unprivileged users to install packages with root privileges. SecurityWeek indique que Referred to as Pack2TheRoot, the bug is a combination of three issues, where caller-supplied flags are written without checking if the transaction is authorized or even when the transaction is running. D'après SecurityWeek, Unprivileged users can exploit Pack2TheRoot to install arbitrary RPM packages as root, including scriplets, without authentication, a NIST advisory reads. Comme le souligne SecurityWeek, the security defect has been confirmed to impact PackageKit versions 1.0.2 to 1.3.4, but likely existed since version 0.8.1, which was released 14 years ago (1.0.2 was released 12 years ago).

À retenir

• A critical zero-day vulnerability in the Linux kernel has been publicly disclosed, enabling any unprivileged local user to obtain root access on virtually every major Linux distribution shipped since 2017.
• The proof of concept exploit is a 10-line, 732-byte Python script capable of editing a setuid binary to gain root on almost all Linux distributions released since 2017.
• The CVE has been rated High severity, 7.8 out of 10.