US government warns of severe CopyFail bug affecting major versions of Linux

Key Points:

• A critical security vulnerability named "CopyFail" (CVE-2026-31431) affects nearly all Linux kernel versions 7.0 and earlier, allowing attackers to gain full administrative control over vulnerable systems.
• The U.S. government reports that CopyFail is actively being exploited in the wild, with exploit code publicly released, forcing defenders to urgently patch affected systems.
• Although patched in late March, many Linux distributions have yet to fully implement updates, leaving widespread systems including Red Hat, Ubuntu, Amazon Linux, SUSE, Debian, Fedora, and Kubernetes at risk.
• CopyFail works by corrupting kernel data due to improper copying, enabling limited-access users to escalate privileges, which poses a significant threat to enterprise data centers and cloud infrastructures.
• The vulnerability cannot be exploited remotely on its own but can be combined with internet-facing exploits or malicious links, and may also be leveraged in supply chain attacks targeting open source developer accounts.