Copy Fail — 732 Bytes to Root
copy.fail
CVE-2026-31431. 100% Reliable Linux LPE — no race, no per-distro offsets, page-cache write that bypasses on-disk file-integrity tools and crosses containers. Found by Xint Code.
      • RiceMunk@sopuli.xyzEnglish
        2 days

        surprise new linux feature: Much more space-efficient sudo command

        • LedgeDrop@lemmy.zipEnglish
          2 days

          … 'cause I always keep forgetting my password.

          I am curious to see if/how this’ll open up some android devices.

          • Codilingus@piefed.socialEnglish
            2 days

            My brain was too moosh for the technical reading, but I saw GrapheneOS say they’re immune to it. So probably not good for regular Android, lol.

  • Corngood@lemmy.mlEnglish
    2 days

    It feels weird that it has it’s own domain name and slogan. I get that there’s a promotional aspect to it, but it seems a bit much.

  • Dadifer@lemmy.worldEnglish
    2 days

    In the writeup, they say there’s multiple other vulnerabilities on this attack surface, but they’re still working on responsible disclosure.

    • thesmokingman@programming.devEnglish
      2 days

      It is. The vuln itself was found with guidance of an AI tool. Doesn’t make the vuln any less bad. Does make Xint look really shitty for constantly shilling with boilerplate AI instead of a good human analysis (or at least something above boilerplate).

  • corsicanguppy@lemmy.caEnglish
    2 days

    Only if you enable the mode for rootless containers. If you run more safe, this thing is apparently impotent.

    No containers here, no cry.