not_IO@lemmy.blahaj.zone to

Linux@programming.devEnglish · 1 month ago

The same 732-byte Python script roots every Linux distribution shipped since 2017

169

The same 732-byte Python script roots every Linux distribution shipped since 2017

not_IO@lemmy.blahaj.zone to

Linux@programming.devEnglish · 1 month ago

Copy Fail — 732 Bytes to Root

CVE-2026-31431. 100% Reliable Linux LPE — no race, no per-distro offsets, page-cache write that bypasses on-disk file-integrity tools and crosses containers. Found by Xint Code.

woaw

also a good blog post about it https://xint.io/blog/copy-fail-linux-distributions

Chat

woelkchen@lemmy.world
link
fedilink
arrow-up
4·
1 month ago

the impact of this vulnerability is mainly on servers

The impact is any Linux install without root access for its users.
- dgdft@lemmy.world
  link
  fedilink
  English
  arrow-up
  3·
  1 month ago
  Sure, but it’s much easier to get some form of RCE on public hosts in order to make practical use of the LPE.

Linux@programming.dev

linux@programming.dev

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !linux@programming.dev

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

564 users / day
1.97K users / week
4.46K users / month
10.8K users / 6 months
4 local subscribers
13.8K subscribers
4.58K Posts
36.9K Comments
Modlog