Copy Fail (Linux CVE)

ElectricEye · April 30, 2026, 9:12pm

Most Linux LPEs need a race window or a kernel-specific offset.
Copy Fail is a straight-line logic flaw — it needs neither.
The same 732-byte Python script roots every Linux distribution shipped since 2017.

This is another exploit found with AI assistance. I hope this treasure trove of exploits will be patched and empty before black hat hackers start using these advanced AI models to find and exploit unknown vulnerabilities.

At the same time, I fear that these advanced AI models will be locked behind a paywall. And if only a few companies have direct access to these models (e.g. OpenAI, Anthropic) then they would wield too much power in the cybersecurity landscape. This could create a world where software cannot be trusted if it isn’t audited using advanced AI.

TheManWithNoPlan · May 1, 2026, 9:33pm

To mitigate on Debian and Debian based distros:

echo “install algif_aead /bin/false” > /etc/modprobe.d/disable-algif-aead.conf
rmmod algif_aead 2>/dev/null

Need to be root.

It says on Fedora based systems need to upgrade to a patched kernel however I would imagine it can be blacklisted in the bootloader.

Topic		Replies	Views
Every Linux Distribution Shipped Since 2017 Vulnerable to New Copy.Fail Exploit News	1	444	May 2, 2026
Two More Major Linux Vulnerabilities Discovered in the Same Class as Copy Fail News	11	785	May 10, 2026
GitHub - V4bel/dirtyfrag General	0	243	May 7, 2026
Is secureblue linux [ secureblue.dev ] also vulnerable by these three recent linux vulnerabilities - Copy Fail, Copy Fail 2 and Dirty Frag? Questions	22	924	May 11, 2026
Parallels root privilege escalation patch circumvented in new public 0-day vulnerability General software	0	238	February 21, 2025

Copy Fail (Linux CVE)

Related topics