oss-sec mailing list archives

Re: CVE-2026-31431: CopyFail: linux local privilege scalation


From: Roman Medina-Heigl Hernandez <roman () rs-labs com>
Date: Thu, 30 Apr 2026 19:04:21 +0200

El 30/04/2026 a las 3:52, Solar Designer escribió:
Another curious detail is the exploit needs Python newer than EL9
installs by default, which might slow down some script kiddies a little
bit.  The above Python 3.11 worked (before the mitigation), but Rocky
Linux 9.7's default install of 3.9 did not (has no os.splice).

Well, script kiddies can still build these exploits static-ELF and upload to vulnerable boxes for an easy pwning:

https://github.com/tgies/copy-fail-c

https://github.com/badsectorlabs/copyfail-go


--
Saludos,
-Román


Current thread: