oss-sec mailing list archives

Re: CVE-2026-31431: CopyFail: linux local privilege scalation


From: Reid Sutherland <reid () thirddimension net>
Date: Fri, 01 May 2026 11:08:25 -0400

On Thu, 2026-04-30 at 10:25 -0700, Alan Coopersmith wrote:

On 4/30/2026 12:17 AM, cyber security wrote:

That is very terrifying, is it is 10.0 score?


A 10.0 score would require that a vulnerability be exploitable over
the network, without having to login to a local account on the system
first to run the exploit script.


Sorry but I'm having a hard time understanding the actual threat level
of this vulnerability.

# lsmod |grep aead  
#

Does anything load the vulnerable module by default or not?  If not,
this should be low-rated IMO.

Is this a big test to highlight all the people that have no idea what
they're doing (about to find out if that's me)?  Right now I'm seeing
people blindly copy/paste an advisory with "RHEL 14.3" in it.



Current thread: