oss-sec mailing list archives
Re: Precise disclosure contents for copyfail (Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation)
From: Greg Kroah-Hartman <gregkh () linuxfoundation org>
Date: Mon, 4 May 2026 08:58:47 +0200
On Sun, May 03, 2026 at 10:53:10PM +0100, Sam James wrote:
Per Greg's comments [1]:The scoring reasoning for this CVE does not hint at its severity and the threat being imminent. It's as obscure as most of the rest of 168 are (which for most of them is probably a result of actually not having exploitability and impact analysis).Why do you think that we knew this was "imminent"? The CVE team has no such knowlege as no one is obligated to tell us that they are about to let loose a trivial exploit.Is the CVE team not aware of public mailing list postings?
No.
Perhaps including full links and context in commit messages would help them not lose track?
Perhaps, but again, consider the volume of what we work with.
If the CVE team were unable to do this, then it absolutely would have helped distributions. I often chase links given in commit messages? Is the kernel honestly proud of how this went?
Exactly what do you suggest that we do "better" here and how to do that? The kernel security team gets "this is a local user increase in permission" bug reports all the time. Why this specific one is somehow more "special" than others was not obvious except after the fact because the submitter decided to provide their exploit code to the world to show off their tool. That is something that normally does not happen and is outside of the control of all of us involved here. thanks, greg k-h
Current thread:
- Re: CVE-2026-31431: CopyFail: linux local privilege scalation, (continued)
- Re: CVE-2026-31431: CopyFail: linux local privilege scalation Sam James (Apr 29)
- Re: CVE-2026-31431: CopyFail: linux local privilege scalation Zube (Apr 29)
- Re: CVE-2026-31431: CopyFail: linux local privilege scalation Solar Designer (Apr 29)
- Re: CVE-2026-31431: CopyFail: linux local privilege scalation Roman Medina-Heigl Hernandez (Apr 30)
- CVE-2026-31431 Copy Fail Linux LPE - new public exploit Andrei Berestov (May 18)
- Re: CVE-2026-31431: CopyFail: linux local privilege scalation Zube (Apr 29)
- Re: CVE-2026-31431: CopyFail: linux local privilege scalation Sam James (Apr 29)
- Re: CVE-2026-31431: CopyFail: linux local privilege scalation Aaron Rainbolt (Apr 29)
- Re: Precise disclosure contents for copyfail (Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation) Sam James (May 03)
- Re: Precise disclosure contents for copyfail (Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation) Sam James (May 03)
- Re: Precise disclosure contents for copyfail (Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation) Greg Kroah-Hartman (May 04)
- Re: Precise disclosure contents for copyfail (Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation) Emily Shepherd (May 04)
- Re: Precise disclosure contents for copyfail (Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation) Greg KH (May 04)
- Re: Precise disclosure contents for copyfail (Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation) Emily Shepherd (May 04)
- Re: Precise disclosure contents for copyfail (Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation) Greg KH (May 06)
