{"id":5258,"date":"2026-05-02T11:37:08","date_gmt":"2026-05-02T11:37:08","guid":{"rendered":"http:\/\/ft365.org\/index.php\/2026\/05\/02\/nine-year-old-zero-day-flaw-in-linux-kernel-discovered-by-ai-equipped-security-researcher\/"},"modified":"2026-05-02T11:37:08","modified_gmt":"2026-05-02T11:37:08","slug":"nine-year-old-zero-day-flaw-in-linux-kernel-discovered-by-ai-equipped-security-researcher","status":"publish","type":"post","link":"http:\/\/ft365.org\/index.php\/2026\/05\/02\/nine-year-old-zero-day-flaw-in-linux-kernel-discovered-by-ai-equipped-security-researcher\/","title":{"rendered":"Nine-Year-Old Zero-Day Flaw in Linux Kernel Discovered by AI-Equipped Security Researcher"},"content":{"rendered":"<div id=\"cphContent_pnlArticleBody\" data-layout-id=\"2\" data-edit-folder-name=\"text\" data-index=\"0\">\n<p>A new high-security zero-day vulnerability that has lurked in the Linux kernel since 2017 has just been found with the help of AI.<\/p>\n<p>This nine-year-old flaw, dubbed \u2018Copy Fail\u2019, was discovered by Taeyang Lee, a vulnerability researcher at offensive security firm Theori<\/p>\n<p>Lee openly disclosed he used Xint Code, a source code analyzing tool part of Theori\u2019s AI-driven penetration testing platform, Xint.io, to discover the vulnerability.<\/p>\n<p>He reported the vulnerability to the Linux kernel security team on March 23, who started working on a patch over the next few days.<\/p>\n<p>The Linux kernel security team assigned Copy Fail a unique CVE identifier, CVE-2026-31431, on April 22 and Xint.io publicly disclosed it seven days later.<\/p>\n<h2><strong>Copy Fail: An Old\u00a0Linux Kernel Vulnerability<\/strong><\/h2>\n<p>Copy Fail is a logic bug in the Linux kernel&#8217;s authencesn cryptographic template. It lets an unprivileged local user trigger a deterministic, controlled four-byte write into the page cache of any readable file on the system.<\/p>\n<p>Exploiting this vulnerability can allow an attacker to gain root access to the Linux kernel of a machine for all Linux distributions shipped since 2017.<\/p>\n<p>While it requires no network access, no kernel debugging features and no pre-installed primitives to successfully exploit the vulnerability, the attacker must have physical access to the target machine, with an unprivileged local user account.<\/p>\n<p>The vulnerability poses a risk to multi-user shared systems, container clusters (Kubernetes, Docker, etc.), and similar environments. A regular user could potentially access other users&#8217; data as a result.<\/p>\n<p>The vulnerability has been attributed a high-severity rating (CVSS) of 7.8.<\/p>\n<p>Theori has published a proof-of-concept (PoC) exploit so defenders can verify their own systems and validate vendor patches.<\/p>\n<p>The patch is now available. It reverts the optimization for Authenticated Encryption with Associated Data (AEAD) operations that was added in 2017.<\/p>\n<p>&#8220;Update your distribution\u2019s kernel package to a version that includes commit a664bf3d603d from the main branch,&#8221; the researchers said.<\/p>\n<p>Most major Linux distributions, such as Debian, Ubuntu, SUSE and Red Hat now provide this fix.<\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>A new high-security zero-day vulnerability that has lurked in the Linux kernel since 2017 has just been found with the help of AI. This nine-year-old flaw, dubbed \u2018Copy Fail\u2019, was discovered by Taeyang Lee, a vulnerability researcher at offensive security firm Theori Lee openly disclosed he used Xint Code, a source code analyzing tool part<\/p>\n","protected":false},"author":2,"featured_media":5259,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-5258","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"featured_image_urls":{"full":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/05\/5258-714a9e81-2320-440b-81ef-533866751d44.jpg",300,300,false],"thumbnail":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/05\/5258-714a9e81-2320-440b-81ef-533866751d44-150x150.jpg",150,150,true],"medium":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/05\/5258-714a9e81-2320-440b-81ef-533866751d44.jpg",300,300,false],"medium_large":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/05\/5258-714a9e81-2320-440b-81ef-533866751d44.jpg",300,300,false],"large":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/05\/5258-714a9e81-2320-440b-81ef-533866751d44.jpg",300,300,false],"1536x1536":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/05\/5258-714a9e81-2320-440b-81ef-533866751d44.jpg",300,300,false],"2048x2048":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/05\/5258-714a9e81-2320-440b-81ef-533866751d44.jpg",300,300,false],"morenews-featured":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/05\/5258-714a9e81-2320-440b-81ef-533866751d44.jpg",300,300,false],"morenews-large":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/05\/5258-714a9e81-2320-440b-81ef-533866751d44.jpg",300,300,false],"morenews-medium":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/05\/5258-714a9e81-2320-440b-81ef-533866751d44.jpg",300,300,false],"crawlomatic_preview_image":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/05\/5258-714a9e81-2320-440b-81ef-533866751d44-146x146.jpg",146,146,true]},"author_info":{"display_name":"henry","author_link":"http:\/\/ft365.org\/index.php\/author\/henry\/"},"category_info":"<a href=\"http:\/\/ft365.org\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","_links":{"self":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/5258","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/comments?post=5258"}],"version-history":[{"count":0,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/5258\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media\/5259"}],"wp:attachment":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media?parent=5258"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/categories?post=5258"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/tags?post=5258"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}