Nine-year-old high-severity Linux bug discovered

The vulnerability has been named “Copy Fail” (CVE-2026-31431, CVSS 7.8, high severity) and was discovered by the Xint Code Research Team at bug bounty platform Theori.

Copy Fail is a logic flaw in the Linux kernel. It arose following an optimisation in 2017 which inadvertently blurred a safety boundary between read‑only file data and writable memory during cryptographic operations.

Stay informed.

Get the NITIC newsletter!

This material Is based upon work supported by the U.S. National Science Foundation under Grant No. 2300188. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.

NITIC is hosted by:

modal link

ITIN Account Login

Log in to your IT Innovation Network account to get full access to all ITIN Community of Practice content and opportunities. If you don’t have an ITIN account, register here.

Username(Required)

Password(Required)

Remember Me

Forgot your password?

Interested in learning more about NITIC activities and opportunities? Sign up for the NITIC newsletter!

Facebook

This field is for validation purposes and should be left unchanged.

First Name:(Required)

Last Name:(Required)

Organization:

Email:(Required)

Consent(Required)

I want to join the NITIC mailing list and receive the NITIC newsletter.