U.S. government warns of severe CopyFail bug affecting major versions of Linux

A severe security vulnerability affecting almost every version of the Linux operating system has caught defenders off-guard and scrambling to patch after security researchers publicly released exploit code that allows attackers to take complete control of vulnerable systems. The U.S. government says the bug, dubbed “CopyFail,” is now being exploited in the wild , meaning it’s being actively used in malicious hacking campaigns. The bug, officially tracked as CVE-2026-31431 and discovered in Linux kernel versions 7.0 and earlier, was disclosed to the Linux kernel security team in late March, and patched after about a week. But the patches have yet to fully trickle down to the many Linux distributions that rely on the vulnerable kernel, leaving any system running an affected Linux version at risk of compromise. Linux is widely used in enterprise settings, running the computers that operate much of the world’s datacenters. The CopyFail website says that the same short Python script “roots every Linux distribution shipped since 2017.” According to security firm Theori, which discovered CopyFail , the vulnerability was verified in several widely used versions of Linux including Red Hat Enterprise Linux 10.1, Ubuntu 24.04 (LTS), Amazon Linux 2023, as well as SUSE 16. Devops engineer and developer Jorijn Schrijvershof wrote in a blog post that the exploit works on Debian and Fedora versions, as well as Kubernetes, which relies on the Linux kernel. …