The Fatal 4-Byte Error That Just Broke Linux | Threat Wire

A critical vulnerability, "copyfail" (CVE-2026-31431), affects Linux kernels built between 2017 and recently, scoring 7.8 CVSS. Discovered by Xent code and initially reported by Tayyang Lee, it allows an unprivileged local user to achieve root access on Linux distributions. The flaw, a logic error in the kernel's AEAD crypto implementation, allows a write beyond intended bounds by chaining with AF_ALG sockets and splice, overwriting four bytes in the page cache of any readable file, including set UID binaries. This can also lead to container escapes. Patches were committed on April Fool's 2026, with multi-tenant Linux hosts prioritized for patching. Separately, GitHub experienced a major remote code execution (RCE) vulnerability (CVE-2026-2854, CVSS 8.8) in its Git infrastructure, discovered by Whiz Research using AI. This marks one of the first critical flaws found in closed-source binaries via AI. The attack exploited unsanitized characters injected via option fields in the `git push` function, affecting downstream services. GitHub deployed a fix on March 4th, 2026, and found no evidence of exploitation. Furthermore, Team PCP infiltrated the PyTorch Lightning package on PyPI, uploading credential-stealing software. This attack, discovered by Socket, involved compromising the Lightning project's GitHub account, where bad actors repeatedly closed issues raised by Socket until control was regained. Google has adjusted its bug bounty program to prioritize vulnerabilities difficult for AI to find, complete proofs of concept, and high user impact findings. Chrome vulnerabilities, for instance, have decreased in value. ClickUp also experienced a data leak exposing enterprise emails due to an embedded API key.