Linux Mint
CVE 2026-31431 - CopyFail - root from running a python script #1514
-
|
A few hours ago I read about CopyFail (sources below) and decided to test and outdated Linux Mint box I use for side projects. priviledge escalation to root confirmed in the following setups:
After testing the exploit I upgraded to version 22.3, tested again, then changed to 6.8.0 Kernel and tested again. Flagging this in this Dicussion post to get developer attention and alert the community. SourcesAnnouncement website: https://copy.fail/ |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments
-
|
The kernels for Linux Mint are provided from the upstreams (Debian & Ubuntu). Unfortunately, the originators of this CVE did not follow proper responsible disclosure so Debian (and the related downstreams) were not notified appropriately and the patches have not yet been made available. EDIT: Debian has patches available for Trixie. You should be able to manually apply the mitigation until patches are available. |
Beta Was this translation helpful? Give feedback.
-
|
ran apt upgrade and can confirm exploit is patched and has also been reported by others in issue 11 referenced above System: Linux Mint 22.3 thanks @rcalixte |
Beta Was this translation helpful? Give feedback.
The kernels for Linux Mint are provided from the upstreams (Debian & Ubuntu). Unfortunately, the originators of this CVE did not follow proper responsible disclosure so Debian (and the related downstreams) were not notified appropriately and the patches have not yet been made available.
EDIT: Debian has patches available for Trixie. You should be able to manually apply the mitigation until patches are available.