Division of Financial Services
Financial Information Services
<div>A vulnerability known as "CopyFail" (CVE-2026-31431) has been disclosed affecting all versions of Linux released since 2017, allowing an attacker to locally escalate privileges to root using a 732-byte Python script. Peer institutions have reported attacks leveraging this vulnerability. <br><br><strong>Update 05/08/2026</strong>: A newly disclosed Linux kernel local privilege escalation vulnerability chain, dubbed “Dirty Frag” and assigned CVE-2026-43284 and CVE-2026-43500, enables attackers with local access to obtain root privileges by exploiting flaws in the ESP (IPsec) and RxRPC subsystems. While no official patches are currently available, a public proof-of-concept exists. Organizations should assume the vulnerability is valid and exploitable under certain conditions. This vulnerability is a successor to Copy Fail (CVE-2026-31431).<br><br><strong>Update 05/08/2026</strong>: Organizations and users should <strong>not</strong> undertake to "test" these exploits, as this will cause unnecessary alerts and incident response.<strong> </strong><br><br>References:<br><a href="https://copy.fail/">https://copy.fail/</a><br><a href="https://www.wiz.io/blog/dirty-frag-linux-kernel-local-privilege-escalati... a full description of the incident. This will appear in the "see all information" view of this alert.</div><div>Enter a full description of the incident. This will appear in the "see all information" view of this alert.</div>
