57 lines
1.9 KiB
Markdown
57 lines
1.9 KiB
Markdown
# Copy Fail - CVE-2026-31431
|
|
|
|
[Technical Writeup](https://xint.io/blog/copy-fail-linux-distributions)
|
|
|
|
## Tested Distro / Version
|
|
A list of the most recent versions effected.
|
|
|
|
| Distro | Version |
|
|
|-------------------|--------------------------|
|
|
| Amazon Linux 2023 | 6.18.8-9.213.amzn2023 |
|
|
| Alphine Linux | 6.18.25-0-virt #1-Alpine |
|
|
| Ubuntu 24.04 LTS | 6.17.0-1007-aws |
|
|
| RHEL 10.1 | 6.12.0-124.45.1.el10_1 |
|
|
| SUSE 16 | 6.12.0-160000.9-default |
|
|
| NixOS 25.11 | 6.12.83 |
|
|
| Trisquel 12 | 6.18.21-generic-libre |
|
|
| GUIX | ???????????? |
|
|
| ChromeOS | ???????????? |
|
|
| OpenWRT | ?????????? |
|
|
|
|
|
|
### aarch64 ?
|
|
| Distro | Version |
|
|
|-------------------|-------------------------|
|
|
| Asahi Linux | 6.19.14-asahi |
|
|
| Ubuntu 24.04 ARM LTS | 6.17.0-1011-oracle |
|
|
| RaspbianOS ? | ???? |
|
|
|
|
### unaffected
|
|
| Distro | Version | Reason |
|
|
|-------------------|-------------------------|---------|
|
|
| Devuan | 6.12.74+deb13+1-amd64 | algif_aead is not used by kernel |
|
|
| Debian 12 | 6.1.0-40-amd64 | Predates the exploit occurance (6.1.0-41 works)|
|
|
| Android 16 | 6.1.166-android14-11 | Permission to create socket in busybox not allowed |
|
|
|
|
## Files
|
|
check.sh - makes a check to see if the exploitable crypto module is loaded.
|
|
mitigate.sh - unloads the exploitable crypto module, chances are you didnt need it anyway.
|
|
|
|
copy_fail.py - the complete exploit writeup in plain python code.
|
|
|
|
|
|
copy_fail_exp.py - the exploit in pure python for x86 systems.
|
|
copy_fail_exp_aarch64.py - the exploit in pure python for aarch64 systems.
|
|
|
|
|
|
run to get the file as a non-privilaged user.
|
|
```
|
|
curl https://git.jonstarkey.co.uk/jon/CVE-2026-31431-tools/raw/branch/main/copy_fail_exp.py
|
|
```
|
|
or
|
|
```
|
|
curl https://git.jonstarkey.co.uk/jon/CVE-2026-31431-tools/raw/branch/main/copy_fail_exp_aarch64.py
|
|
|
|
```
|
|
|