Background
A serious security vulnerability called Copy Fail has been discovered in the Linux kernel. It allows a regular user to gain full "root" (administrative) control over almost any Linux computer.
Am I affected?
If you are using a major Linux distribution released in the last 9 years, you are likely affected. The bug has been present in the Linux "engine" (the kernel) since 2017.
Tested systems include:
Ubuntu (including 24.04 LTS)
Amazon Linux (2023)
Red Hat (RHEL)
SUSE
How do I fix it?
Update your system: This is the most important step. Run your system updates (e.g.,
sudo apt update && sudo apt upgradeon Ubuntu) to install the latest kernel patch.Reboot: Kernel updates only take effect after you restart your computer.
Risks of Running the Exploit
If you are considering running "Proof of Concept" (PoC) code to test this vulnerability, please be aware that doing so puts your system into an extremely insecure state. Because "Copy Fail" works by corrupting the system's memory (the page cache), the changes persist even after the exploit script finishes running. If you execute the exploit on a vulnerable system, you effectively leave a "backdoor" wide open: any local user can then become a superuser (root) without needing to run the exploit again. It is critical you patch and reboot to return the system to a secure state.
Mitigation
If you cannot patch yet, disable the algif_aead module. Read the Mitigation section of this page to understand what impact this may have: https://copy.fail/
Why is this bug so dangerous?
Most security bugs are "unstable"—they might crash your computer or only work half the time. Copy Fail is different:
It is 100% reliable: It doesn't rely on luck or timing. It works every time it’s run.
It is "Invisible": It only changes the computer's temporary memory (RAM), not the files on your hard drive. This means security scanners that look for modified files won't see anything wrong.
It is tiny: The entire "exploit" is a short Python script about the size of a long text message.
Does this affect Containers or Kubernetes?
Yes. Because containers share the same "library" (the kernel) as the main host computer, a user inside a container can use this bug to "break out" and take over the entire server.
References
You can refer to this page as https://go.lbl.gov/copyfail