惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

U
Unit 42
N
News and Events Feed by Topic
S
Schneier on Security
G
GRAHAM CLULEY
Scott Helme
Scott Helme
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
GbyAI
GbyAI
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
C
CERT Recently Published Vulnerability Notes
T
The Exploit Database - CXSecurity.com
C
Cisco Blogs
T
The Blog of Author Tim Ferriss
Cisco Talos Blog
Cisco Talos Blog
P
Privacy & Cybersecurity Law Blog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
博客园 - 司徒正美
Blog — PlanetScale
Blog — PlanetScale
Project Zero
Project Zero
MyScale Blog
MyScale Blog
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Apple Machine Learning Research
Apple Machine Learning Research
小众软件
小众软件
The Last Watchdog
The Last Watchdog
Vercel News
Vercel News
The Cloudflare Blog
C
Check Point Blog
Help Net Security
Help Net Security
Microsoft Security Blog
Microsoft Security Blog
AI
AI
Simon Willison's Weblog
Simon Willison's Weblog
云风的 BLOG
云风的 BLOG
M
MIT News - Artificial intelligence
Stack Overflow Blog
Stack Overflow Blog
腾讯CDC
NISL@THU
NISL@THU
S
Security @ Cisco Blogs
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
S
SegmentFault 最新的问题
MongoDB | Blog
MongoDB | Blog
C
CXSECURITY Database RSS Feed - CXSecurity.com
T
Threatpost
AWS News Blog
AWS News Blog
Cloudbric
Cloudbric
N
News and Events Feed by Topic
PCI Perspectives
PCI Perspectives
S
Securelist
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
V
Vulnerabilities – Threatpost
S
Secure Thoughts

Schneier on Security

Protecting Privacy in an AI Era - Schneier on Security A Video Screen That Is Also a Camera - Schneier on Security Upcoming Speaking Engagements - Schneier on Security Vulnerability in FIFA's Network - Schneier on Security AI Data Centers and the Concentration of Wealth - Schneier on Security Friday Squid Blogging: "Squidbleed" Vulnerability - Schneier on Security AI Surveillance and Social Progress - Schneier on Security The Language of AI Could Change How Humans Speak - Schneier on Security Cybersecurity and the Gap Between Skill and Ability - Schneier on Security Google Is Suing Chinese Scammers Who Are Using Gemini - Schneier on Security France to Stop Certifying Non-Quantum-Safe Encryption - Schneier on Security Flock Cameras Can Surveil Cars Without License Plates - Schneier on Security Cybersecurity Mission Creep in the US - Schneier on Security Papa Johns Surveillance-Based Advertising - Schneier on Security The Realities of AI Video Surveillance - Schneier on Security Factoring RSA Keys with Many Zeros - Schneier on Security Robot Police Officers - Schneier on Security The Chinese Control the Majority of Argentina's Squid Fleet - Schneier on Security Meta Is Testing Facial Recognition for Police and Military - Schneier on Security One Million Passports Leaked Online - Schneier on Security AI and Liability - Schneier on Security Interesting Paper Exploring Prompt Injection - Schneier on Security Embedding Forbidden Text in Spyware to Discourage AI Analysis - Schneier on Security Anthropic's Fable 5 Model Jailbroken Within Days - Schneier on Security Professional Athletes and Wearables - Schneier on Security Friday Squid Blogging: Victims of Unregulated Squid Fishing - Schneier on Security Anthropic's Fable and the State of AI - Schneier on Security Embedding Forbidden Text in Spyware to Discourage AI Analysis - Schneier on Security AI Use by the US Government - Schneier on Security Flock Cameras Are Being Used for Stalking - Schneier on Security The FCC Wants to Eliminate Burner Phones - Schneier on Security Upcoming Speaking Engagements - Schneier on Security Friday Squid Blogging: Squid-Inspired Fluid Pump Bernie Sanders’ AI Sovereign Wealth Fund Plan Enhanced License Plate Tracking NSO Group Hacking WhatsApp Despite Court Order GPS As a Key Distribution Platform - Schneier on Security Critical Zcash Vulnerability Found and Fixed Anthropic’s Project Glasswing Update AI Worm - Schneier on Security Hacking Meta's AI Chatbot - Schneier on Security AI Used to Decrypt Medieval Ciphers The Intersection of Encryption and AI Microsoft Threatening Security Researcher Vulnerability Disclosure in the Age of AI Friday Squid Blogging: Another Squid Chilling Effects FBI’s 2025 Internet Crime Report Identifying People Using Wi-Fi Routers Friday Squid Blogging: Regulating Squid Fishing in the South Pacific CISA Security Leak macOS Kernel Memory Corruption Exploit On AI Security Laurie Anderson Is Quoting Me Zero-Day Exploit Against Windows BitLocker Friday Squid Blogging: Bigfin Squid Bypassing On-Camera Age-Verification Checks OpenAI’s GPT-5.5 is as Good as Mythos at Finding Security Vulnerabilities LLMs and Text-in-Text Steganography Friday Squid Blogging: Giant Squid Live in the Waters of Western Australia Insider Betting on Polymarket Smart Glasses for the Authorities Rowhammer Attack Against NVIDIA Chips DarkSword Malware Hacking Polymarket A Ransomware Negotiator Was Working for a Ransomware Gang Fast16 Malware Claude Mythos Has Found 271 Zero-Days in Firefox What Anthropic’s Mythos Means for the Future of Cybersecurity Medieval Encrypted Letter Decoded Friday Squid Blogging: How Squid Survived Extinction Events Hiding Bluetooth Trackers in Mail FBI Extracts Deleted Signal Messages from iPhone Notification Database ICE Uses Graphite Spyware - Schneier on Security Mexican Surveillance Company - Schneier on Security Is “Satoshi Nakamoto” Really Adam Back? Friday Squid Blogging: New Giant Squid Video Mythos and Cybersecurity Human Trust of AI Agents Defense in Depth, Medieval Style
Copy.Fail Linux Vulnerability
Bruce Schnei · 2026-05-12 · via Schneier on Security

This is the worst Linux vulnerability in years.

TL;DR

  • copy.fail is a Linux kernel local privilege escalation, not a browser or clipboard attack. Disclosed by Theori on 29 April 2026 with a working PoC.
  • It abuses the kernel crypto API (AF_ALG sockets) plus splice() to write four bytes at a time straight into the page cache of a file the attacker does not own.
  • The exploit works unmodified across Ubuntu, RHEL, Debian, SUSE, Amazon Linux, Fedora and most others. No race condition, no per-distro offsets.
  • The file on disk is never modified. AIDE, Tripwire and checksum-based monitoring see nothing.
  • Kubernetes Pod Security Standards (Restricted) and the default RuntimeDefault seccomp profile do not block the syscall used. A custom seccomp profile is needed.
  • The mainline fix landed on 1 April. Distros are rolling kernels out now. Patch.

“Local privilege escalation” sounds dry, so let me unpack it. It means: an attacker who already has some way to run code on the machine, even as the most boring unprivileged user, can promote themselves to root. From there they can read every file, install backdoors, watch every process, and pivot to other systems.

Why does that matter on shared infrastructure? Because “local” covers a lot of ground in 2026: every container on a shared Kubernetes node, every tenant on a shared hosting box, every CI/CD job that runs untrusted pull-request code, every WSL2 instance on a Windows laptop, every containerised AI agent given shell access. They all share one Linux kernel with their neighbours. A kernel LPE collapses that boundary.

News article.

Tags: , ,

Posted on May 12, 2026 at 7:06 AM0 Comments

Sidebar photo of Bruce Schneier by Joe MacInnis.