Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <315f9a67337d8e930cfb95a4b644946bf2f69687.camel@thirddimension.net>
Date: Fri, 01 May 2026 11:08:25 -0400
From: Reid Sutherland <reid@...rddimension.net>
To: oss-security@...ts.openwall.com
Subject: Re: CVE-2026-31431: CopyFail: linux local privilege
 scalation

On Thu, 2026-04-30 at 10:25 -0700, Alan Coopersmith wrote:

> On 4/30/2026 12:17 AM, cyber security wrote:
> 
> > That is very terrifying, is it is 10.0 score?
> 
> 
> A 10.0 score would require that a vulnerability be exploitable over
> the network, without having to login to a local account on the system
> first to run the exploit script.


Sorry but I'm having a hard time understanding the actual threat level
of this vulnerability.

# lsmod |grep aead  
#

Does anything load the vulnerable module by default or not?  If not,
this should be low-rated IMO.

Is this a big test to highlight all the people that have no idea what
they're doing (about to find out if that's me)?  Right now I'm seeing
people blindly copy/paste an advisory with "RHEL 14.3" in it.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.