[Cryptography] Crypto: Keeping you safe since 1939
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Thu Apr 30 00:09:56 EDT 2026
0day vulnerability in the Linux kernel crypto API:
https://copy.fail/
Most Linux LPEs need a race window or a kernel-specific offset. Copy Fail is
a straight-line logic flaw - it needs neither. The same 732-byte Python
script roots every Linux distribution shipped since 2017.
Copy Fail requires only an unprivileged local user account - no network
access, no kernel debugging features, no pre-installed primitives. The
kernel crypto API (AF_ALG) ships enabled in essentially every mainstream
distro's default config, so the entire 2017 -> patch window is in play out
of the box.
It's not just "Crypto is bypassed, not attacked", it's "It's the crypto that
enables the attack in the first place".
(Not picking on the crypto code specifically here, a lot of security software
has similar problems with security vulnerabilities in the thing meant to be
keeping you secure).
Peter.
More information about the cryptography
mailing list