The "copy.fail" vulnerability is a severe local privilege escalation issue in the Linux kernel that allows an attacker with unprivileged access to elevate their permissions to root, potentially compromising shared infrastructures like Kubernetes and CI/CD environments. Disclosed by Theori on April 29, 2026, it affects multiple Linux distributions and requires immediate patching.
This Linux kernel vulnerability, "copy.fail," allows local privilege escalation across multiple distributions without modification, underscoring a critical threat to shared environments like Kubernetes and CI/CD pipelines. The vulnerability exploits kernel crypto APIs and is undetectable by common monitoring tools, making it essential to apply the mainline fixes being rolled out by distributions immediately. Additionally, ensure custom seccomp profiles are used to block the syscall, as default security settings are insufficient.