Hi folks,
I don’t know if you saw this but a vulnerability was found this week which rates up there with some of the biggest. It allows a normal user to get a root shell in Linux. All major distributions are affected and it has been around since 2017
Here is a Ubuntu system (running K3s :).
A seemingly innocent user named Geoff (All characters appearing in this work are fictitious. Any resemblance to real persons, living or dead, is purely coincidental) 😎
Geoff has no escalated privileges (ah sounds so familiar)
But this user, who looked so mild mannered and good natured alas was not. He found out about the vulnerability and….
He not only got a root shell but then created an account for his neighbour badguyhacker adding the latter to the sudo.
Patch your systems!!!
You can read more about this exploit here: https://www.bugcrowd.com/blog/what-we-know-about-copy-fail-cve-2026-31431/
