Skip to main content
Ask Ubuntu

Return to Question

Post Timeline

added 48 characters in body
Source Link
Daniel T
Daniel T
  • 9.6k
  • 20
  • 38

We are running a bunch of containers for a cyber security teaching environment, where students can execute arbitrary commands (unprivileged).

Our system (Ubuntu 24.04.4 LTS) is affected by the recently-published "Copy Fail" vulnerability (CVE-2026-31431).

Unfortunately, updating did not produce any new kernel packages, and we are still stuck with 6.8.0-110:

# uname -a
Linux teaching-host 6.8.0-110-generic #110-Ubuntu SMP PREEMPT_DYNAMIC Thu Mar 19 15:09:20 UTC 2026 x86_64 x86_64 x86_64 GNU/Linux

PoC exploit: (makes su not ask for passwords until reboot):

$ cat exploit.py | python3 && su
# id
uid=0(root) gid=1000(user) groups=1000(user),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),101(lxd),988(docker)

How can we harden our system until an official patch package becomes available?

We are running a bunch of containers for a cyber security teaching environment, where students can execute arbitrary commands (unprivileged).

Our system (Ubuntu 24.04.4 LTS) is affected by the recently-published "Copy Fail" vulnerability (CVE-2026-31431).

Unfortunately, updating did not produce any new kernel packages, and we are still stuck with 6.8.0-110:

# uname -a
Linux teaching-host 6.8.0-110-generic #110-Ubuntu SMP PREEMPT_DYNAMIC Thu Mar 19 15:09:20 UTC 2026 x86_64 x86_64 x86_64 GNU/Linux

PoC exploit:

$ cat exploit.py | python3 && su
# id
uid=0(root) gid=1000(user) groups=1000(user),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),101(lxd),988(docker)

How can we harden our system until an official patch package becomes available?

We are running a bunch of containers for a cyber security teaching environment, where students can execute arbitrary commands (unprivileged).

Our system (Ubuntu 24.04.4 LTS) is affected by the recently-published "Copy Fail" vulnerability (CVE-2026-31431).

Unfortunately, updating did not produce any new kernel packages, and we are still stuck with 6.8.0-110:

# uname -a
Linux teaching-host 6.8.0-110-generic #110-Ubuntu SMP PREEMPT_DYNAMIC Thu Mar 19 15:09:20 UTC 2026 x86_64 x86_64 x86_64 GNU/Linux

PoC exploit (makes su not ask for passwords until reboot):

$ cat exploit.py | python3 && su
# id
uid=0(root) gid=1000(user) groups=1000(user),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),101(lxd),988(docker)

How can we harden our system until an official patch package becomes available?

Became Hot Network Question
added 176 characters in body
Source Link
janw
janw
  • 351
  • 2
  • 11

We are running a bunch of containers for a cyber security teaching environment, where students can execute arbitrary commands (unprivileged).

Our system (Ubuntu 24.04.4 LTS) is affected by the recently-published "Copy Fail" vulnerability (CVE-2026-31431).

Unfortunately, updating did not produce any new kernel packages, and we are still stuck with 6.8.0-110:

~## uname -a
Linux teaching-host 6.8.0-110-generic #110-Ubuntu SMP PREEMPT_DYNAMIC Thu Mar 19 15:09:20 UTC 2026 x86_64 x86_64 x86_64 GNU/Linux

PoC exploit:

$ cat exploit.py | python3 && su
# id
uid=0(root) gid=1000(user) groups=1000(user),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),101(lxd),988(docker)

How can we harden our system until an official patch package becomes available?

We are running a bunch of containers for a cyber security teaching environment, where students can execute arbitrary commands (unprivileged).

Our system (Ubuntu 24.04.4 LTS) is affected by the recently-published "Copy Fail" vulnerability (CVE-2026-31431).

Unfortunately, updating did not produce any new kernel packages, and we are still stuck with 6.8.0-110:

~# uname -a
Linux teaching-host 6.8.0-110-generic #110-Ubuntu SMP PREEMPT_DYNAMIC Thu Mar 19 15:09:20 UTC 2026 x86_64 x86_64 x86_64 GNU/Linux

How can we harden our system until an official patch package becomes available?

We are running a bunch of containers for a cyber security teaching environment, where students can execute arbitrary commands (unprivileged).

Our system (Ubuntu 24.04.4 LTS) is affected by the recently-published "Copy Fail" vulnerability (CVE-2026-31431).

Unfortunately, updating did not produce any new kernel packages, and we are still stuck with 6.8.0-110:

# uname -a
Linux teaching-host 6.8.0-110-generic #110-Ubuntu SMP PREEMPT_DYNAMIC Thu Mar 19 15:09:20 UTC 2026 x86_64 x86_64 x86_64 GNU/Linux

PoC exploit:

$ cat exploit.py | python3 && su
# id
uid=0(root) gid=1000(user) groups=1000(user),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),101(lxd),988(docker)

How can we harden our system until an official patch package becomes available?

Source Link
janw
janw
  • 351
  • 2
  • 11

How do I fix CVE-2026-31431 on Ubuntu 24.04 LTS?

We are running a bunch of containers for a cyber security teaching environment, where students can execute arbitrary commands (unprivileged).

Our system (Ubuntu 24.04.4 LTS) is affected by the recently-published "Copy Fail" vulnerability (CVE-2026-31431).

Unfortunately, updating did not produce any new kernel packages, and we are still stuck with 6.8.0-110:

~# uname -a
Linux teaching-host 6.8.0-110-generic #110-Ubuntu SMP PREEMPT_DYNAMIC Thu Mar 19 15:09:20 UTC 2026 x86_64 x86_64 x86_64 GNU/Linux

How can we harden our system until an official patch package becomes available?