Xint

One of our researchers was able to speak with Dark Reading's Nate Nelson about our copy fail #linux disclosure "With a hunch, and an hour of AI-assisted scanning, cybersecurity researchers identified and then figured out how to exploit a nine-year-old root escalation vulnerability affecting every Linux build since 2017." https://lnkd.in/gU2NYyMY

What did it look like when Xint found copy.fail? What makes Xint findings unique is not just finding a bug and a location autonomously, but also providing trigger conditions and exploit impact so the teams were able to quickly POC and prioritize as the high severity bug it turned out to be. Reach out to see what Xint can do to secure your apps and code

"What makes the vulnerability dangerous is that it can be reliably triggered and does not require any race condition or kernel offset. On top of that, the same exploit works across distributions." Coverage of our #copyfail research from The Hacker News https://lnkd.in/gzikaHEt

요즘 Xint Code가 무엇이냐고 물어보시는 분들이 많습니다. Mythos 시대에, 저희는 이런 것들을 하고 있습니다. 👇 그런데 설명을 드리면 꼭 이런 질문이 돌아옵니다. "취약점 정보만 자꾸 늘어나고, 어차피 대응하기가 어렵잖아요." 네, 맞습니다. 그게 핵심입니다. 그런데 여기서 포기하면 안 됩니다. 이번에 공개된 Copy Fail(CVE-2026-31431)이 어떤 취약점인지 정리하면: • 회사 서버에 일반 계정 하나만 있으면, 732바이트짜리 파이썬 스크립트 하나로 서버의 Root 권한을 장악할 수 있습니다 • Kubernetes 클러스터에서 컨테이너 하나가 뚫리면, 컨테이너 격리를 넘어 노드 전체가 위험해집니다 • GitHub Actions나 Jenkins 같은 CI/CD에서 누군가의 PR 코드가 빌드 서버 root를 가져갈 수 있습니다 • 공격 후 디스크에 흔적이 남지 않습니다 — 포렌식 조사를 해도 침해 사실을 확인하기 어렵습니다 • Ubuntu, Amazon Linux, RHEL, SUSE — 2017년 이후 출시된 거의 모든 리눅스가 해당되며, 약 9년간 아무도 몰랐습니다 이제 패러다임이 바뀌어야 합니다. 지속적으로 스캔하고, 우선순위별 위험 관리를 그 어느 때보다 정교하게 해야 되는 시대입니다. 오랜 기간 교과서에서 이야기해 왔던 것들을 — 이제는 진짜로 해야 합니다. 무섭다고 눈을 감으면 안 됩니다. Theori, Inc. (티오리) 연구원 Taeyang Lee 님이 공격 표면의 방향을 설정하고, Xint Code가 리눅스 커널 crypto 서브시스템을 1시간 스캔해서 찾아낸 취약점입니다. 9년간 숨어있던 취약점을 1시간이면 찾을수 있는 시대입니다.

732 bytes of Python. Root on every major Linux distribution shipped since 2017. Today we disclose CVE-2026-31431 — "Copy Fail" — a logic flaw in the Linux kernel's authencesn cryptographic template. An unprivileged local user can trigger a deterministic, controlled 4-byte write into the page cache of any readable file on the system. The same script gets root on: • Ubuntu 24.04 LTS • Amazon Linux 2023 • RHEL 10.1 • SUSE 16 No race conditions. No per-distro offsets. No version checks. 100% success rate. A few things make this one interesting: → It doesn't touch disk. The page cache is corrupted in memory, so on-disk checksums and file integrity tools miss it entirely. A disk image won't show that root was taken. → The page cache is shared across the host, including across container boundaries. One pod can compromise the entire Kubernetes node. (Part 2 of the writeup covers the container escape.) → It's been silently exploitable for ~9 years. The bug sits at the intersection of three changes between 2011 and 2017, each reasonable on its own. Nobody connected the dots. How we found it: Taeyang Lee, a Theori researcher who had previously mapped the AF_ALG attack surface in kernelCTF, suspected that scatterlist page provenance was an underexplored source of bugs. He pointed Xint Code — our autonomous vulnerability analysis platform — at the Linux crypto subsystem with a one-line operator prompt. About an hour later, Copy Fail came back as the highest-severity finding. The same scan surfaced additional high-severity bugs, still in coordinated disclosure. This is the workflow we keep proving out: a researcher (optionally) sets the direction, Xint Code covers the depth and breadth no human team has bandwidth for. Coordinated disclosure with the Linux kernel security team wrapped cleanly — the fix landed in mainline on April 1. If you run Linux infrastructure, please patch. Full root-cause analysis, demo, and exploit: 📄 https://copy.fail 🔗 https://code.xint.io

Patch your Linux boxes! Copy.Fail is a trivially exploitable logic bug in Linux, reachable on all major distros released in the last 9 years. A small, portable python script gets root on all platforms. Found by the research teams at Theori and Xint and worked with The Linux Foundation to patch More details below https://lnkd.in/gCNv4QEx

'Before [Xint security researcher Tim Becker] started working on automatic bug finding with AI, he worked on vulnerability research, finding zero days and reporting them to maintainers. He said it used to take him weeks or months to find a high-impact vulnerability in a brand-new codebase, and now it only takes hours. “I just drop the code into our AI bug-finding tool [Xint] and in a couple hours I get a report with a bunch of candidate vulnerabilities, and most of them end up checking out and being real issues,” he said. “The bar to diving into a new million-line codebase and finding a bug is so much lower than it used to be.”' Great report from The Verge quoting Xint security researcher Tim Becker looking into the new era of cybersecurity, where even non-technical attackers can use AI to find the weaknesses in the apps and networks of organizations faster and at a scale never thought possible before. https://lnkd.in/enwBztJw

"Why would I pay you when Claude Enterprise now bundles security scanning?" This question assumes that the model is the product. But real AppSec is more than just finding vulnerabilities. To actually be useful to #productsecurity teams you need to know what to target, how to validate findings, how to prevent false positives from drowning teams, how to know which of the true positives are worth patching, and more. From Jeffrey Martin: See what's the difference between software that can find bugs and a true AppSec platform https://lnkd.in/gvQKw7hf

Our cofounder/CTO Andrew Wesie and VP of Product Jeffrey Martin were interviewed as part of this article from IEEE Spectrum about what the ramifications are for the launch of #mythos. In short, finding 0days has been a capability that LLMs have demonstrated for the past year with Mythos providing an incremental improvement. But the new bottleneck has become the validation, severity assessment, and remediation of these bugs. https://lnkd.in/dtDw82Jr

I'm heading to the live CISO Series Podcast in Canton this Thursday, come join me for a great evening! https://lnkd.in/grsxps7x CISO Series