Heads-up: Copy Fail Linux Privilege Escalation Vulnerability

Fridge Hosting

Fridge Hosting

New Member
Joined
Dec 17, 2025
Messages
2
Reaction score
3
Location
South Africa
Hi everyone,

We haven’t posted here before, but we thought this was worth sharing for anyone managing Linux servers, VPS environments, shared hosting servers, or multi-user systems.

A recently disclosed Linux local privilege escalation issue, known as Copy Fail / CVE-2026-31431, has been published:

https://copy.fail/

This is not a remote exploit on its own, but it is relevant where users, scripts, containers, websites, or other workloads can execute code on the same server.

The main concern is privilege escalation from local access to root, which makes it especially relevant for shared or multi-tenant environments.

There are temporary mitigations available depending on the distribution, and affected systems may require GRUB changes and a reboot. The RHEL-related mitigation discussion is here:

https://seclists.org/oss-sec/2026/q2/291

We’re reviewing and applying the relevant mitigations across our own infrastructure where applicable.

Sharing this here in case it helps other server admins or hosting providers who haven’t seen it yet.

— Fridge Hosting
 
w1z4rd said:
Do you know if there is a cpanel patch for this? I really suck at grub and dont want to mess around with it.

Aah this wont likely be a cpanel release but a almalinux one. Looks like they working on the patch now

https://www.reddit.com/r/AlmaLinux/comments/1szjrkd/cve202631431_copy_fail_any_eta_for_updated_kernel
Click to expand...
Yes, that’s my understanding as well.

This wouldn’t normally be patched by cPanel directly. cPanel sits on top of the OS, so the fix/mitigation would come from the underlying distribution/kernel — for example AlmaLinux, Rocky, RHEL, Debian, Ubuntu, etc.

For cPanel servers on AlmaLinux, I’d watch for the relevant AlmaLinux kernel update and apply it once released. If applying the temporary GRUB mitigation manually, I’d be careful and make sure there is console/KVM access available first, because a bad GRUB change can make the server difficult to recover remotely.
 
As received

Step 1 – Patch the Copy Fail Vulnerability at the OS Level

For CentOS / RHEL / Rocky Linux / CloudLinux:

sudo grubby --update-kernel=ALL --args="initcall_blacklist=algif_aead_init"
sudo reboot

Note: This requires a reboot. Please schedule during a maintenance window.

For AlmaLinux:

patch available: https://almalinux.org/blog/2026-05-01-cve-2026-31431-copy-fail/

For Ubuntu:

apt update
apt install -y kmod

Step 2 – Harden the lscgid Binary (choose one)

Option A — Upgrade to LiteSpeed Enterprise 6.3.5 Build 5 (Recommended)
The upgrade automatically handles the setuid permission removal for you:

/usr/local/lsws/admin/misc/lsup.sh -f -v 6.3.5

Option B — Quick Fix (if not ready to upgrade)
Manually remove the setuid permission now, and upgrade at your next maintenance window:

chmod u-s /usr/local/lsws/bin/lscgid.*

You only need to do one of the above — not both.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X