Techly NewsGet the app

Get the latest tech news

CVE-2026-31431: Copy Fail vs. rootless containers


May 2026 Table of Contents - Table of Contents - Introduction - The vulnerability - Analyzing the shellcode - Setting up the lab - Setting up rootless Podman - Running the exploit inside a container - Tracing the exploit mechanism - Why rootless containers stopped the escalation - Catching the kernel in the act with eBPF - The uid_map proof - Conclusions Introduction In the previous post about SELinux MCS and GitLab runners, I briefly mentioned CVE-2026-31431 (“Copy Fail”) as a motivating example for per-job VM isolation. After that post went out I spent the weekend setting up a lab to actually run the exploit, trace it at the syscall level, and verify that the rootless Podman architecture we deploy on GNOME’s runners would contain it.

None

Get the Android app

Or read this on Hacker News

Read more on:

Photo of CVE-2026-31431

CVE-2026-31431

Photo of copy fail

copy fail

Photo of rootless containers

rootless containers

Related news:

News photo

CISA says ‘Copy Fail’ flaw now exploited to root Linux systems

News photo

New Linux 'Copy Fail' Vulnerability Enables Root Access On Major Distros

News photo

Copy-fail-destroyer: K8s remediation for CVE-2026-31431

« OpenAI President Discloses His Stake In the Company Is Worth $30 Billion
Linux, Windows or macOS: Which Operating System to Use in 2026? »