A high‑severity Linux kernel flaw (CVE‑2026‑31431, dubbed "Copy Fail") allows ordinary users to gain root privileges and escape containers via an AF_ALG and splice() optimization bug, affecting major distributions; the article details the vulnerability, exploitation steps, PoC, and mitigation guidance.
A newly disclosed Linux kernel vulnerability (CVE‑2026‑31431, dubbed “Copy Fail”) allows an unprivileged user to execute a 732‑byte Python script that writes four controllable bytes into the page cache, directly modifying /usr/bin/su to obtain root, affecting all kernels from 2017 to the patch release and posing severe risks such as container escape and cloud‑tenant isolation breaches.
This comprehensive guide explains the most common Linux privilege‑escalation vectors—including unsafe SUID binaries, sudo misconfigurations, cron jobs, password and SSH‑key leaks, kernel vulnerabilities, container escapes, and file‑permission flaws—while providing concrete detection commands and practical hardening steps for each risk.
A recent study reveals that over two‑thirds of Kubernetes clusters contain critical misconfigurations that let attackers escape containers, steal cloud credentials, and hijack entire cloud accounts within minutes, and the article outlines the three most dangerous flaws, real‑world attack paths, and concrete mitigation steps.
This article explains why Kubernetes security feels like navigating in the dark, breaks down the platform’s core resources, outlines common attack vectors such as container escape and token abuse, compares managed versus self‑hosted clusters, and presents a real‑world EKS attack case with practical mitigation insights.
The article explains the runc 1.1.11 container‑escape vulnerability (CVE‑2024‑21626), how it allows attackers to break out of containers and gain host privileges, details Huawei Cloud’s reproduction steps, and provides mitigation guidance including upgrading to runc 1.1.12 and using HSS scanning and intrusion‑detection features.
Meituan's security team explains cloud‑native architecture, outlines container‑escape threats from kernel bugs, vulnerable runtimes and misconfigurations, and recommends mitigation through hardened kernels, secure‑container runtimes like gVisor or Kata, rigorous patch management, and collaborative feature development to strengthen runtime protection.
A critical CVE‑2019‑5736 vulnerability in the runc container runtime lets a malicious container overwrite the host’s runc binary, granting attackers root‑level code execution that can compromise other containers, the host system, and the network, with a CVSS 3.0 score of 7.2, affecting runc, Apache Mesos and LXC, and requiring prompt updates.
