CloudTech is part of the TechForge Publications seriesView AllAI NewsDeveloperIoT NewsMarketing TechTechHQTech Wire AsiaTelecomsView AllAI NewsDeveloperIoT NewsMarketing TechTechHQTech Wire AsiaTelecomsTechForge SearchNewsCategoriesCloud in ActionCloud MigrationCloud ROI & CostInternal Change ManagementMissteps & LessonsSME & Startup CloudEditorial DeskAnnouncements & AnalysisForecasts & TrendsMigrations: Behind the ScenesTechEx EventsFeaturesInterviewsPodcastsSponsored ContentVideosWebinarsFuture of CloudAI & CloudCloud EthicsEdge & Distributed CloudOpen CloudQuantum & CloudServerless ArchitectureSustainable CloudIndustry PerspectivesEducation & ResearchFinanceHealthcare & Life SciencesLegal & HRMedia, Gaming & CreativePublic SectorRetail & ConsumerMarket IntelligenceCloud StartupsEarnings & Market ShareEvent CoverageMergers & AcquisitionsVendor Roadmaps & LeadershipSecurity, Privacy & TrustCloud CybersecurityCyber Security & Cloud ExpoEncryption & Data PrivacyGovernance, Risk & ComplianceIdentity & AccessStrategy & Decision-MakingChoosing a Cloud StrategyFinOps & BudgetsLock-In & ExitMulti- & Hybrid CloudProcurement & ContractsSkills & HiringTechnology StackBig VendorsContainers & KubernetesDatabases & Data PlatformsInfrastructure as CodeObservability & MonitoringXaaS ModelsEventsResourcesExclusive VideosPodcastsAll ResourcesMoreAdvertiseAbout UsContact Us SearchNewsCategoriesCloud in ActionCloud MigrationCloud ROI & CostInternal Change ManagementMissteps & LessonsSME & Startup CloudEditorial DeskAnnouncements & AnalysisForecasts & TrendsMigrations: Behind the ScenesTechEx EventsFeaturesInterviewsPodcastsSponsored ContentVideosWebinarsFuture of CloudAI & CloudCloud EthicsEdge & Distributed CloudOpen CloudQuantum & CloudServerless ArchitectureSustainable CloudIndustry PerspectivesEducation & ResearchFinanceHealthcare & Life SciencesLegal & HRMedia, Gaming & CreativePublic SectorRetail & ConsumerMarket IntelligenceCloud StartupsEarnings & Market ShareEvent CoverageMergers & AcquisitionsVendor Roadmaps & LeadershipSecurity, Privacy & TrustCloud CybersecurityCyber Security & Cloud ExpoEncryption & Data PrivacyGovernance, Risk & ComplianceIdentity & AccessStrategy & Decision-MakingChoosing a Cloud StrategyFinOps & BudgetsLock-In & ExitMulti- & Hybrid CloudProcurement & ContractsSkills & HiringTechnology StackBig VendorsContainers & KubernetesDatabases & Data PlatformsInfrastructure as CodeObservability & MonitoringXaaS ModelsEventsResourcesExclusive VideosPodcastsAll ResourcesMoreAdvertiseAbout UsContact Us Subscribe Subscribe SearchNewsCategoriesCloud in ActionCloud MigrationCloud ROI & CostInternal Change ManagementMissteps & LessonsSME & Startup CloudEditorial DeskAnnouncements & AnalysisForecasts & TrendsMigrations: Behind the ScenesTechEx EventsFeaturesInterviewsPodcastsSponsored ContentVideosWebinarsFuture of CloudAI & CloudCloud EthicsEdge & Distributed CloudOpen CloudQuantum & CloudServerless ArchitectureSustainable CloudIndustry PerspectivesEducation & ResearchFinanceHealthcare & Life SciencesLegal & HRMedia, Gaming & CreativePublic SectorRetail & ConsumerMarket IntelligenceCloud StartupsEarnings & Market ShareEvent CoverageMergers & AcquisitionsVendor Roadmaps & LeadershipSecurity, Privacy & TrustCloud CybersecurityCyber Security & Cloud ExpoEncryption & Data PrivacyGovernance, Risk & ComplianceIdentity & AccessStrategy & Decision-MakingChoosing a Cloud StrategyFinOps & BudgetsLock-In & ExitMulti- & Hybrid CloudProcurement & ContractsSkills & HiringTechnology StackBig VendorsContainers & KubernetesDatabases & Data PlatformsInfrastructure as CodeObservability & MonitoringXaaS ModelsEventsResourcesExclusive VideosPodcastsAll ResourcesMoreAdvertiseAbout UsContact Us Hamburger Toggle Menu Cloud Computing, Cloud Cybersecurity, Containers & Kubernetes, Security, Privacy & TrustLinux Copy Fail vulnerability puts cloud systems at riskMuhammad Zulhusni5th May 2026 Share this story: Tags:cloudCloud SecuritycontainersKubernetesCategories::Cloud ComputingCloud CybersecurityContainers & KubernetesSecurity, Privacy & TrustMicrosoft has detailed a high-severity Linux kernel vulnerability that can allow a local, unprivileged user to gain root access on affected systems.The flaw, tracked as CVE-2026-31431 and also referred to as “Copy Fail,” affects multiple Linux distributions used in enterprise and cloud environments.Microsoft said affected platforms include Red Hat, SUSE, Ubuntu, Amazon Linux, Debian, Fedora, and Arch Linux, depending on kernel version and patch status.The vulnerability has a CVSS score of 7.8.Microsoft said it affects Linux kernels released from 2017 until patched versions are applied.A local flaw with cloud implicationsCVE-2026-31431 is not remotely exploitable on its own.
Microsoft said an attacker would first need local code execution as a non-privileged user, a condition that can exist in cloud, CI/CD, and Kubernetes environments where untrusted code may run.The flaw can become more serious when combined with initial access through SSH, a malicious CI job, or a compromised container process.In those cases, an attacker with limited access could attempt to escalate privileges to root on a vulnerable system.The issue sits in the Linux kernel’s cryptographic subsystem.Microsoft described it as a logic flaw in the algif_aead module of AF_ALG, the Linux userspace cryptocurrency API.The flaw involves improper memory handling during in-place cryptographic operations.
By abusing the interaction between the AF_ALG socket interface and the splice() system call, an attacker can carry out a controlled four-byte write into the kernel page cache of a readable file.Microsoft said this can corrupt the in-memory version of privileged binaries, like /usr/bin/su, without changing the file stored on disk.CERT-EU said an unprivileged local user can use the bug to target a setuid binary and obtain a root shell.Why Kubernetes environments are exposedThe issue is relevant to Kubernetes as containers depend on the host kernel.Microsoft said successful exploitation could support container breakout, multi-tenant compromise, and lateral movement in shared environments.The exploit does not require remote access once an attacker can run local code on a vulnerable system.Microsoft said successful exploitation can affect confidentiality and availability by giving the attacker full root access.
Public exploit research described the bug as deterministic, while Microsoft and CERT-EU said the flaw involves page-cache corruption rather than modification of the on-disk file.Microsoft has observed limited active exploitation so far, mainly in proof-of-concept testing.The US Cybersecurity and Infrastructure Security Agency added CVE-2026-31431 to its Known Exploited Vulnerabilities catalogue on May 1.CISA listed it as a Linux Kernel Incorrect Resource Transfer Between Spheres vulnerability.Patch priorities for cloud teamsMicrosoft recommended that organisations identify affected Linux systems and apply vendor patches where available.Security bulletins and patch information are available through the National Vulnerability Database entry for CVE-2026-31431.Where patches are not yet available, Microsoft said organisations should consider interim steps like disabling the affected feature, blocking AF_ALG socket creation, applying access controls, or using network isolation.In Kubernetes environments, remediation needs to cover the node operating system, not only application containers.
Microsoft advised organisations to patch or update Linux kernel packages, while AKS documentation notes that node OS security updates are managed separately from Kubernetes version upgrades.The company also advised customers to review logs for signs of exploitation.In container environments, Microsoft said any container remote code execution should be treated as a possible host compromise, with rapid node recycling after compromise indicators are found.Microsoft Defender XDR has added detections for activity linked to CVE-2026-31431.Microsoft listed coverage in Defender Antivirus, Defender for Endpoint, Defender for Cloud, and Microsoft Defender Vulnerability Management.The detections include exploit and behaviour signatures for Linux and Python-based activity associated with Copy Fail.
Defender Vulnerability Management can also surface devices that may be vulnerable to CVE-2026-31431 in customer environments.See also: AI data centre power demand shapes cloud growthWant to learn more about Cloud Computing from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London.The comprehensive event is part of TechEx and is co-located with other leading technology events, click here for more information.CloudTech News is powered by TechForge Media.Explore other upcoming enterprise technology events and webinars here.About the Author Muhammad ZulhusniJournalist As a tech journalist, Zul focuses on topics including cloud computing, cybersecurity, and disruptive technology in the enterprise industry.
He has expertise in moderating webinars and presenting content on video, in addition to having a background in networking technology.Related Modern transfer protocols evolving to protect cloud data30th April 2026 The last piece in the DC construction puzzle: Ongoing operations27th April 2026 Keppel starts work on floating data centre in Singapore27th April 2026 SpaceX, data centres in space, and commercial viability22nd April 2026 Modern transfer protocols evolving to protect cloud data30th April 2026 The last piece in the DC construction puzzle: Ongoing operations27th April 2026 Keppel starts work on floating data centre in Singapore27th April 2026 SpaceX, data centres in space, and commercial viability22nd April 2026 Join our CommunitySubscribe now to get all our premium content and latest tech news delivered straight to your inbox Click here Popular Cloud ROI & Cost, Interviews, Sponsored Content, Sustainable CloudRipple effect: Xylem’s sustainable water solutions for Europe’s data centres 20475 view(s)Cloud Computing, XaaS ModelsConcern over cloud storage security remains says Spiceworks – but good news for OneDrive 12613 view(s)Big Vendors, Cloud Computing, Cloud Cybersecurity, Market Intelligence, Security, Privacy & Trust10 real-life cloud security failures and what we can learn from them 6241 view(s)Big Vendors, Cloud Computing, Market Intelligence5 of the best: cloud technology training platforms 6092 view(s)Cloud ROI & Cost, Interviews, Sponsored Content, Sustainable CloudRipple effect: Xylem’s sustainable water solutions for Europe’s data centres 20475 view(s)Cloud Computing, XaaS ModelsConcern over cloud storage security remains says Spiceworks – but good news for OneDrive 12613 view(s)Big Vendors, Cloud Computing, Cloud Cybersecurity, Market Intelligence, Security, Privacy & Trust10 real-life cloud security failures and what we can learn from them 6241 view(s)Big Vendors, Cloud Computing, Market Intelligence5 of the best: cloud technology training platforms 6092 view(s) See all Latest View All Latest Sustainable Cloud27th April 2026Keppel starts work on floating data centre in Singapore Finance22nd April 2026SpaceX, data centres in space, and commercial viability AI & Cloud21st April 2026Amazon expands Anthropic partnership with $25 billion investment Sustainable Cloud27th April 2026Keppel starts work on floating data centre in Singapore Finance22nd April 2026SpaceX, data centres in space, and commercial viability AI & Cloud21st April 2026Amazon expands Anthropic partnership with $25 billion investment SubscribeAll our premium content and latest tech news delivered straight to your inbox Subscribe ExploreAbout UsContact UsNewsletterPrivacy PolicyCookie PolicyAbout UsContact UsNewsletterPrivacy PolicyCookie PolicyReach Our AudienceAdvertisePost a Press ReleaseContact UsAdvertisePost a Press ReleaseContact UsCategoriesCloud in ActionEditorial DeskFeaturesFuture of CloudIndustry PerspectivesMarket IntelligenceSecurity, Privacy & TrustTechnology StackStrategy & Decision-MakingAll CategoriesCloud in ActionEditorial DeskFeaturesFuture of CloudIndustry PerspectivesMarket IntelligenceSecurity, Privacy & TrustTechnology StackStrategy & Decision-MakingAll CategoriesOther PublicationsExplore AllAI NewsDeveloperIoT NewsMarketing TechTechHQTech Wire AsiaTelecomsExplore AllAI NewsDeveloperIoT NewsMarketing TechTechHQTech Wire AsiaTelecomsCloudTech News is part of TechForge SubscribeAll our premium content and latest tech news delivered straight to your inbox
Read More
