All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Analyzing CVE-2026-31431: How Rootless Podman Containers Mitigate the "Copy Fail" Privilege Escalation

By

Andrea Veri

26d ago· 10 min readenInsight
Bagel score 97 of 100
97/100
Golden Brown
Bagelometer

Kettled twice. Extra chewy, extra trustworthy.

Score97TypeanalysisSentimentneutral

Summary

A technical deep-dive into CVE-2026-31431 ("Copy Fail"), a Linux kernel vulnerability. The author documents setting up a lab to run the exploit, disassemble the shellcode, trace it at the syscall level, and verify that rootless Podman containers (deployed on GNOME's GitLab runners) successfully contain the privilege escalation attempt. The post demonstrates how per-job VM isolation and rootless container architectures mitigate this vulnerability.

Key quotes

· 3 pulled
I spent the weekend setting up a lab to actually run the exploit, trace it at the syscall level, and verify that the rootless Podman architecture we deploy on GNOME's runners would contain it.
This post documents the entire process: from disassembling the shellcode to watching the kernel reject the privilege escalation in real time.
In the previous post about SELinux MCS and GitLab runners, I briefly mentioned CVE-2026-31431 ('Copy Fail') as a motivating example for per-job VM isolation.
Snippet from the RSS feed
In the previous post about SELinux MCS and GitLab runners, I briefly mentioned CVE-2026-31431 (“Copy Fail”) as a motivating example for per-job VM isolation. After that post went out I spent the weekend setting up a lab to actually run the exploit, trace

You might also wanna read

Fragnesia: New Linux Kernel Local Privilege Escalation Vulnerability Disclosed

A new Linux kernel local privilege escalation (LPE) vulnerability called "Fragnesia" has been made public, following closely on the heels of

phoronix.com·18d ago

Using AIDE to Detect Unauthorized Changes on Linux and Ubuntu Servers

The article explains how the author uses AIDE (Advanced Intrusion Detection Environment) to detect unauthorized changes on Linux and Ubuntu

DEV Community·10mo ago

North Korean Chollima Group Targets PHP Developers via Malicious Packagist Package

A malicious obfuscated JavaScript payload was discovered appended to tailwind.js in the Packagist development version dev-drewroberts/featur

socket.dev·5h ago

Microsoft uncovers supply chain attack: Compromised @antv npm packages steal CI/CD credentials via Mini Shai-Hulud malware

Microsoft has identified an active supply chain attack targeting the @antv npm package ecosystem. A threat actor compromised an @antv mainta

microsoft.com·19h ago

How to Install Ubuntu Server 26.04 on Raspberry Pi: A Step-by-Step Guide

A practical guide for installing Ubuntu Server 26.04 on Raspberry Pi models. The article covers using Raspberry Pi Imager or direct download

raspberrytips.com·1d ago

npm malware targeting Claude users leaks own GitHub token, reaches 676 downloads

An npm package called "mouse5212-super-formatter" targeting Claude users acted as information-stealing malware, reaching 676 downloads befor

theregister.com·1d ago