A high-severity Linux kernel vulnerability (CVE-2026-23111) in nf_tables allows unprivileged users to escalate to root. Discovered by Exodus Intelligence, the bug stems from a single misplaced exclamation mark causing a use-after-free memory corruption.
Linux kernel's private security list is overwhelmed by duplicate bug reports from AI tools. Linus Torvalds announced a policy change requiring AI-found vulnerabilities to be treated as public disclosures, with reports sent directly to maintainers and human developers taking full legal responsibility for AI-generated code.
Security researchers from Theori released exploit code for CVE-2026-31431, a critical Linux kernel vulnerability allowing unprivileged users to gain root access. The flaw, named CopyFail, affects virtually all Linux distributions and works with a single Python script across Ubuntu 22.04, Amazon Linux 2023, SUSE 15.6, and Debian 12. The vulnerability stems from a logic flaw in the kernel's crypto API, not race conditions or memory corruption, making it highly reliable. Private disclosure occurred five weeks prior, but most distributions had not patched when the exploit went public.
