[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"article-ai-finds-nine-year-linux-kernel-zero-day-en":3,"tags-ai-finds-nine-year-linux-kernel-zero-day-en":34,"related-lang-ai-finds-nine-year-linux-kernel-zero-day-en":44,"related-posts-ai-finds-nine-year-linux-kernel-zero-day-en":48,"series-research-a78fe1fe-a228-4b8d-a223-ca013517d9e3":85},{"id":4,"title":5,"content":6,"summary":7,"source":8,"source_url":9,"author":10,"image_url":11,"keywords":12,"language":18,"translated_content":10,"views":19,"is_premium":20,"created_at":21,"updated_at":21,"cover_image":11,"published_at":22,"rewrite_status":23,"rewrite_error":10,"rewritten_from_id":24,"slug":25,"category":26,"related_article_id":27,"status":28,"google_indexed_at":29,"x_posted_at":10,"tweet_text":10,"title_rewritten_at":10,"title_original":10,"key_takeaways":30,"topic_cluster_id":10,"embedding":10,"is_canonical_seed":20},"a78fe1fe-a228-4b8d-a223-ca013517d9e3","AI Finds Nine-Year Linux Kernel Zero-Day","\u003Cp data-speakable=\"summary\">AI tooling helped uncover Copy Fail, a Linux kernel zero-day that has existed since 2017.\u003C\u002Fp>\u003Cp>A vulnerability researcher at \u003Ca href=\"https:\u002F\u002Ftheori.io\" target=\"_blank\" rel=\"noopener\">Theori\u003C\u002Fa> found the bug in the Linux kernel, assigned as \u003Ca href=\"https:\u002F\u002Fwww.cve.org\u002FCVERecord?id=CVE-2026-31431\" target=\"_blank\" rel=\"noopener\">CVE-2026-31431\u003C\u002Fa>, and the details matter because this is a local flaw with root impact. The issue dates back to a 2017 optimization in authenticated encryption code, and the public write-up says the bug can be triggered on systems shipped since then.\u003C\u002Fp>\u003Ctable>\u003Cthead>\u003Ctr>\u003Cth>Fact\u003C\u002Fth>\u003Cth>Value\u003C\u002Fth>\u003C\u002Ftr>\u003C\u002Fthead>\u003Ctbody>\u003Ctr>\u003Ctd>Bug nickname\u003C\u002Ftd>\u003Ctd>Copy Fail\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>CVE\u003C\u002Ftd>\u003Ctd>CVE-2026-31431\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>Reported\u003C\u002Ftd>\u003Ctd>March 23, 2026\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>CVE assigned\u003C\u002Ftd>\u003Ctd>April 22, 2026\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>Public disclosure\u003C\u002Ftd>\u003Ctd>April 29, 2026\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>Severity\u003C\u002Ftd>\u003Ctd>CVSS 7.8\u003C\u002Ftd>\u003C\u002Ftr>\u003C\u002Ftbody>\u003C\u002Ftable>\u003Ch2>What Copy Fail actually does\u003C\u002Fh2>\u003Cp>Copy Fail is a logic bug in the Linux kernel’s authencesn cryptographic template. In plain English, it lets a local user with no special privileges trigger a controlled four-byte write into the page cache of a readable file.\u003C\u002Fp>\n\u003Cfigure class=\"my-6\">\u003Cimg src=\"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1777950668583-4o4f.png\" alt=\"AI Finds Nine-Year Linux Kernel Zero-Day\" class=\"rounded-xl w-full\" loading=\"lazy\" \u002F>\u003C\u002Ffigure>\n\u003Cp>That sounds small, but kernel bugs rarely stay small once an attacker can shape memory writes. The report says exploitation can lead to root access on affected Linux systems, and that the issue affects distributions shipped since 2017.\u003C\u002Fp>\u003Cul>\u003Cli>No network access is required\u003C\u002Fli>\u003Cli>No kernel debugging features are required\u003C\u002Fli>\u003Cli>No pre-installed exploit primitives are required\u003C\u002Fli>\u003Cli>Physical access and an unprivileged local account are still needed\u003C\u002Fli>\u003C\u002Ful>\u003Cp>That last detail matters. This is not a remote worm-style flaw that spreads across the internet on its own. It is a local privilege escalation path, which makes it especially relevant for shared machines, lab systems, developer workstations, and container hosts where \u003Ca href=\"\u002Fnews\u002Fai-models-2026-which-one-to-use-en\">one use\u003C\u002Fa>r account may be enough to start trouble.\u003C\u002Fp>\u003Ch2>How AI helped find a bug from 2017\u003C\u002Fh2>\u003Cp>Taeyang Lee, a vulnerability researcher at \u003Ca href=\"https:\u002F\u002Ftheori.io\" target=\"_blank\" rel=\"noopener\">Theori\u003C\u002Fa>, said he used \u003Ca href=\"https:\u002F\u002Fxint.io\" target=\"_blank\" rel=\"noopener\">Xint.io\u003C\u002Fa> and its source analysis tool \u003Ca href=\"https:\u002F\u002Fxint.io\" target=\"_blank\" rel=\"noopener\">Xint Code\u003C\u002Fa> to find the flaw. That detail matters because it shows where AI is already useful in security work: not writing exploits from scratch, but scanning large codebases for odd logic paths and missed assumptions.\u003C\u002Fp>\u003Cblockquote>“We found a vulnerability in the Linux kernel that can lead to root privileges,” said Taeyang Lee in Theori’s disclosure.\u003C\u002Fblockquote>\u003Cp>The timeline is tight. Lee reported the issue to the Linux kernel security team on March 23, the team started patching within days, and the CVE landed on April 22. Theori then published its disclosure seven days later, along with a proof-of-concept so defenders could test their own systems.\u003C\u002Fp>\u003Cp>That kind of response is what you want from a kernel security incident: fast triage, public tracking, and a patch that lands before the story drifts into rumor. It also shows why AI-assisted review is getting attention inside offensive security shops. If a tool can surface an old bug buried in a code path that has been live for years, it can save a lot of manual reading time.\u003C\u002Fp>\u003Ch2>Why this matters for Linux admins\u003C\u002Fh2>\u003Cp>The practical risk is highest in places where multiple users share a machine or where local access is easier to obtain than it should be. Think workstations with weak account separation, build servers, container clusters, and research environments.\u003C\u002Fp>\n\u003Cfigure class=\"my-6\">\u003Cimg src=\"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1777950664769-b1n1.png\" alt=\"AI Finds Nine-Year Linux Kernel Zero-Day\" class=\"rounded-xl w-full\" loading=\"lazy\" \u002F>\u003C\u002Ffigure>\n\u003Cp>Theori says the patch is already available, and most major distributions have moved to fix it, including \u003Ca href=\"https:\u002F\u002Fwww.debian.org\" target=\"_blank\" rel=\"noopener\">Debian\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fubuntu.com\" target=\"_blank\" rel=\"noopener\">Ubuntu\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwww.suse.com\" target=\"_blank\" rel=\"noopener\">SUSE\u003C\u002Fa>, and \u003Ca href=\"https:\u002F\u002Fwww.redhat.com\" target=\"_blank\" rel=\"noopener\">Red Hat\u003C\u002Fa>. The researchers specifically told users to update to a kernel version that includes commit \u003Ca href=\"https:\u002F\u002Fgit.kernel.org\u002Fpub\u002Fscm\u002Flinux\u002Fkernel\u002Fgit\u002Ftorvalds\u002Flinux.git\u002Fcommit\u002F?id=a664bf3d603d\" target=\"_blank\" rel=\"noopener\">a664bf3d603d\u003C\u002Fa> from mainline.\u003C\u002Fp>\u003Cul>\u003Cli>Attack type: local privilege escalation\u003C\u002Fli>\u003Cli>Impact: possible root access\u003C\u002Fli>\u003Cli>Risk rating: CVSS 7.8\u003C\u002Fli>\u003Cli>Affected systems: Linux distributions shipped since 2017\u003C\u002Fli>\u003Cli>Fix: update to a kernel containing commit a664bf3d603d\u003C\u002Fli>\u003C\u002Ful>\u003Cp>If you run shared Linux infrastructure, the immediate task is simple: check vendor advisories, patch the kernel, and verify the fix on every host that allows local users. If you manage container platforms, treat this like a host-level issue, because containers do not help if the kernel underneath is vulnerable.\u003C\u002Fp>\u003Ch2>What this says about AI in vulnerability research\u003C\u002Fh2>\u003Cp>This story is a good reminder that AI is becoming useful in the parts of security work that involve reading huge amounts of code and spotting strange edge cases. Theori did not claim the tool magically invented a bug; it used AI-assisted analysis to surface something a human researcher could then validate.\u003C\u002Fp>\u003Cp>That distinction matters. Security teams should expect more findings like this, especially in mature codebases where old optimizations and compatibility fixes can hide for years. The real question is not whether AI will replace kernel researchers. It is whether teams will patch faster than the next local flaw gets found.\u003C\u002Fp>\u003Cp>For now, the actionable takeaway is straightforward: if your Linux fleet has not been updated recently, treat this as a priority patch and confirm the kernel build includes the upstream fix. The next interesting question is whether AI-guided review starts finding similar bugs in other long-lived subsystems before attackers do.\u003C\u002Fp>","A researcher used AI tooling to find Copy Fail, a Linux kernel zero-day present since 2017 and rated CVSS 7.8.","www.infosecurity-magazine.com","https:\u002F\u002Fwww.infosecurity-magazine.com\u002Fnews\u002Fzero-day-2017-linux-kernel\u002F",null,"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1777950668583-4o4f.png",[13,14,15,16,17],"Linux kernel","zero-day","AI security","CVE-2026-31431","privilege escalation","en",0,false,"2026-05-05T03:10:39.09756+00:00","2026-05-05T03:10:39.083+00:00","done","8e110f3c-c4c4-418d-ac99-80e195336d32","ai-finds-nine-year-linux-kernel-zero-day-en","research","1fca21d0-9325-4d47-962e-760aba931ae2","published","2026-05-05T09:00:17.792+00:00",[31,32,33],"AI-assisted analysis helped uncover a Linux kernel zero-day that has existed since 2017.","Copy Fail can let a local user gain root access, making shared systems and hosts the main concern.","Most major distributions already have fixes, but admins still need to verify the patched kernel is installed.",[35,36,38,40,42],{"name":14,"slug":14},{"name":16,"slug":37},"cve-2026-31431",{"name":15,"slug":39},"ai-security",{"name":13,"slug":41},"linux-kernel",{"name":17,"slug":43},"privilege-escalation",{"id":27,"slug":45,"title":46,"language":47},"ai-finds-nine-year-linux-kernel-zero-day-zh","AI 找到 Linux 核心九年零日漏洞","zh",[49,55,61,67,73,79],{"id":50,"slug":51,"title":52,"cover_image":53,"image_url":53,"created_at":54,"category":26},"94994abd-e24d-4fd1-b941-942d03d19acf","turboquant-seo-shift-small-sites-en","TurboQuant and the SEO Shift for Small Sites","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1778840455122-jfce.png","2026-05-15T10:20:28.134545+00:00",{"id":56,"slug":57,"title":58,"cover_image":59,"image_url":59,"created_at":60,"category":26},"670a7f69-911f-41e8-a18b-7d3491253a19","turboquant-vllm-comparison-fp8-kv-cache-en","TurboQuant vs FP8: vLLM’s first broad test","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1778839858405-b5ao.png","2026-05-15T10:10:37.219158+00:00",{"id":62,"slug":63,"title":64,"cover_image":65,"image_url":65,"created_at":66,"category":26},"5aef1c57-961f-49f7-8277-f83f7336799a","llmbda-calculus-agent-safety-rules-en","LLMbda calculus gives agents safety rules","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1778825459914-obkf.png","2026-05-15T06:10:36.242145+00:00",{"id":68,"slug":69,"title":70,"cover_image":71,"image_url":71,"created_at":72,"category":26},"712a0357-f7cd-48f2-adde-c2691da0815f","low-complexity-beamspace-denoiser-mmwave-mimo-en","A simpler beamspace denoiser for mmWave MIMO","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1778814646705-e7mx.png","2026-05-15T03:10:31.764301+00:00",{"id":74,"slug":75,"title":76,"cover_image":77,"image_url":77,"created_at":78,"category":26},"f595f949-6ea1-4b0e-a632-f1832ef26e36","ai-benchmark-wins-cyber-scare-defenders-en","Why AI benchmark wins in cyber should scare defenders","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1778807444539-gz7f.png","2026-05-15T01:10:30.04579+00:00",{"id":80,"slug":81,"title":82,"cover_image":83,"image_url":83,"created_at":84,"category":26},"3ad202d1-9e5f-49c5-8383-02fcf1a23cf2","why-linux-security-needs-patch-wave-mindset-en","Why Linux security needs a patch-wave mindset","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1778741441493-ikl6.png","2026-05-14T06:50:25.906256+00:00",[86,91,96,101,106,111,116,121,126,131],{"id":87,"slug":88,"title":89,"created_at":90},"a2715e72-1fe8-41b3-abb1-d0cf1f710189","ai-predictions-2026-big-changes-en","AI Predictions for 2026: Brace for Big Changes","2026-03-26T01:25:07.788356+00:00",{"id":92,"slug":93,"title":94,"created_at":95},"8404bd7b-4c2f-4109-9ec4-baf29d88af2b","ml-papers-of-the-week-github-research-desk-en","ML Papers of the Week Turns GitHub Into a Research Desk","2026-03-27T01:11:39.480259+00:00",{"id":97,"slug":98,"title":99,"created_at":100},"87897a94-8065-4464-a016-1f23e89e17cc","ai-ml-conferences-to-watch-in-2026-en","AI\u002FML Conferences to Watch in 2026","2026-03-27T01:51:54.184108+00:00",{"id":102,"slug":103,"title":104,"created_at":105},"6f1987cf-25f3-47a4-b3e6-db0997695be8","openclaw-agents-manipulated-self-sabotage-en","OpenClaw Agents Can Be Manipulated Into Failure","2026-03-28T03:03:18.899465+00:00",{"id":107,"slug":108,"title":109,"created_at":110},"a53571ad-735a-4178-9f93-cb09b699d99c","vega-driving-language-instructions-en","Vega: Driving with Natural Language Instructions","2026-03-28T14:54:04.698882+00:00",{"id":112,"slug":113,"title":114,"created_at":115},"a34581d6-f36e-46da-88bb-582fb3e7425c","personalizing-autonomous-driving-styles-en","Drive My Way: Personalizing Autonomous Driving Styles","2026-03-28T14:54:26.148181+00:00",{"id":117,"slug":118,"title":119,"created_at":120},"2bc1ad7f-26ce-4f02-9885-803b35fd229d","training-knowledge-bases-writeback-rag-en","Training Knowledge Bases with WriteBack-RAG","2026-03-28T14:54:45.643433+00:00",{"id":122,"slug":123,"title":124,"created_at":125},"71adc507-3c54-4605-bbe2-c966acd6187e","packforcing-long-video-generation-en","PackForcing: Efficient Long-Video Generation Method","2026-03-28T14:55:02.646943+00:00",{"id":127,"slug":128,"title":129,"created_at":130},"675942ef-b9ec-4c5f-a997-381250b6eacb","pixelsmile-facial-expression-editing-en","PixelSmile Framework Enhances Facial Expression Editing","2026-03-28T14:55:20.633463+00:00",{"id":132,"slug":133,"title":134,"created_at":135},"6954fa2b-8b66-4839-884b-e46f89fa1bc3","adaptive-block-scaled-data-types-en","IF4: Smarter 4-Bit Quantization That Adapts to Your Data","2026-03-31T06:00:36.65963+00:00"]