A newly discovered vulnerability affecting most major Linux distributions since 2017 poses a potential security risk to the cryptocurrency sector. Dubbed “Copy Fail,” the flaw allows attackers to gain root access with a small Python script if they have initial entry to a system. The U.S. Cybersecurity and Infrastructure Agency (CISA) has warned the bug presents significant risks, adding it to its Known Exploited Vulnerabilities catalog.
A severe vulnerability could impact most open-source major Linux distributions released since 2017. The U.S. Cybersecurity and Infrastructure Agency (CISA) added the flaw to its Known Exploited Vulnerabilities catalog, warning it poses significant risks to federal systems.
The vulnerability allows attackers to gain root access across many Linux systems using a 732-byte Python script. Researcher Miguel Angel Duran said it only requires “10 lines of Python” to access root permissions on affected systems.
Duran stated, “This Linux vulnerability is insane.” Linux is widely used by cryptocurrency exchanges, blockchain nodes, and custodial services for its security and efficiency.
Xint Code said the flaw is a trivially exploitable logic bug reachable on all major distributions from the last nine years. The group stated, “A small, portable python script gets root on all platforms.”
Theori CEO Brian Pak said he reported the vulnerability privately to the Linux kernel security team on March 23. Pak noted that patches landed in the mainline code on April 1, with a public disclosure following on April 29.
