https://lazzarotto.dev/blog/en/tags/ansible/Recent content in Ansible on Marco LazzarottoHugoen-uspostmaster@mlazzarotto.it (Marco Lazzarotto)postmaster@mlazzarotto.it (Marco Lazzarotto)Marco LazzarottoFri, 01 May 2026 00:00:00 +0100https://lazzarotto.dev/blog/en/mitigating-the-copy-fail-vulnerability-cve-2026-31431-with-a-simple-ansible-playbook/Fri, 01 May 2026 00:00:00 +0100postmaster@mlazzarotto.it (Marco Lazzarotto)https://lazzarotto.dev/blog/en/mitigating-the-copy-fail-vulnerability-cve-2026-31431-with-a-simple-ansible-playbook/<p><a class="link" href="https://github.com/mlazzarotto/copy-fail-CVE-2026-31431-mitigation-ansible-playbook" target="_blank" rel="noopener" >Direct link to the Github repo</a></p> <h2 id="in-a-nutshell-theres-a-new-critical-linux-bug-going-around">In a nutshell: there&rsquo;s a new critical Linux bug going around </h2><p><a class="link" href="https://copy.fail/" target="_blank" rel="noopener" >&lsquo;Copy Fail&rsquo;</a> is a new and nasty local privilege escalation bug, <a class="link" href="https://cert.europa.eu/publications/security-advisories/2026-005/" target="_blank" rel="noopener" >CVE-2026-31431</a>, discovered by the analyst team at <a class="link" href="https://xint.io/products/xint-code" target="_blank" rel="noopener" >Xint Code</a>.</p> <p>This bug essentially allows an attacker to gain <em>root</em> privileges on many Linux operating systems (Ubuntu, Debian, RHEL, Suse, Alma, Amazon Linux) using a Python script of just 732 bytes.</p> <p>&lsquo;Copy Fail&rsquo; only requires a local unprivileged user account: no network access, no kernel debug capabilities, no pre-installed libraries. The kernel&rsquo;s cryptographic API (AF_ALG) is enabled by default on virtually all major distributions, meaning the entire patch range from 2017 onward is vulnerable.</p>