11:51
Ubuntu, SUSA, Amazon Linux, and Red Hat walked into a bar that only Linux dros can get into. They sat around talking about the bulletproof kernel code they all shared. But then, out of nowhere, a 732 by Python script penetrated the back door and beat them all to death with a baseball bat. Last week, a 100% reliable logic flaw was discovered in the heart of the Linux kernel. It had been sitting there quietly since 2017 until an AI scanning tool surfaced the issue, wrote an exploit, and even designed a fancy website for it. And it affects basically every Linux machine on planet Earth, or at least every machine updated since 2017. That means if you run a Linux server, or you're one of the top 3% of
absolute units who run Linux on desktop, you need to update your stuff like yesterday. Any script kitty who watched this video I made a few weeks ago, it can easily take control of your machine with tools like Metas-ploit. It's no joke. Crowd Strike has already confirmed that attackers are using this script in the wild and CISA has already put it on the notorious Kev list, a known exploited vulnerabilities. In today's video, we'll look at the technical details behind copy fail CVE-2026-31431 and find out why Linux sucks and you should only ever use Microsoft Windows. It is May 4th, 2026, and you're watching the code report. Personally, I love Linux, but my private equity Illuminati
handlers want me to tell you it sucks in order to control the narrative and sell more copies of Windows. What's kind of crazy, though, is that the going rate for a universal Linux privilege escalation on the gray market is somewhere between $10,000 and $7 million, and that's based on crowdfence bounty pricing. But a few days ago, an AI agent found one in about an hour of scan time. And theori, the company behind this AI powered hacker, dropped the proof of concept on the public internet for free. The exploit targets the Linux kernel directly, and it's such a big deal, they gave it its own fancy website. At first, people were skeptical that it was just some overblown AI slop, but it was later confirmed by the Linux
kernel team and was traced back to a few normallooking commits from 2015 and 2017. But the scariest thing is that every Linux distro is affected. Debian, Arch, Red Hat, you name it. If it has kernel code after 2017, it needs to be updated right now. But now, let's find out how it actually works. Well, to understand it, let's take a look at the raw exploit code in this tiny Python script. What this code can do is allow an unprivileged local user to write four uncontrolled bytes into the page cache of any readable file on a Linux system and use it to gain root access. What you'll notice is that the code relies on something in Linux called ONC ESN, which means authentication encryption extended
sequence numbers. We don't need to understand what this thing does, but the important part is that it lives behind Linux's AF_AGL interface, which exposes kernel crypto algorithms to user space. But all think ESN has this weird internal behavior where it writes four bytes of scratch data into what it thinks is a crypto output buffer, but because of a bug in the AFG splice function, that output buffer can accidentally point into the page cache of a readonly file. Like in this Python script, it points to the readonly SU file. And that's really bad because SU is on every Linux distro and allows you to run a command as a root user. The good news though is that copy fail is not remotely exploitable, which
means to run it, you would have to be a regular user on a Linux machine, or the attacker would have to gain a foothold on the system through SSH or some other compromised application. That means your Archbased laptop is probably safe, but it'd still be a good idea to patch it anyway. What's crazier than the exploit itself, though, is how it was discovered. Like I mentioned, it was discovered by an AI agent and basically they just gave it a prompt that said Splice can deliver page cache references of readonly files to crypto TX scatter lists could go look. And it only took 1 hour of scan time to completely bork every Linux machine on planet Earth.
These AI hackers are teaching us that now more than ever our AI coding agents need to be writing the best quality slot possible. And one tool that can help you do that is Code Rabbit, the sponsor of today's video. that they just launched a code rabbit agent for slack which gives your team an agent for managing your entire development workflow right inside your slack channels. You start by connecting your team's tools like GitHub and Sentry then bundle them into a scope to provide operating context for your agent. Then you can add mention code rabbit in any Slack channel whenever something comes up and it'll pull the relevant traces to find the issue, open a pull request with the fix and notify
you when it's finished without you ever needing to leave Slack. It also adds every decision and pull request to your team's knowledge base is so the agent can get smarter about your team's workflow over time. So try it out for free at the link below and you'll get an extra $50 in free credits. This has been the Code Report. Thanks for watching and I will see you in the next one.
