Recently, a vulnerability called Copy Fail (CVE-2026-31431) was disclosed. This allows an unprivileged local user to exploit a flaw in the Linux kernel to gain root privileges or escape containers. A PoC has already been published, making it exploitable by anyone.
While this has been fixed in recent kernel releases, it seems it hasn’t reached Manjaro’s stable branch yet. For example, the version of linux618 in stable is v6.18.18, which is older than v6.18.22 where the patch was merged.
Around when will this fix be integrated into stable?
Hopefully someone will be able to expand on this further, but it seems 6.18.25-1 is in testing currently, so the next kernel update should fix it (but someone on the inside will need to say when that might be).
The severity isn’t as high as it might sound. A system would generally need to be compromised first for this to be exploited (unless full user access has already been granted).
None the less, the fix should arrive in the next stable update coming to a repo near you.
IMHO this line of thought always is problematic as it is at least forgetting multi user systems where there always is a reason to not let users gain root privileges.
Security vulnerabilities need patching/closing ASAP.
edit: Mitigations are known - one can apply them if deemed necessary until an update is available.
Before you can patch: disable the algif_aead module.
I verified that in my use case the vulnerability could not be activated against my systems. But, being the impatient type, I also installed LINUX7 so I am covered anyway. And I have not, so far, found any problems with the 7 rc. IF anyone is equally or more impatient they have this option.
This is true, UNIX is a multi-user system. I have used UNIX in a multi-user environment throughout my life, even professionally on large networks.
Trying to lock down the OS from the user level, assuming your systems are bug free, is a very hard thing to do. You basically have to start by removing users’ ability to do most things, to be truly safe.
Linux has a reputation for being a secure operating system, but that reputation has its limits. A knowledgeable attacker with nothing more than an unprivileged shell can often find a path to escalated privileges. Most modern security efforts remain focused outward, on keeping external threats at bay. Many security experts consider an unprivileged shell, already compromised.
In multi-user environments, there is typically an implicit level of trust among users. (You try to circumvent our security, and you fired!) More critically, these systems almost always authenticate against a centralised authority, with every service tied to that single source of truth. The entire operating system is configured with this architecture in mind, which is notably not the case with a default Manjaro installation.
There were even free “shell” accounts around here in the back in the 90s and 2000s. You got free Internet (through lynx), called FreeNet./usr/bin/lynx was actually the shell configured in /etc/passwd. Secure right?
Oh the things I could do back then.. I miss the wide-open Internet.
If you are part of a multi-user system running on Manjaro stable branch and kernel 6.18.18 consider informing the administrator responsible for the server you are connecting to.
