Linux Kernel權限提升漏洞

發佈日期: 2026年05月04日

風險: 中度風險

類型: 操作系統 - LINUX

於 Linux Kernel 發現一個漏洞。本地攻擊者可利用這個漏洞，於目標系統觸發權限提升。

 

注意:

CVE-2026-31431 正在被廣泛利用。Copy Fail（CVE-2026-31431）是 Linux 核心中 authencesn 密碼學範本的一項邏輯漏洞。此漏洞可能使未具特權的本機使用者，對系統上任何可讀取檔案的頁面快取執行可控的四位元組寫入。對於自 2017 年起發佈的受影響 Linux 發行版而言，此問題可能導致本機權限提升，包括取得 root 權限。

---

影響

• 權限提升

---

受影響之系統或技術

• Ubuntu: https://ubuntu.com/security/CVE-2026-31431
• Debian: https://security-tracker.debian.org/tracker/CVE-2026-31431
• Red Hat: https://access.redhat.com/security/cve/cve-2026-31431
• SUSE: https://www.suse.com/security/cve/CVE-2026-31431.html
• Amazon:https://explore.alas.aws.amazon.com/CVE-2026-31431.html
• Arch：https://security.archlinux.org/CVE-2026-31431
• AlmaLinux: https://almalinux.org/blog/2026-05-01-cve-2026-31431-copy-fail/
• Cloudlinux: https://blog.cloudlinux.com/cve-2026-31431-copy-fail-mitigation-and-patches
• Gentoo: https://bugs.gentoo.org/show_bug.cgi?id=CVE-2026-31431

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

安裝軟件供應商提供的修補程式：

• Ubuntu: https://ubuntu.com/security/CVE-2026-31431
• Debian: https://security-tracker.debian.org/tracker/CVE-2026-31431
• Red Hat: https://access.redhat.com/security/cve/cve-2026-31431
• SUSE: https://www.suse.com/security/cve/CVE-2026-31431.html
• Amazon:https://explore.alas.aws.amazon.com/CVE-2026-31431.html
• Arch：https://security.archlinux.org/CVE-2026-31431
• AlmaLinux: https://almalinux.org/blog/2026-05-01-cve-2026-31431-copy-fail/
• Cloudlinux: https://blog.cloudlinux.com/cve-2026-31431-copy-fail-mitigation-and-patches
• Gentoo: https://bugs.gentoo.org/show_bug.cgi?id=CVE-2026-31431

---

漏洞識別碼

• CVE-2026-31431

---

資料來源

• Ubuntu: https://ubuntu.com/security/CVE-2026-31431
• Debian: https://security-tracker.debian.org/tracker/CVE-2026-31431
• Red Hat: https://access.redhat.com/security/cve/cve-2026-31431
• SUSE: https://www.suse.com/security/cve/CVE-2026-31431.html
• Amazon:https://explore.alas.aws.amazon.com/CVE-2026-31431.html
• Arch：https://security.archlinux.org/CVE-2026-31431
• AlmaLinux: https://almalinux.org/blog/2026-05-01-cve-2026-31431-copy-fail/
• Cloudlinux: https://blog.cloudlinux.com/cve-2026-31431-copy-fail-mitigation-and-patches
• Gentoo: https://bugs.gentoo.org/show_bug.cgi?id=CVE-2026-31431

---

相關連結

• https://ubuntu.com/security/CVE-2026-31431
• https://security-tracker.debian.org/tracker/CVE-2026-31431
• https://access.redhat.com/security/cve/cve-2026-31431
• https://www.suse.com/security/cve/CVE-2026-31431.html
• https://explore.alas.aws.amazon.com/CVE-2026-31431.html
• https://security.archlinux.org/CVE-2026-31431
• https://almalinux.org/blog/2026-05-01-cve-2026-31431-copy-fail/
• https://blog.cloudlinux.com/cve-2026-31431-copy-fail-mitigation-and-patches
• https://bugs.gentoo.org/show_bug.cgi?id=CVE-2026-31431
• https://copy.fail/
• https://xint.io/blog/copy-fail-linux-distributions
• https://www.cisa.gov/news-events/alerts/2026/05/01/cisa-adds-one-known-exploited-vulnerability-catalog
• 
  

Linux Kernel Elevation of Privilege Vulnerability

Release Date: 4 May 2026

RISK: Medium Risk

TYPE: Operating Systems - Linux

A vulnerability was identified in Linux Kernel. A local attacker can exploit this vulnerability to trigger elevation of privilege on the targeted system.

 

Note: 

CVE-2026-31431 is being exploited in the wild. Copy Fail (CVE-2026-31431) is a logic bug in the Linux kernel's authencesn cryptographic template. It lets an unprivileged local user trigger a deterministic, controlled 4-byte write into the page cache of any readable file on the system. A single 732-byte Python script can edit a setuid binary and obtain root on essentially all Linux distributions shipped since 2017.

---

Impact

• Elevation of Privilege

---

System / Technologies affected

• Ubuntu: https://ubuntu.com/security/CVE-2026-31431
• Debian: https://security-tracker.debian.org/tracker/CVE-2026-31431
• Red Hat: https://access.redhat.com/security/cve/cve-2026-31431
• SUSE: https://www.suse.com/security/cve/CVE-2026-31431.html

• Amazon:https://explore.alas.aws.amazon.com/CVE-2026-31431.html
• Arch：https://security.archlinux.org/CVE-2026-31431
• AlmaLinux: https://almalinux.org/blog/2026-05-01-cve-2026-31431-copy-fail/
• Cloudlinux: https://blog.cloudlinux.com/cve-2026-31431-copy-fail-mitigation-and-patches
• Gentoo: https://bugs.gentoo.org/show_bug.cgi?id=CVE-2026-31431

---

Solutions

Before installation of the software, please visit the software vendor web-site for more details.

Apply fixes issued by the vendor:

• Ubuntu: https://ubuntu.com/security/CVE-2026-31431
• Debian: https://security-tracker.debian.org/tracker/CVE-2026-31431
• Red Hat: https://access.redhat.com/security/cve/cve-2026-31431
• SUSE: https://www.suse.com/security/cve/CVE-2026-31431.html
• Amazon:https://explore.alas.aws.amazon.com/CVE-2026-31431.html
• Arch：https://security.archlinux.org/CVE-2026-31431
• AlmaLinux: https://almalinux.org/blog/2026-05-01-cve-2026-31431-copy-fail/
• Cloudlinux: https://blog.cloudlinux.com/cve-2026-31431-copy-fail-mitigation-and-patches
• Gentoo: https://bugs.gentoo.org/show_bug.cgi?id=CVE-2026-31431

---

Vulnerability Identifier

• CVE-2026-31431

---

Source

• Ubuntu: https://ubuntu.com/security/CVE-2026-31431
• Debian: https://security-tracker.debian.org/tracker/CVE-2026-31431
• Red Hat: https://access.redhat.com/security/cve/cve-2026-31431
• SUSE: https://www.suse.com/security/cve/CVE-2026-31431.html
• Amazon:https://explore.alas.aws.amazon.com/CVE-2026-31431.html
• Arch：https://security.archlinux.org/CVE-2026-31431
• AlmaLinux: https://almalinux.org/blog/2026-05-01-cve-2026-31431-copy-fail/
• Cloudlinux: https://blog.cloudlinux.com/cve-2026-31431-copy-fail-mitigation-and-patches
• Gentoo: https://bugs.gentoo.org/show_bug.cgi?id=CVE-2026-31431

---

Related Link

• https://ubuntu.com/security/CVE-2026-31431
• https://security-tracker.debian.org/tracker/CVE-2026-31431
• https://access.redhat.com/security/cve/cve-2026-31431
• https://www.suse.com/security/cve/CVE-2026-31431.html
• https://explore.alas.aws.amazon.com/CVE-2026-31431.html
• https://security.archlinux.org/CVE-2026-31431
• https://almalinux.org/blog/2026-05-01-cve-2026-31431-copy-fail/
• https://blog.cloudlinux.com/cve-2026-31431-copy-fail-mitigation-and-patches
• https://bugs.gentoo.org/show_bug.cgi?id=CVE-2026-31431
• https://copy.fail/
• https://xint.io/blog/copy-fail-linux-distributions
• https://www.cisa.gov/news-events/alerts/2026/05/01/cisa-adds-one-known-exploited-vulnerability-catalog

Microsoft Edge 多個漏洞

發佈日期: 2026年05月04日

風險: 中度風險

類型: 用戶端 - 瀏覽器

於 Microsoft Edge 發現多個漏洞。遠端攻擊者可利用這些漏洞，於目標系統觸發遠端執行任意程式碼、阻斷服務狀況、繞過保安限制、資料篡改及洩露敏感資料。

---

影響

• 資料洩露
• 繞過保安限制
• 遠端執行程式碼
• 阻斷服務
• 篡改

---

受影響之系統或技術

• Microsoft Edge 147.0.3912.98 之前的版本

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

安裝軟件供應商提供的修補程式：

• 更新至 147.0.3912.98 或之後版本

---

漏洞識別碼

• CVE-2026-7333
• CVE-2026-7334
• CVE-2026-7335
• CVE-2026-7336
• CVE-2026-7337
• CVE-2026-7338
• CVE-2026-7339
• CVE-2026-7340
• CVE-2026-7341
• CVE-2026-7343
• CVE-2026-7344
• CVE-2026-7345
• CVE-2026-7346
• CVE-2026-7347
• CVE-2026-7348
• CVE-2026-7349
• CVE-2026-7350
• CVE-2026-7351
• CVE-2026-7353
• CVE-2026-7354
• CVE-2026-7355
• CVE-2026-7356
• CVE-2026-7357
• CVE-2026-7358
• CVE-2026-7359
• CVE-2026-7360
• CVE-2026-7363

---

資料來源

• Microsoft Edge

---

相關連結

• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7333
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7334
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7335
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7336
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7337
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7338
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7339
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7340
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7341
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7343
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7344
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7345
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7346
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7347
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7348
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7349
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7350
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7351
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7353
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7354
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7355
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7356
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7357
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7358
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7359
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7360
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7363
• https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#april-30-2026

Microsoft Edge Multiple Vulnerabilities

Release Date: 4 May 2026

RISK: Medium Risk

TYPE: Clients - Browsers

Multiple vulnerabilities were identified in Microsoft Edge. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, denial of service condition, security restriction bypass, data manipulation and sensitive information disclosure on the targeted system.

---

Impact

• Information Disclosure
• Security Restriction Bypass
• Remote Code Execution
• Denial of Service
• Data Manipulation

---

System / Technologies affected

• Microsoft Edge version prior to 147.0.3912.98

---

Solutions

Before installation of the software, please visit the software vendor web-site for more details.

Apply fixes issued by the vendor:

• Update to version 147.0.3912.98 or later

---

Vulnerability Identifier

• CVE-2026-7333
• CVE-2026-7334
• CVE-2026-7335
• CVE-2026-7336
• CVE-2026-7337
• CVE-2026-7338
• CVE-2026-7339
• CVE-2026-7340
• CVE-2026-7341
• CVE-2026-7343
• CVE-2026-7344
• CVE-2026-7345
• CVE-2026-7346
• CVE-2026-7347
• CVE-2026-7348
• CVE-2026-7349
• CVE-2026-7350
• CVE-2026-7351
• CVE-2026-7353
• CVE-2026-7354
• CVE-2026-7355
• CVE-2026-7356
• CVE-2026-7357
• CVE-2026-7358
• CVE-2026-7359
• CVE-2026-7360
• CVE-2026-7363

---

Source

• Microsoft Edge

---

Related Link

• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7333
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7334
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7335
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7336
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7337
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7338
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7339
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7340
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7341
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7343
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7344
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7345
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7346
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7347
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7348
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7349
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7350
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7351
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7353
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7354
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7355
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7356
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7357
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7358
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7359
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7360
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7363
• https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#april-30-2026

Mozilla Thunderbird 多個漏洞

發佈日期: 2026年05月04日

風險: 中度風險

類型: 用戶端 - 瀏覽器

於 Mozilla Thunderbird 發現多個漏洞。遠端攻擊者可利用這些漏洞，於目標系統觸發敏感資料洩露、遠端執行任意程式碼及繞過保安限制。

 

---

影響

• 遠端執行程式碼
• 繞過保安限制
• 資料洩露

---

受影響之系統或技術

以下版本之前的版本﹕

 

• Thunderbird 140.10.1
• Thunderbird 150.0.1

---

解決方案

在安裝軟體之前，請先瀏覽供應商之官方網站，以獲得更多詳細資料。

更新至版本:

 

• Thunderbird 140.10.1
• Thunderbird 150.0.1

 

---

漏洞識別碼

• CVE-2026-7320
• CVE-2026-7321
• CVE-2026-7322
• CVE-2026-7323
• CVE-2026-7324

---

資料來源

• Mozilla

---

相關連結

• https://www.mozilla.org/en-US/security/advisories/mfsa2026-38/
• https://www.mozilla.org/en-US/security/advisories/mfsa2026-39/

Mozilla Thunderbird Multiple Vulnerabilities

Release Date: 4 May 2026

RISK: Medium Risk

TYPE: Clients - Browsers

Multiple vulnerabilities were identified in Mozilla Thunderbird.  A remote attacker could exploit some of these vulnerabilities to trigger sensitive information disclosure, remote code execution and security restriction bypass on the targeted system.

---

Impact

• Remote Code Execution
• Security Restriction Bypass
• Information Disclosure

---

System / Technologies affected

Versions prior to:

 

• Thunderbird 140.10.1
• Thunderbird 150.0.1

 

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

 

• Thunderbird 140.10.1
• Thunderbird 150.0.1

---

Vulnerability Identifier

• CVE-2026-7320
• CVE-2026-7321
• CVE-2026-7322
• CVE-2026-7323
• CVE-2026-7324

---

Source

• Mozilla

---

Related Link

• https://www.mozilla.org/en-US/security/advisories/mfsa2026-38/
• https://www.mozilla.org/en-US/security/advisories/mfsa2026-39/

QNAP NAS 權限提升漏洞

發佈日期: 2026年05月04日

風險: 中度風險

類型: 伺服器 - 其他伺服器

於 QNAP NAS 發現一個漏洞。本地攻擊者可利用這個漏洞，於目標系統觸發權限提升。

 

注意:

CVE-2026-31431 正在被廣泛利用。一項稱為 「Copy Fail」 的本機權限提升漏洞，會影響 Linux 核心。如果被利用，此漏洞可能允許經過身份驗證、具有程式碼執行功能的非管理員使用者獲得提升的系統權限。

---

影響

• 權限提升

---

受影響之系統或技術

• QTS on specific QNAP ARM64 NAS models running Kernel 5.10

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

 

安裝供應商提供的修補程式：

• https://www.qnap.com/en/security-advisory/qsa-26-16

---

漏洞識別碼

• CVE-2026-31431

---

資料來源

• QNAP

---

相關連結

• https://www.qnap.com/en/security-advisory/qsa-26-16

QNAP NAS Elevation of Privilege Vulnerability

Release Date: 4 May 2026

RISK: Medium Risk

TYPE: Servers - Other Servers

A vulnerability was identified in QNAP NAS. A local attacker can exploit this vulnerability to trigger elevation of privilege on the targeted system.

 

Note: 

CVE-2026-31431 is being exploited in the wild. A local privilege escalation vulnerability, commonly known as "Copy Fail", has been reported to affect the Linux kernel. If exploited, this vulnerability could allow an authenticated, non-administrator user with code execution capabilities to obtain elevated system privileges.

---

Impact

• Elevation of Privilege

---

System / Technologies affected

• QTS on specific QNAP ARM64 NAS models running Kernel 5.10

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

• https://www.qnap.com/en/security-advisory/qsa-26-16

---

Vulnerability Identifier

• CVE-2026-31431

---

Source

• QNAP

---

Related Link

• https://www.qnap.com/en/security-advisory/qsa-26-16