티오리, 리눅스 커널 취약점 'Copy Fail' 발견

티오리, 리눅스 커널 취약점 'Copy Fail' 발견

South Korean cybersecurity startup 티오리 disclosed a high-severity Linux kernel vulnerability, dubbed 'Copy Fail' (CVE-2026-31431), that allows local users to gain root privileges. The bug arises from a logic flaw in the kernel's cryptographic module that mishandles page cache data, enabling memory-only tampering without altering disk files—making forensic detection difficult. 티오리 identified the flaw in about one hour using its AI-powered code analysis tool, Xint Code, and collaborated with the Linux kernel security team on a patch. Affected distributions include Ubuntu, Amazon Linux, RHEL, and SUSE kernels post-2017.

Why it matters: This event signals a new paradigm in vulnerability research: AI-assisted code analysis is compressing discovery timelines from weeks to hours, especially in complex, low-level systems like the Linux kernel. 티오리's Xint Code exemplifies how specialized AI tools can augment human expertise to surface logic errors that static analysis and manual review might miss. The 'Copy Fail' bug also highlights how memory-only attacks can bypass traditional file integrity checks, raising the bar for security monitoring in cloud and container environments where page cache is shared across tenants.

Expert take: The discovery underscores a broader substrate shift: AI is becoming a dual-use capability in cybersecurity—enabling both offense (automated exploit generation) and defense (faster vulnerability discovery). 티오리, a relatively small player in the security AI segment, has demonstrated that domain-specific AI models can compete with large labs in finding critical flaws. This validates the 'context-engineering moat' pattern where specialized data and expert feedback loops create defensible tools. For enterprise buyers, this accelerates the need to adopt AI-driven security posture management, as attackers will inevitably leverage similar capabilities.

#Linux #Security #AI #Vulnerability #티오리 #Cybersecurity #Kernel #CVE