VYPR
advisoryPublished Jul 14, 2026· 1 source

Linux Kernel Vulnerability CVE-2026-31431 Exposes ABB Ability Edgenius to Root Privilege Escalation

A critical Linux kernel vulnerability, CVE-2026-31431, known as 'Copy Fail,' allows local authenticated users or compromised containers to gain root privileges on affected ABB Ability Edgenius systems.

ABB has issued a security advisory detailing a critical vulnerability, CVE-2026-31431, affecting multiple versions of its ABB Ability Edgenius platform. This flaw, originating in the Linux kernel's cryptographic subsystem, could allow a locally authenticated user or a compromised container workload to escalate privileges to root, granting complete control over the affected system.

The vulnerability, dubbed 'Copy Fail,' stems from an incorrect 'in-place operation' within the Linux kernel's algif_aead cryptographic algorithm interface. This flaw can lead to unexpected behavior or data integrity issues during cryptographic operations, potentially impacting the reliability of encrypted communications. Successful exploitation requires local code execution, but in shared, containerized, or multi-tenant environments, this risk is amplified.

Specifically, ABB Ability Edgenius versions prior to 3.2.4.1 are vulnerable when installed on ABB Ability Edgenius Gateway (bE100 and E3100C models) and ABB Ability Edgenius Server (vE1000). The Common Vulnerability Scoring System (CVSS) v3.1 base score for this vulnerability is 7.8 (HIGH), with a vector string of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating a significant risk.

ABB Ability Edgenius is an edge computing platform designed to connect to control systems, collect operational data, and host applications that provide real-time insights and AI-driven recommendations, particularly within critical infrastructure sectors like critical manufacturing. The platform is deployed worldwide, with ABB's headquarters located in Switzerland.

To mitigate the risk, ABB has released version 3.2.4.1 of ABB Ability Edgenius, which incorporates the necessary Linux kernel security update. The company strongly recommends that customers apply this update at their earliest convenience. While no additional lower-privilege users are present on Edgenius installations by default, ABB also advises limiting access to SSH or cockpit as a general security recommendation.

ABB PSIRT reported this vulnerability to CISA, and it has been publicly disclosed. At the time of the advisory's issuance, ABB had not received any reports of this vulnerability being actively exploited in the wild on Edgenius products. However, the nature of the vulnerability, allowing for full system control, makes it a prime target for malicious actors.

Successful exploitation could enable a local attacker to gain administrative control, execute arbitrary code, or cause the system node to become unavailable. The vulnerability requires local access, meaning an attacker would need physical access or valid credentials (like SSH access) to exploit it. Despite the local access requirement, the potential for complete system compromise underscores the urgency of applying the available patch.

This advisory highlights the ongoing challenge of securing industrial control systems and edge computing platforms, which often rely on underlying operating system components like the Linux kernel. Vulnerabilities in these foundational elements can have far-reaching consequences, especially in critical infrastructure environments where system availability and data integrity are paramount.

Synthesized by Vypr AI