[重要安全性通知] 发现假冒 Qfinder Pro 网站。了解详情 >

安全ID : QSA-26-16

Local Privilege Escalation Vulnerability in Linux Kernel (Copy Fail)


  • 发布日期 : May 2, 2026

  • 通用漏洞披露 : CVE-2026-31431

  • 未受影响产品:
    All QNAP x86-based NAS
    All QuTS hero NAS models
    QNAP ARM-based NAS running QTS 4.x (these utilize older kernel versions).
    QNAP ARM-based NAS running kernel versions other than 5.10.

  • 受影响产品:
    QTS on specific QNAP ARM64 NAS models running Kernel 5.10

严重程度

Moderate

状态

已解决


Summary
A local privilege escalation vulnerability, commonly known as "Copy Fail", has been reported to affect the Linux kernel. If exploited, this vulnerability could allow an authenticated, non-administrator user with code execution capabilities to obtain elevated system privileges.

This vulnerability specifically affects systems that meet both of the following criteria:

  1. Architecture: ARM64 .
  2. Kernel Version: Linux Kernel 5.10.

QNAP is currently investigating the issue and developing security updates. This advisory will be updated as soon as fixes are available.

Affected Products
The following operating system versions are affected:

  • QTS on specific QNAP ARM64 NAS models running Kernel 5.10 

To verify your NAS architecture and kernel version, please log in to QTS or check the technical specifications for your model at: https://www.qnap.com/go/release-notes/kernel

Products Not Affected

The following products and configurations are not impacted by this vulnerability:

  • All QNAP x86-based NAS 
  • All QuTS hero NAS models 
  • QNAP ARM-based NAS running QTS 4.x (these utilize older kernel versions).
  • QNAP ARM-based NAS running kernel versions other than 5.10.

Recommendation

The security vulnerability has been successfully patched. Please download and install the latest firmware to ensure your device remains secure.

修订历史:
V1.0 (May 2, 2026) - Published
V1.1 (May 25, 2026) - Change status to "Resolved"

选择规格

      显示更多 隐藏更多
      open menu
      back to top