automatic module_metadata_base.json update

jenkins-metasploit · jenkins-metasploit · commit e8bb3cd5fbaa · 2026-04-30T22:30:05.000Z
diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json
@@ -92250,6 +92250,60 @@
     "needs_cleanup": true,
     "actions": []
   },
+  "exploit_linux/local/cve_2026_31431_copy_fail": {
+    "name": "Copy Fail AF_ALG + authencesn Page-Cache Write",
+    "fullname": "exploit/linux/local/cve_2026_31431_copy_fail",
+    "aliases": [],
+    "rank": 600,
+    "disclosure_date": "2026-04-29",
+    "type": "exploit",
+    "author": [
+      "Xint Code",
+      "rootsecdev",
+      "Spencer McIntyre",
+      "Diego Ledda"
+    ],
+    "description": "CVE-2026-31431 is a logic flaw in the Linux kernel's authencesn AEAD template that, when reached via the\n          AF_ALG socket interface combined with splice(), allows an unprivileged local user to perform a controlled\n          4-byte write into the page cache of any readable file. Because the corrupted pages are never marked dirty, the\n          on-disk file is unchanged but the in-memory version is immediately visible system-wide, enabling local\n          privilege escalation by injecting shellcode into the page cache of a setuid-root binary such as /usr/bin/su.\n          The vulnerability was introduced by an in-place optimization in algif_aead.c (commit 72548b093ee3, 2017) and\n          affects essentially all major Linux distributions shipped since then until the fix in commit a664bf3d603d.",
+    "references": [
+      "CVE-2026-31431",
+      "URL-https://copy.fail/",
+      "URL-https://github.com/theori-io/copy-fail-CVE-2026-31431/blob/main/copy_fail_exp.py",
+      "URL-https://github.com/rootsecdev/cve_2026_31431"
+    ],
+    "platform": "Linux,Unix",
+    "arch": "cmd",
+    "rport": null,
+    "autofilter_ports": [],
+    "autofilter_services": [],
+    "targets": [
+      "Linux Command"
+    ],
+    "mod_time": "2026-04-30 17:51:30 +0000",
+    "path": "/modules/exploits/linux/local/cve_2026_31431_copy_fail.rb",
+    "is_install_path": true,
+    "ref_name": "linux/local/cve_2026_31431_copy_fail",
+    "check": true,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "AKA": [
+        "Copy Fail"
+      ],
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "SideEffects": []
+    },
+    "session_types": [
+      "shell",
+      "meterpreter"
+    ],
+    "needs_cleanup": null,
+    "actions": []
+  },
   "exploit_linux/local/desktop_privilege_escalation": {
     "name": "Desktop Linux Password Stealer and Privilege Escalation",
     "fullname": "exploit/linux/local/desktop_privilege_escalation",
@@ -213253,6 +213307,40 @@
     "adapted_refname": "linux/aarch64/chmod",
     "staged": false
   },
+  "payload_cmd/linux/http/aarch64/exec": {
+    "name": "HTTP Fetch, Linux Execute Command",
+    "fullname": "payload/cmd/linux/http/aarch64/exec",
+    "aliases": [],
+    "rank": 300,
+    "disclosure_date": null,
+    "type": "payload",
+    "author": [
+      "Brendan Watters",
+      "Spencer McIntyre"
+    ],
+    "description": "Fetch and execute an AARCH64 payload from an HTTP server.\nExecute an arbitrary command or just a /bin/sh shell",
+    "references": [],
+    "platform": "Linux",
+    "arch": "cmd",
+    "rport": null,
+    "autofilter_ports": null,
+    "autofilter_services": null,
+    "targets": null,
+    "mod_time": "2025-01-30 13:51:05 +0000",
+    "path": "/modules/payloads/adapters/cmd/linux/http/aarch64.rb",
+    "is_install_path": true,
+    "ref_name": "cmd/linux/http/aarch64/exec",
+    "check": false,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {},
+    "session_types": false,
+    "needs_cleanup": false,
+    "payload_type": 8,
+    "adapter_refname": "cmd/linux/http/aarch64",
+    "adapted_refname": "linux/aarch64/exec",
+    "staged": false
+  },
   "payload_cmd/linux/http/aarch64/meterpreter/reverse_tcp": {
     "name": "HTTP Fetch, Reverse TCP Stager",
     "fullname": "payload/cmd/linux/http/aarch64/meterpreter/reverse_tcp",
@@ -217580,6 +217668,40 @@
     "adapted_refname": "linux/aarch64/chmod",
     "staged": false
   },
+  "payload_cmd/linux/https/aarch64/exec": {
+    "name": "HTTPS Fetch, Linux Execute Command",
+    "fullname": "payload/cmd/linux/https/aarch64/exec",
+    "aliases": [],
+    "rank": 300,
+    "disclosure_date": null,
+    "type": "payload",
+    "author": [
+      "Brendan Watters",
+      "Spencer McIntyre"
+    ],
+    "description": "Fetch and execute an AARCH64 payload from an HTTPS server.\nExecute an arbitrary command or just a /bin/sh shell",
+    "references": [],
+    "platform": "Linux",
+    "arch": "cmd",
+    "rport": null,
+    "autofilter_ports": null,
+    "autofilter_services": null,
+    "targets": null,
+    "mod_time": "2025-01-30 13:51:05 +0000",
+    "path": "/modules/payloads/adapters/cmd/linux/https/aarch64.rb",
+    "is_install_path": true,
+    "ref_name": "cmd/linux/https/aarch64/exec",
+    "check": false,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {},
+    "session_types": false,
+    "needs_cleanup": false,
+    "payload_type": 8,
+    "adapter_refname": "cmd/linux/https/aarch64",
+    "adapted_refname": "linux/aarch64/exec",
+    "staged": false
+  },
   "payload_cmd/linux/https/aarch64/meterpreter/reverse_tcp": {
     "name": "HTTPS Fetch, Reverse TCP Stager",
     "fullname": "payload/cmd/linux/https/aarch64/meterpreter/reverse_tcp",
@@ -221907,6 +222029,40 @@
     "adapted_refname": "linux/aarch64/chmod",
     "staged": false
   },
+  "payload_cmd/linux/tftp/aarch64/exec": {
+    "name": "TFTP Fetch, Linux Execute Command",
+    "fullname": "payload/cmd/linux/tftp/aarch64/exec",
+    "aliases": [],
+    "rank": 300,
+    "disclosure_date": null,
+    "type": "payload",
+    "author": [
+      "Brendan Watters",
+      "Spencer McIntyre"
+    ],
+    "description": "Fetch and execute an AARCH64 payload from a TFTP server.\nExecute an arbitrary command or just a /bin/sh shell",
+    "references": [],
+    "platform": "Linux",
+    "arch": "cmd",
+    "rport": null,
+    "autofilter_ports": null,
+    "autofilter_services": null,
+    "targets": null,
+    "mod_time": "2025-01-30 13:51:05 +0000",
+    "path": "/modules/payloads/adapters/cmd/linux/tftp/aarch64.rb",
+    "is_install_path": true,
+    "ref_name": "cmd/linux/tftp/aarch64/exec",
+    "check": false,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {},
+    "session_types": false,
+    "needs_cleanup": false,
+    "payload_type": 8,
+    "adapter_refname": "cmd/linux/tftp/aarch64",
+    "adapted_refname": "linux/aarch64/exec",
+    "staged": false
+  },
   "payload_cmd/linux/tftp/aarch64/meterpreter/reverse_tcp": {
     "name": "TFTP Fetch, Reverse TCP Stager",
     "fullname": "payload/cmd/linux/tftp/aarch64/meterpreter/reverse_tcp",
@@ -271561,6 +271717,37 @@
     "payload_type": 1,
     "staged": false
   },
+  "payload_linux/aarch64/exec": {
+    "name": "Linux Execute Command",
+    "fullname": "payload/linux/aarch64/exec",
+    "aliases": [],
+    "rank": 300,
+    "disclosure_date": null,
+    "type": "payload",
+    "author": [
+      "Spencer McIntyre"
+    ],
+    "description": "Execute an arbitrary command or just a /bin/sh shell",
+    "references": [],
+    "platform": "Linux",
+    "arch": "aarch64",
+    "rport": null,
+    "autofilter_ports": null,
+    "autofilter_services": null,
+    "targets": null,
+    "mod_time": "2026-04-30 15:55:14 +0000",
+    "path": "/modules/payloads/singles/linux/aarch64/exec.rb",
+    "is_install_path": true,
+    "ref_name": "linux/aarch64/exec",
+    "check": false,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {},
+    "session_types": false,
+    "needs_cleanup": false,
+    "payload_type": 1,
+    "staged": false
+  },
   "payload_linux/aarch64/meterpreter/reverse_tcp": {
     "name": "Linux Meterpreter, Reverse TCP Stager",
     "fullname": "payload/linux/aarch64/meterpreter/reverse_tcp",
