We are aware of the reported global cybersecurity incident involving Instructure, the vendor behind Canvas (Bruin Learn and UCLA Extension Canvas). We are actively monitoring vendor updates and assessing any potential impact to UCLA services.

At this time, UCLA has not been notified of any direct impact to our campus. Bruin Learn remains available and operational. 

Updates will be posted on our Security Advisory Page and Service Status Page.

A new Linux kernel vulnerability, "Copy Fail" (CVE-2026-31431), allows local users to gain root access by writing four bytes into the page cache of readable files.

• Impact: Local Privilege Escalation (LPE) to root.
• Scope: Affects Linux kernels 4.14 and later (since 2017).
• Distributions: Impacted systems include Ubuntu, RHEL, Amazon Linux, and SUSE.

Recommended Action

Immediate patching is required. If patching is not possible, apply module-level mitigations as specified by your distribution's security advisory.

In UC’s ongoing commitment to safeguarding and protecting your personal data, the UC Office of the President (UCOP) is introducing enhanced security verification for accessing UCPath beginning on December 20, 2024.

UCLA students report getting scammed for UCLA Football tickets in group chats.