Copy Fail – CVE-2026-31431
3 hours ago
- #Linux Security
- #Kernel Vulnerability
- #Privilege Escalation
- Copy Fail is a local privilege escalation (LPE) vulnerability in Linux, requiring no race conditions or kernel-specific offsets.
- It exploits a logic flaw in authencesn, chained through AF_ALG and splice(), to achieve a 4-byte page-cache write, affecting kernels built between 2017 and the patch.
- The exploit works across all major Linux distributions, including Ubuntu, Amazon Linux, RHEL, and SUSE, with a single 732-byte Python script.
- Vulnerable systems are at risk on shared kernels, such as dev boxes, CI/CD runners, and containerized environments, where local code execution can lead to root access.
- Mitigation includes updating to a patched kernel (mainline commit a664bf3d603d), disabling the algif_aead module, and blocking AF_ALG with seccomp for untrusted workloads.