Threat Landscape Alert: "Copy Fail" (CVE-2026-31431) Gives Root on Linux Systems With Just 732 Bytes
Published: May 1, 2026
Author: ThreatLandscape Research Team
Tags: Vulnerability, Linux, CVE-2026-31431, Privilege Escalation, Container Escape, Kernel Security
Earlier this week, the Xint Code Research Team dropped a bombshell report on a critical Linux kernel vulnerability dubbed "Copy Fail" (CVE-2026-31431). The flaw, a logic bug within the kernel's cryptographic subsystem, allows an unprivileged local user to escalate to root on nearly every major Linux distribution shipped since 2017.
What makes this vulnerability particularly terrifying is its simplicity and stealth. Threat actors can achieve local privilege escalation (LPE) and container escapes using a deterministic, 732-byte Python script—all without altering a single byte on the physical disk.
Let's break down what Copy Fail is, why it stands out from past exploits like Dirty Cow and Dirty Pipe, and how you can protect your infrastructure.
Why Copy Fail is Different
Historically, high-profile kernel privilege escalation bugs have been noisy and unreliable. Dirty Cow (CVE-2016-5195) required winning tricky race conditions and sometimes crashed the system. Dirty Pipe (CVE-2022-0847) was version-specific and required precise pipe buffer manipulation.
Copy Fail represents a much cleaner, more dangerous class of exploit:
- 100% Reliable: Copy Fail is a straight-line logic flaw. It does not rely on race conditions or crash-prone timing windows. It just works.
- Extremely Portable: A single Python script works right out of the box on Ubuntu, Amazon Linux, RHEL, and SUSE. There are no per-distro offsets to calculate, no version checks, and no need to recompile payloads. It simply relies on standard Python libraries (
os,socket,zlib). - Invisible to File Integrity Monitoring (FIM): The exploit bypasses the ordinary Virtual File System (VFS) write path. It writes only to the in-memory page cache. Because the kernel never marks the corrupted page as "dirty", it is never written back to the disk. Standard security tools validating on-disk checksums will be completely blind to the modification.
- Cross-Container Impact: Because the page cache is shared across the host OS, corrupting a file's cache impacts all processes. This makes Copy Fail an immediate container escape primitive and a devastating Kubernetes node compromise vector.
Under the Hood: The Root Cause
At its core, Copy Fail sits at the intersection of three components that, independently, functioned fine, but together created a lethal out-of-bounds write:
AF_ALG&splice():AF_ALGis a socket type that exposes the kernel's crypto subsystem to unprivileged users. By usingsplice(), users can pass file data directly to the crypto subsystem by reference—passing page cache pages directly—rather than copying the data.- The 2017 In-Place Optimization: In 2017, the kernel introduced an optimization to perform Authenticated Encryption with Associated Data (AEAD) operations "in-place." This mistakenly chained read-only page cache pages directly into the writable destination scatterlist.
authencesnScratch Write: Theauthencesnalgorithm, used for IPsec Extended Sequence Numbers (ESN), is the final piece of the puzzle. It uses its destination buffer as a scratchpad, performing a temporary write 4 bytes past the standard output boundary.
When these three conditions align, the 4-byte out-of-bounds scratch write from authencesn lands directly inside the read-only page cache page of the spliced file. By carefully controlling the offset and values via the crypto API, an attacker achieves a deterministic 4-byte write to any readable file on the system.
The Attack Vector: Poisoning /usr/bin/su
To exploit this, an attacker doesn't need specialized, compiled payloads. The default exploit path targets universally present setuid-root binaries, such as /usr/bin/su.
- The attacker opens an unprivileged
AF_ALGsocket and binds to theauthencesntemplate. - Using
sendmsg()andsplice(), they pass the target file's page cache into the crypto subsystem. - They trigger the decrypt operation, forcing the kernel to overwrite sections of the binary's
.textsegment in memory with chunks of shellcode. - Once the page cache is corrupted, they simply execute
/usr/bin/su. The kernel loads the poisoned memory, running the injected shellcode with root (UID 0) privileges.
AI-Assisted Discovery
Interestingly, this nearly decade-old vulnerability was uncovered using Artificial Intelligence. Security researcher Taeyang Lee from Theori, utilizing the AI vulnerability research tool Xint Code, scanned the Linux crypto subsystem. By prompting the AI with context about splice() and scatterlist page provenance, the automated scan successfully flagged Copy Fail as a critical severity logic flaw in about an hour.
Remediation and Mitigation
The official fix (commit a664bf3d603d) reverts the 2017 in-place optimization. It separates the transmit and receive scatterlists, removing page cache pages from the writable path entirely.
1. Patch Immediately
Update your Linux kernels. Major distributions are already shipping the fix through their normal kernel package update channels.
2. Apply Workarounds
If you cannot patch your infrastructure immediately, you can mitigate the vulnerability by blocking AF_ALG socket creation. Disable the algif_aead module by applying a blacklist via modprobe:
echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif-aead.conf
rmmod algif_aead 2>/dev/null
Conclusion
Copy Fail is a stark reminder of the hidden complexities within the Linux kernel, where a seemingly harmless performance optimization can inadvertently spawn a devastating vulnerability years later. For organizations running multi-tenant or containerized environments, patching CVE-2026-31431 should be priority number one.
For the full technical deep-dive and PoC breakdown, check out the original report on the Xint Blog.