Copy Fail: A 732‑Byte Script That Gives Root on Every Major Linux Distribution
Copy Fail: A 732‑Byte Script That Gives Root on Every Major Linux Distribution
- 60% of MD5 Password Hashes Can Be Cracked in Under an Hour with a Single GPU
- Dirty Frag: Root Access on Every Major Linux Distribution — No Patch, No Warning
- Ubuntu 26.04 LTS (Resolute Raccoon): The Most Ambitious Ubuntu LTS in a Decade
- Proton Mail: Data Transferred to FBI Again!
- How Close Are Quantum Computers to Breaking RSA-2048?
- How to Prevent Ransomware Infection Risks?
- What is the best alternative to Microsoft Office?
Security Dispatch
Linux Kernel — Zero DayCVE-2026-31431 — Disclosed April 29, 2026
Copy Fail: A 732‑Byte Script That Gives Root on Every Major Linux Distribution
A logic flaw dormant since 2017 in the Linux kernel’s cryptographic subsystem lets any unprivileged local user rewrite a trusted binary and seize full system control — no race condition, no recompilation, no guesswork required.
A newly disclosed Linux kernel vulnerability allows an unprivileged local user to escalate privileges to root on virtually every mainstream Linux distribution shipped since 2017. The exploit — a single, 732-byte Python script — requires no compiled payloads, no kernel version matching, and no race condition to win. Researchers at security firm Theori published full details today under the name Copy Fail, assigned CVE-2026-31431, after coordinated patching with the Linux kernel security team.
| CVE ID | CVE-2026-31431 |
| Nickname | Copy Fail |
| CVSS Score | 7.8 (High) |
| Type | Local Privilege Escalation (LPE) |
| Affected component | Linux kernel authencesn / AF_ALG crypto interface |
| Introduced | 2017 (in-place optimization in algif_aead.c) |
| Affected distros | Ubuntu, RHEL, Amazon Linux, SUSE — and essentially all others built since 2017 |
| Patch commit | a664bf3d603d (mainline; distros shipping now) |
| Discoverer | Taeyang Lee / Theori (Xint Code AI tool) |
What the vulnerability does
At its core, Copy Fail is a logic flaw inside the kernel’s authencesn AEAD cryptographic template — a component used by IPsec for Extended Sequence Number support. By chaining the AF_ALG cryptographic socket interface with the splice() system call, an attacker can feed page-cache pages directly into the crypto subsystem and trigger a deterministic, controlled four-byte write into the page cache of any readable file on the system.
Because the Linux kernel reads the page cache when loading a binary, overwriting even a small portion of a cached executable — such as the setuid binary /usr/bin/su — effectively alters what that program does when next invoked, without touching the underlying file on disk. This means standard filesystem integrity watchdogs and inotify-based monitors see nothing unusual.
“An unprivileged local user can write four controlled bytes into the page cache of any readable file on a Linux system, and use that to gain root.”
Theori / Xint Code, CVE-2026-31431 writeup
The root of the problem is an optimization introduced in 2017 that implemented in-place decryption in algif_aead — placing page-cache pages in a writable scatterlist separated from the legitimate write region only by an offset boundary. The design silently assumes every AEAD algorithm will confine its writes to the intended destination, but nothing in the API enforces this invariant. The authencesn algorithm breaks it by writing a four-byte Extended Sequence Number high-half value to the wrong location.
Why this is different from previous Linux privilege escalation bugs
Linux has seen high-profile local privilege escalation flaws before. Dirty Cow (CVE-2016-5195) required winning a race condition in the virtual-memory subsystem’s copy-on-write path, often demanding multiple attempts and risking system crashes in the process. Dirty Pipe (CVE-2022-0847) was version-specific and required precise pipe-buffer manipulation with narrow applicability. Copy Fail is neither.
The proof-of-concept script uses only Python’s standard library modules (os, socket, zlib) and requires Python 3.10 or later for os.splice. It was confirmed to produce a root shell on Ubuntu, Amazon Linux, Red Hat Enterprise Linux, and SUSE — without modification between targets.
Container escape and cloud-native risk
One of the most serious implications of Copy Fail extends beyond standalone servers. Because the Linux page cache is shared across container namespace boundaries, a malicious container — or a compromised pod in a Kubernetes cluster — can use this mechanism to tamper with files on the host machine’s page cache. This makes Copy Fail a reliable container-escape primitive: any workload sharing a kernel with other tenants can potentially compromise the host and reach neighboring workloads.
Shared-kernel multi-tenancy environments — Docker hosts, Kubernetes nodes, shared Linux VMs — are directly at risk. Any unprivileged workload on a vulnerable kernel can escalate to host root and access data belonging to other tenants on the same node.
Isolation architectures that are not affected include AWS Firecracker microVMs, Cloudflare Workers (V8 isolates), and gVisor (user-space kernel) — because they do not share a kernel page cache.
How the bug was found
Theori researcher Taeyang Lee had previously mapped the AF_ALG attack surface through kernelCTF work and suspected that scatterlist page provenance might be an underexplored source of vulnerabilities. His team fed a focused operator prompt into Xint Code, Theori’s AI-assisted security auditing tool, directing it to examine all code paths reachable from userspace syscalls in the Linux crypto/ subsystem. The tool surfaced Copy Fail — the highest-severity finding in the run — in approximately one hour of scan time, with no custom harnesses required.
The same scan uncovered additional high-severity vulnerabilities that remain under coordinated disclosure. The speed and accessibility of this discovery has broader implications: vulnerability research that once required deep kernel expertise and weeks of manual analysis can now be initiated with a single well-formed prompt.
Patching and mitigation
A patch has been merged into the Linux kernel mainline as commit a664bf3d603d. The fix reverts the 2017 in-place optimization in algif_aead.c, separating the source and destination scatterlists so that page-cache pages can no longer end up in a writable crypto destination. Major distributions — Ubuntu, Debian, RHEL, CentOS, Fedora, SUSE, Amazon Linux 2, and Arch — are shipping updated kernel packages now.
- Apply the kernel update. Update via your distribution’s package manager immediately. This is the only complete fix.
- If you cannot patch now, disable the
algif_aeadmodule. Run the commands below. This has no impact on standard workloads — LUKS, IPsec, TLS, SSH, and OpenSSL/GnuTLS all use the in-kernel crypto API directly, not AF_ALG. - Audit container hosts. If running Docker or Kubernetes on unpatched kernels, assume the host is at risk until patched. Evaluate whether any tenant workloads are untrusted.
- Review seccomp policies as an additional layer: restricting
AF_ALGsocket creation prevents the attack chain.
# Prevent the module from loading on next boot
echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf
# Unload immediately if currently loaded
rmmod algif_aead 2>/dev/null || true
Coordinated disclosure timeline
algif_aead.c, placing page-cache pages in a writable scatterlist — the root cause of the vulnerability.
crypto/ subsystem; Copy Fail surfaces within approximately one hour.
a664bf3d603d) merged to mainline. Theori publishes full technical writeup and proof-of-concept. Distribution security advisories issued.
Context and broader implications
Security researchers have noted that a reliable, universal Linux local privilege escalation exploit of this quality — working across every major distribution, requiring no race condition, packaged in under 750 bytes — represents exactly the class of zero-day that would historically command between $500,000 and several million dollars on commercial vulnerability acquisition markets. That it was surfaced in roughly an hour using an AI-assisted tool is a signal that the economics of vulnerability research are shifting rapidly.
For defenders, the immediate priority is straightforward: patch or disable algif_aead. The longer-term lesson is structural. Container isolation built on shared kernels carries a higher risk floor than namespace boundaries alone can address. Environments that require strong tenant isolation should evaluate whether hardware-level or microVM-based separation is appropriate.
The Linux kernel security team’s coordinated response — from private notification to simultaneous patch release and public disclosure — followed responsible disclosure norms. Patches are available now. There is no reason to delay applying them.
