Copy Fail (CVE-2026-31431): A 732-Byte Python Script Roots Every Major Linux Distro Since 2017

Theori and Xint disclosed CVE-2026-31431 (“Copy Fail”) on April 29 — a logic flaw in the Linux kernel’s userspace crypto API (algif_aead) that has been sitting in mainline since an August 2017 commit. Every long-supported distribution shipped since then is exploitable: Amazon Linux, RHEL, Rocky, AlmaLinux, SUSE, openSUSE, Ubuntu LTS lines, Debian stable, Fedora, and the kernels behind most managed Kubernetes nodes. An unprivileged local user runs 732 bytes of Python, gets root in under a second, and leaves no on-disk artifact for file-integrity tooling to spot.

It is the cleanest local privilege escalation Linux has shipped in years, and the container-escape implications are nasty enough that you should treat it as Tuesday’s emergency patch and not wait for the next kernel rollup.

What’s broken

The vulnerability is in the AEAD socket interface (algif_aead) under the AF_ALG family — the same pipe a normal program uses when it asks the kernel to do authenc(esn(hmac(sha256), cbc(aes))) for it. ESN (“extended sequence number”) rearrangement requires four bytes of scratch space, so the kernel reserves room at offset assoclen + cryptlen in the output scatterlist and writes there during the operation.

Two things go wrong. First, when the user splices a file into the AF_ALG socket via vmsplice(2), the input pages and the output scratch area end up sharing a scatterlist — and the four-byte ESN write lands inside a chained page-cache page that belongs to the spliced file. Second, the page cache is the same memory the kernel will hand to any future reader of that file. The user has no permission to write the file on disk, but they just modified what the kernel believes the file contains in memory.

In other words, it’s a four-byte arbitrary write into the page cache of any file the attacker can read. Pick a setuid binary you can read but not write — /usr/bin/sudo, /usr/bin/su, /usr/bin/passwd — overwrite a few bytes of an instruction near a privilege check, exec it, get root. The Theori writeup demonstrates a deterministic four-byte patch on sudo that turns a permission check into an unconditional branch.

Why this is worse than the average kernel LPE

Three properties make Copy Fail unusually nasty:

1. No on-disk modification. The change lives in the page cache. Every host-based integrity tool — AIDE, Tripwire, Falco’s file-integrity rules, OSquery’s file_events, Wazuh FIM — watches the filesystem, not the page cache. Drop the cache (echo 3 > /proc/sys/vm/drop_caches) and the binary “heals” itself, which means even a forensic investigator who images the disk will find nothing wrong.
2. It breaks out of unprivileged containers. AF_ALG is reachable from inside the default container userspace, the page cache is shared across the whole host kernel, and the setuid binary you’re patching can be the host’s sudo if the container can read it via a bind mount or shared layer. Container runtimes that allow the AF_ALG socket — which is most of them by default — will let a process with no capabilities cross from a container into root on the node.
3. The exploit is tiny and reliable. 732 bytes of Python, no heap grooming, no race window, no kernel symbol resolution. The PoC port to C is already on GitHub. Anyone with shell on a Linux host is one curl | sh away from root.

Affected kernels

Anything from Linux 4.14 (August 2017) forward, including the 5.4, 5.10, 5.15, 6.1, 6.6, and 6.12 long-term branches. The vulnerable commit lives in crypto/algif_aead.c and was not backported into older trees, so pre-4.14 kernels are not affected — small comfort, since virtually no production fleet still runs them.

Distros with patches available as of writing:

• Ubuntu: 22.04 / 24.04 / 25.10 — kernel updates rolling tonight
• RHEL / Rocky / Alma 8 and 9: errata RHSA-2026:1932 and RHSA-2026:1933
• Debian 12: DSA-5731-1
• Amazon Linux 2023: ALAS2023-2026-865
• SUSE / openSUSE: SUSE-SU-2026:1402-1
• Fedora 40 / 41: shipping in the next kernel build, expected within 24 hours
• Cloud-managed Kubernetes (EKS, GKE, AKS): AMI / node-image refreshes are landing — drain and replace nodes once your provider publishes a fixed image

What to do right now

1. Patch the kernel and reboot. No livepatch covers this yet on most distros; expect a real reboot.

2. If you can’t reboot in the next few hours, neuter algif_aead. The cleanest mitigation:

   1 2 3 4 5

   # disable AF_ALG + algif_aead loading echo 'install algif_aead /bin/true' >> /etc/modprobe.d/cve-2026-31431.conf echo 'install af_alg /bin/true' >> /etc/modprobe.d/cve-2026-31431.conf rmmod algif_aead 2>/dev/null rmmod af_alg 2>/dev/null

   Anything that needs the userspace crypto API will break — IPsec helpers in some VPN stacks, a few hardware-crypto offload daemons, and cryptsetup workflows that opt into kernel AEAD. Inventory before you push fleetwide.

3. For container hosts, drop AF_ALG from the seccomp profile. Docker’s default profile already blocks it, but Kubernetes pods that use the default RuntimeDefault plus hostNetwork: true or any pod with a custom seccomp profile that allows socket(AF_ALG, …) should be reviewed. podman and crun users running unconfined need the modprobe blacklist above.

4. Hunt. Bash-history and audit-log signals are the only thing that will catch post-exploitation here, since the binary on disk is unchanged. Look for: any unprivileged process opening socket(AF_ALG, SOCK_SEQPACKET, 0) followed shortly by an exec of a setuid binary; recent vmsplice(2) calls from non-root processes; suspicious shells whose effective UID is 0 but whose parent is not.

5. After patch, reboot or drop_caches to evict any page-cache tampering planted before the fix landed.

Why this one matters

“Copy Fail” is the kind of bug that re-prices a whole class of detection tooling. If your trust boundary assumes that “reading a file gives you nothing but its bytes,” and that “the binary I see on disk is the binary the kernel will execute,” this CVE breaks both. Page-cache tampering as an exploit primitive is going to be a regular feature of post-exploitation playbooks for a while — Copy Fail is the proof of concept the offensive side has been waiting for.

If you operate Linux infrastructure, patch the fleet tonight and assume any compromised host since 2017 had this primitive available. The exploit’s elegance — four bytes, no disk write, container-bypass-by-default — is exactly the profile of a bug that lives quietly in skilled hands for years.

References

• Xint: Copy Fail — 732 Bytes to Root on Every Major Linux Distribution
• Sysdig: CVE-2026-31431 lets local users gain root in seconds
• Help Net Security: Nine-year-old Linux kernel flaw enables reliable LPE
• The Hacker News: New Linux ‘Copy Fail’ Vulnerability
• SecurityWeek: Copy Fail Logic Flaw in Linux Kernel
• BleepingComputer: New Linux ‘Copy Fail’ flaw gives hackers root
• Bugcrowd: What we know about Copy Fail (CVE-2026-31431)
• PoC: copy-fail-c (GitHub)