Linux Copy Fail Flaw Grants Root in Seconds — Patch Now

A nine-year-old bug hiding in the Linux kernel's cryptographic subsystem can turn any local user into root on virtually every major distribution shipped since 2017. Security researchers at Theori publicly disclosed the vulnerability—dubbed "Copy Fail"—on April 29, 2026, and working exploits are already circulating.

TL;DR

• What happened: Logic flaw in Linux kernel crypto template allows 4-byte controlled writes to any readable file's page cache
• Who's affected: Every Linux distribution shipping kernels from 2017 onward—Ubuntu, RHEL, Amazon Linux, SUSE, Debian, and more
• Severity: CVSS 7.8 High
• Action required: Apply kernel patches immediately; blacklist algif_aead module as interim mitigation

How Copy Fail Works

CVE-2026-31431 targets a logic bug in the authencesn cryptographic template, part of the kernel's AF_ALG socket interface that exposes crypto functions to userspace applications.

The vulnerability traces back to a 2017 commit (72548b093ee3) that added an "in-place" optimization for AEAD operations. This change allowed page cache pages—including those backing read-only files—to be chained into a writable destination scatterlist. A separate component, authencesn (used for IPsec Extended Sequence Numbers), writes scratch data to the destination buffer during HMAC computation. Combined, these create a controlled write primitive.

An attacker can exploit this by:

1. Opening an AF_ALG socket bound to authencesn
2. Using splice() to deliver page cache references of a setuid binary
3. Triggering a 4-byte write at a calculated offset
4. Executing the corrupted binary to obtain root

The proof-of-concept exploit is a 10-line, 732-byte Python script. No compilation needed. No version-specific offsets required.

What Makes This Different

Copy Fail isn't the first Linux kernel privilege escalation bug with a catchy name. But it differs from predecessors in ways that matter to defenders.

Unlike Dirty Cow and Dirty Pipe, Copy Fail requires no race conditions. The same exploit binary works identically across Ubuntu 24.04, Amazon Linux 2023, RHEL 10.1, and SUSE 16 without modification. Alexander Peslyak, founder of the Openwall Project, confirmed exploitation on Rocky Linux 9.7 within hours of disclosure.

The technique also bypasses filesystem monitoring. Because the write targets the page cache rather than the actual file on disk, tools like inotify never see the modification—yet the kernel loads the corrupted page when executing the binary.

This portable, deterministic, stealth-capable exploitation pattern is exactly what attackers prize. Organizations running multi-tenant Linux hosts, shared-kernel containers, or CI pipelines that execute untrusted code should treat this as an emergency.

Container Escape Implications

The vulnerability carries elevated risk for containerized environments. Since the page cache is shared across a host system, an attacker who gains code execution inside a container could corrupt setuid binaries accessible to the host kernel, potentially escaping the container entirely.

Kubernetes nodes running mixed workloads are particularly exposed. We covered a similar privilege escalation in PackageKit last week that also threatened container boundaries—but Copy Fail's cross-distribution reliability makes it significantly more dangerous in heterogeneous clusters.

Discovery and Timeline

Researcher Taeyang Lee at Theori identified Copy Fail using the company's AI-assisted vulnerability scanning platform, Xint Code. According to Theori's technical writeup, the tool flagged the vulnerability within approximately one hour after receiving context about splice() delivering page-cache references to crypto scatterlists.

The disclosure timeline:

• March 23, 2026: Reported to Linux kernel security team
• April 1, 2026: Patches committed to mainline (commit a664bf3d603d)
• April 22, 2026: CVE assigned
• April 29, 2026: Public disclosure

Patch Status

The mainline fix reverts the 2017 in-place optimization entirely, separating source and destination scatterlists so page cache pages remain read-only.

Distribution updates are rolling out, though coverage varies:

Distribution	Status
Debian	Patched
Ubuntu	Patched
SUSE	Patched
Red Hat	Patched (guidance updated)
Fedora 42+	Patched
Amazon Linux	Pending

Kernel versions 6.18.22, 6.19.12, and 7.0 contain the fix. Check your running kernel version with uname -r and compare against your distribution's security advisories.

Mitigations

For systems awaiting patches, CERT-EU recommends disabling the vulnerable kernel module:

echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf

This prevents the algif_aead module from loading, blocking the exploitation path. Note that this may break applications using the AF_ALG interface for AEAD operations—though most userspace crypto implementations use OpenSSL or similar libraries rather than kernel interfaces.

Organizations using seccomp profiles can also block AF_ALG socket creation as an additional layer of defense.

Priority Targets for Patching

Theori and other researchers emphasized several high-risk environments:

• Multi-tenant Linux hosts: Shared hosting providers, university computing clusters
• Kubernetes and container platforms: Page cache sharing enables escape
• CI/CD runners: Build systems executing untrusted code
• Cloud platforms running user workloads: Any SaaS platform offering code execution

The reliability and portability of the exploit means attackers gaining initial access through any means—web application vulnerabilities, compromised credentials, or supply chain attacks like the recent GitHub RCE—can immediately escalate to root without additional reconnaissance.

Why This Matters

Copy Fail represents a pattern security teams should recognize: independently harmless code changes that become exploitable when combined years later. The 2011 authencesn scratch-write behavior, the 2015 AF_ALG splice support, and the 2017 in-place optimization were each reasonable on their own. No single developer connected the dots.

Nine years later, every Linux server in the enterprise could be one Python script away from compromise.

For defenders, the lesson is familiar but worth repeating: assume local attackers can become root. Design your security architecture accordingly—with network segmentation, workload isolation, and detection capabilities that don't rely on the kernel being uncompromised.

If you're still running vulnerable kernels, the time to patch was yesterday. The exploit is public, portable, and trivial to execute. Follow our hacking news coverage for updates on active exploitation campaigns targeting this flaw.