‘Copy Fail’ Linux Kernel Bug Grants Root Access Since 2017

A Silent Linux Kernel Vulnerability Emerges After Nine Years

Security researchers have disclosed a critical local privilege escalation (LPE) vulnerability that lay dormant in the Linux kernel for nearly nine years. Dubbed "Copy Fail," and tracked as CVE-2026-31431 with a severity rating of 7.8, it allows an unprivileged local user to gain root access on virtually every mainstream Linux distribution shipped since 2017.

The flaw is notable for its simplicity and portability. Unlike many high-profile LPE bugs such as Dirty Cow or Dirty Pipe, it requires no race condition to win, no kernel-version-specific offsets, and no compiled payload. As Theori's Xint Code research team stated, "The same exact script works on every tested distribution and architecture."

The Technical Mechanism: A Straight-Line Logic Flaw

Copy Fail originates from a logic flaw in the `authencesn` cryptographic template within the Linux kernel's crypto subsystem. The bug is chained through the `AF_ALG` socket interface and the `splice()` system call.

This chain results in a controlled 4-byte write into the kernel's in-memory page cache of any readable file. The attacker chooses the target file, the offset, and the value. By targeting the cached copy of a setuid-root binary like `/usr/bin/su`, an attacker can corrupt it in memory to gain root privileges.

The modification is stealthy. It bypasses the VFS path entirely; the corrupted page is never marked dirty and nothing is written to disk. On system reboot or page eviction, the cache reloads a clean copy from storage.

The Universal Exploit: A Tiny Python Script

The proof-of-concept exploit underscores the bug's danger. It is a 732-byte Python script using only standard library modules (`os`, `socket`, `zlib`). It requires no dependencies or compilation.

Theori's demonstration shows the same script and binary obtaining root shells on Ubuntu 24.04 LTS, Amazon Linux 2023, RHEL 10.1, and SUSE 16 in a single take. The researchers confirmed that other distributions like Debian, Arch, Fedora, Rocky Linux, and AlmaLinux are equally affected.

Who is Affected and Why It Matters

The vulnerability's impact varies by environment but is severe in multi-tenant scenarios. Any system where an untrusted user can execute code as a regular user is at high risk.

• Multi-tenant Linux hosts: Shared development boxes, jump hosts, and build servers where any user can become root.
• Kubernetes & Container Clusters: The shared page cache means a compromised pod can corrupt a host binary, enabling cross-tenant container escape.
• CI Runners & Build Farms: Systems like GitHub Actions self-hosted runners executing untrusted PR code.
• Cloud SaaS Platforms: Services running tenant-supplied code, such as notebook hosts or serverless functions.

For standard single-tenant servers or single-user workstations, the immediate risk is lower but still present as a potent post-exploitation step-up tool.

Mitigation and Patching Guidance

The primary mitigation is to patch immediately. The fix, mainline commit `a664bf3d603d`, reverts a 2017 in-place optimization in `algif_aead`. This ensures page-cache pages remain in a read-only source scatterlist.

Major distributions, including Debian, Ubuntu, and SUSE, have begun shipping patches. Red Hat initially planned to defer the fix but later aligned with other vendors to patch promptly. If patching is not immediately possible, administrators can disable the vulnerable module.

# echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf
# rmmod algif_aead 2>/dev/null || true

This action is unlikely to break common functionality, as `AF_ALG` is not used by default for core services like dm-crypt/LUKS, IPsec, or SSH. For containerized environments, blocking `AF_ALG` socket creation via seccomp is also recommended.

Comparison to Historical Linux LPE Bugs

Copy Fail belongs to the same family as Dirty Pipe and Dirty Cow—page-cache corruption leading to privilege escalation without disk modification. However, it distinguishes itself in key ways.

• vs. Dirty Cow: No race condition. Copy Fail is a deterministic, straight-line code flaw.
• vs. Dirty Pipe: Far more portable. Dirty Pipe required kernels ≥ 5.8 with specific patches; Copy Fail affects the entire 2017-2026 window.

The bug's discovery was AI-assisted. Researcher Taeyang Lee at Xint provided the initial insight, and the company's Xint Code AI security scanner audited the entire `crypto/` subsystem, surfacing Copy Fail as the highest-severity finding within an hour.

Disclosure Timeline and Ongoing Research

The vulnerability was reported to the Linux kernel security team on March 23, 2026. A patch was committed to mainline on April 1, and CVE-2026-31431 was assigned on April 22. Public disclosure followed on April 29.

Theori has indicated that a second part of the disclosure, detailing a Kubernetes container escape primitive built on the same flaw, is forthcoming. The full technical write-up, including root cause analysis and scatterlist diagrams, is available on the Xint blog.

For defenders, the message is clear: this is a widespread, reliable, and easily exploitable flaw that fundamentally undermines the security boundary between unprivileged users and the root account on affected Linux systems. Prioritized patching is essential.