CVE-2026-31431: The Linux Kernel Bug That Hid in Plain Sight for Nine Years

What Happened?

Copy Fail was discovered by Theori researcher Taeyang Lee and scaled into a full exploit chain by the Xint Code Research Team using AI-assisted analysis.

The flaw lives in the Linux kernel’s authencesn cryptographic template, reachable via the AF_ALG socket interface combined with the splice() system call. When a user splices a file into a pipe and feeds it into an AF_ALG socket, the kernel holds direct references to the physical page cache pages of that file, not copies. The authencesn algorithm then uses the caller’s destination buffer as scratch space, writing 4 bytes past the declared output boundary directly into those page cache pages.

The result: a controlled 4-byte write into any file the attacker can read. The attacker corrupts an in-memory version of a setuid binary like /usr/bin/su and executes it to get a root shell.

Because the Linux kernel never marks the corrupted page as dirty for writeback, the on-disk file remains untouched. Standard checksum-based file integrity tools miss the modification entirely.

Three independent, reasonable code changes made in 2011, 2015, and 2017 converged to create this condition, with nobody connecting their intersection for nearly a decade.

The same unmodified exploit script achieved root shell across Ubuntu 24.04 LTS, Amazon Linux 2023, RHEL 14.3, and SUSE 16, covering kernel versions from 6.12 to 6.18.

The vulnerability was reported to the Linux kernel security team on March 23, 2026. A patch was committed on April 1. The CVE was assigned on April 22. Public disclosure followed on April 29.

The Impact

Copy Fail functions as a Kubernetes container escape primitive. Because the page cache is shared across all processes on a host, including across container boundaries, a compromised container can corrupt setuid binaries visible to other containers and the host kernel.

That is the part that widens the blast radius significantly. This is not just a local privilege escalation affecting individual servers. Any environment running containerized workloads on shared Linux hosts faces the same risk. A single compromised container can reach the host and every other container running alongside it.

Unlike predecessors such as Dirty Cow or Dirty Pipe, this vulnerability requires no race-winning, no kernel version offsets, no recompilation, and no compiled payloads. Exploit complexity is genuinely low. Any attacker who can run code on a Linux system as a regular user can achieve root. That covers developer workstations, cloud instances, CI runners, and shared infrastructure.

How to Avoid This

Apply kernel updates immediately through your distribution’s official update channel. The upstream fix reverts algif_aead.c to out-of-place AEAD operation, permanently separating the source scatterlist from the writable destination. Most major distributions have already shipped or are actively shipping patched kernels.

File integrity monitoring tools that rely on on-disk checksums will not catch exploitation of this vulnerability. The corrupted page lives only in memory. Detection requires behavioral monitoring of privilege escalation activity, specifically unexpected setuid binary execution by unprivileged users.