Copy Fail: Critical Linux Kernel Vulnerability (CVE-2026-31431) Grants Root Access Across Major Distributions
By
eyalitki
Hand-rolled, kettle-boiled, baked to perfection. Worth every minute at the bakery.
Summary
Xint Code disclosed CVE-2026-31431, a critical Linux kernel vulnerability dubbed "Copy Fail." The bug exploits an authencesn scratch-write vulnerability by chaining AF_ALG with splice() to achieve a 4-byte page cache write. A 732-byte proof-of-concept exploit grants root access on all major Linux distributions including Ubuntu, Amazon Linux, RHEL, and SUSE. The article details the root cause (page cache pages in the writable scatterlist), the trigger mechanism, how the exploit works, the fix, remediation steps, and the coordinated disclosure timeline.
Key quotes
· 3 pulledCopy Fail: 732 Bytes to Root on Every Major Linux Distribution.
Xint Code disclosed CVE-2026-31431, an authencesn scratch-write bug chaining AF_ALG + splice() into a 4-byte page cache write.
A 732-byte PoC gets root on Ubuntu, Amazon Linux, RHEL, SUSE.
You might also wanna read
CIFSwitch Linux Vulnerability Allows Unprivileged Users to Gain Root Access via CIFS Flaw
A new Linux local-root privilege escalation vulnerability named CIFSwitch has been disclosed by researcher Asim Manizada. The flaw combines
almalinux.org·2d ago
AI-assisted vulnerability discovery raises concerns about Linux kernel security
This opinion article discusses a troubling trend in Linux security where AI-powered tools are being used to discover and exploit kernel vuln
theregister.com·1d ago
AI security audit of FreeBSD kernel reveals 15 bugs including RCEs and a hypervisor escape
An AI audit of FreeBSD uncovered 15 kernel bugs, including 3 remote code execution vulnerabilities, 5 local privilege escalation flaws, and
blog.calif.io·2d ago