CVE-2026-31431 (Copy Fail) is a critical Linux kernel vulnerability in the authencesn cryptographic template that allows unprivileged local users to achieve root access via a 4-byte page cache write. A 732-byte Python PoC exploits this to modify setuid binaries across all major Linux distributions since 2017, with the corruption remaining undetected by on-disk checksums. The bug also bypasses container isolation due to shared page cache.
Background
Linux kernel vulnerabilities allowing local privilege escalation are high-impact threats, especially when affecting all major distributions. The page cache mechanism is a core kernel component for file handling.
- Source
- Lobsters
- Published
- Apr 30, 2026 at 01:58 AM
- Score
- 9.0 / 10