CVE-2026-31431, dubbed 'Copy Fail', is a critical Linux kernel vulnerability affecting all major distributions since 2017. The flaw in the authencesn cryptographic template allows unprivileged users to gain root access through a deterministic 4-byte write into any readable file's page cache using a simple 732-byte Python script. This vulnerability is particularly severe as it requires no race conditions, offsets, or compilation, making it easily exploitable.
Background
The Linux kernel's page cache is a system-wide in-memory cache of file data that improves read performance by storing frequently accessed file contents. The vulnerability involves the interaction between the page cache, AF_ALG sockets, and the splice() system call in the kernel's cryptographic subsystem.
- Source
- Lobsters
- Published
- May 9, 2026 at 05:20 AM
- Score
- 9.0 / 10