Copy Fail (CVE-2026-31431): Local root privilege escalation on Linux

Colleagues, a security alert: the Copy Fail vulnerability (CVE-2026-31431) has been disclosed.
- Researchers at Xint.io and Theori identified a logic bug in the kernel's algif_aead module introduced in 2017.
- It allows writing 4 bytes into the page cache of a readable file and replacing a setuid binary (e.g. /usr/bin/su) via a small Python script.
- It affects most distributions and has cross-container impact because the page cache is shared.
Why it matters: it reliably yields root and bypasses sandboxes — patches are available.
Have you applied updates on critical systems?
#cybersecurity #Linux #vulnerabilities #containers


Latest comments
No comments yet.