Copy Fail: Kernel Logic Flaw in algif_aead Module Grants Unprivileged Root Access Across Major Linux Platforms
The vulnerability, tracked as CVE-2026-31431 and named Copy Fail, is an unprivileged local privilege escalation (LPE) flaw in the Linux kernel's cryptographic subsystem, specifically the algif_aead module. This flaw permits an unprivileged local user to elevate their access to root privileges on systems shipped since 2017.
Commenters are hammering the exploit mechanism: the vulnerability lets a user write four controlled bytes into the page cache of any readable file. Exploitation reportedly requires a simple 732-byte Python script to manipulate setuid binaries, like /usr/bin/su, effectively gaining root. Multiple sources point to the root cause being a logic flaw introduced by an August 2017 source code commit.
The consensus is absolute: this is a critical LPE vulnerability impacting the shared page cache across containers. The fault line is the kernel's cryptographic implementation itself. Any modern Linux distribution—Amazon Linux, RHEL, SUSE, Ubuntu—faces immediate risk via this mechanism.
Key Points
#1Direct root access achieved via local write primitive.
The flaw allows an unprivileged user to write controlled bytes into the page cache of any readable file.
#2Exploitation pathway targets setuid binaries.
The process involves manipulating setuid binaries using a write operation to the kernel's cached copy (e.g., /usr/bin/su).
#3The vulnerability's technical core is pinpointed.
The root cause is identified as a logic flaw within the algif_aead module of the Linux kernel crypto subsystem.
#4The exploit payload is trivial to execute.
A simple 732-byte Python script is detailed as sufficient to trigger root escalation on most modern distributions.
#5Cross-container impact is confirmed.
Because the exploit uses the shared page cache, the vulnerability extends impact across all processes running on the host system.
Source Discussions (3)
This report was synthesized from the following Lemmy discussions, ranked by community score.