Linux ‘Copy Fail’ Flaw Delivers Root-Level Access to Distros
Linux ‘Copy Fail’ Flaw Delivers Root-Level Access to Distros
https://www.bankinfosecurity.com/linux-copy-fail-flaw-delivers-root-level-access-to-distros-a-31558
Publish Date: 2026-04-30 11:08:00
Source Domain: www.bankinfosecurity.com
Artificial Intelligence & Machine Learning
,
Governance & Risk Management
,
Next-Generation Technologies & Secure Development
AI-Assisted Offensive Security Researcher Discovered Flaw After 1 Hour of Scanning
Image: Shutterstock
The Linux kernel needs to be patched to fix a vulnerability that exists in every distribution of the operating system created from 2017, onward. Successfully exploiting the flaw in the kernel’s cryptography API would give an attacker root-level access to the operating system.
See Also: AI Agents Introduce a New Insider Threat Model
“An unprivileged local user can write 4 controlled bytes into the page cache of any readable file on a Linux system, and use that to gain root,” said researchers at offensive security firm Theori on Wednesday of the local privilege escalation flaw, CVE-2026-31431. They nicknamed it “Copy Fail.”
“Most major distributions are shipping the fix now,” they said. As a temporary mitigation, users can “disable the algif_aead module” to block the flaw from being exploited, although potentially at the cost of some functionality, they said.
The module is part of the Linux kernel’s cryptographic subsystem, and typically ships active by default.
Theori released a proof-of-concept exploit. Other researchers…
