CVE-2026-31431 (Copy Fail) is a 9-year old Linux kernel zero-day that allows an unprivileged user to become root using a 732 byte exploit. Ubuntu, Amazon Linux RHEL Kubernetes are all affected. CISA has added it to the KEV. Read this article and Patch now.
The Dangerous Truth No One Knew
Imagine your Linux server has been running for years. Its running Ubuntu 24.04 or Amazon Linux 2023. Latest patches are applied. The security team is happy. Everything looks green on the dashboard. And then along comes a guy who just has a regular low-permission account and runs a 732-byte Python script.
In seconds he’s root. The entire server is in his hands. No race condition to win. No kernel offset to calculate. No timing trick. Just a reliable, reproducible script and its game over. This is not a hypothetical scenario. On April 29, 202 researchers at Xint Code and Theory disclosed CVE-2026-31431 which they named Copy Fail and CISA immediately added the flaw to its Known Exploited Vulnerabilities catalog. This is not the first time you have heard Copy Fail? Remember it now.
This is a reliable local privilege escalation that exploits an 8-year-old performance optimization and creating a path from unprivileged user to root in just 4 syscalls. The working public PoC covers every major enterprise distribution.
What Is Copy Fail and Why Is It So Dangerous
CVE-2026-31431 is the result of a combination of three separate individually harmless kernel changes. In 2011 authentications, i.e. the AEAD cryptographic wrapper for IPsec, was added. In 2015 AF_ALG AEAD socket support arrived. And in 2017 an in-place optimization in algif_aead.c was introduced via commit 72548b093ee3 which made AEAD operations reuse source memory as destination memory improving performance. All three changes were individually perfectly reasonable.
No one suspected them. No one was alerted. This was an architectural time bomb that sat within the Linux kernel for 9 years. Now when the exploit is run the attacker abuses the interaction between the AF_ALG socket interface and the splice() system call and performs a controlled 4-byte overwrite on any readable file in the kernel’s page cache. The page cache is basically an in-memory version of executables so modifying it means corrupting the binaries at execution time without touching the disk.
Means silently replaces a setuid binary like /usr/bin/su in memory and when that binary is run the attackers code is executed with root privileges. Nothing changed on disk. No file modification timestamps changed. No forensic trace was found.
Dirty Cow 2016 relied on a race condition which could fail and Dirty Pipe 2022 had write position constraints. Copy Fail does not rely on either. The same exploit works unmodified on every major distribution without multiple attempts. In a Bugcrowd analysis a researcher wrote that if you describe to a top kernel researcher that I need a universal Linux LPE that works on major distributions, with no-race windows and clean container escape primitives, they probably won’t give a timeline.
He says that this type of zero-day when it exists sells for anywhere from $500,000 to $7 million on the gray market on broker markets. Acquisition programs like Zerodium and Crowdfense used to pay top dollar for reliable primitives of exactly this type. That zero day is publicly available on GitHub today. Free. Anyone can download it.
A common path of exploitation is where the attacker first gains initial access and then escalates to root via Copy Failure. Identify a vulnerable Linux host through reconnaissance. Create an AF_ALG socket. Corrupt the setuid binary in memory by abusing Splice().
Execute the corrupted binary and gain UID 0 i.e. root. This is why the Microsoft Defender Security Research Team specifically warned that this vulnerability has extremely high impact if SSH access is chained to malicious CI job execution or container footholds.
This is particularly devastating in Cloud environments. Kaspersky confirmed that Docker LXC and Kubernetes grant access to the AF_ALG subsystem to containers by default. If the algif_aead module is loaded in the host kernel and Copy Fail could breach container isolation and give control of the physical machine. This is not just a single server issue.
In a Kubernetes cluster with thousands of nodes running untrusted workloads, a single malicious CI job can compromise the entire cluster. CERT-EU wrote in an emergency advisory on April 30, 2026 that no major distribution had shipped a fixed kernel package by that date. The mainline fix was committed on April 1 2026 but vendor updates are still pending on all distributions.
A Wake Up Call for the Linux Ecosystem
Fixes are available in Linux kernel versions 6.18.22, 6.19.12and 7.0. Federal Civilian Executive Branch agencies have been given a deadline to apply the patch by May 15, 2026. AlmaLinux released the first patch, ahead of Red Hat.
The AlmaLinux team built the patched kernels using the upstream fix in mainline commit a664bf3d603d which reverts the 2017 optimization that introduced the bug. Ubuntu has released mitigations in the kmod package that disable the affected Linux kernel module. If you cannot patch immediately CERT-EU recommended workaround is to blacklist the algif_aead kernel module.
The command is to write echo install algif_aead /bin/false in the file /etc/modprobe.d/disable-algif.conf and run rmmod algif_aead. CERT-EU specifically confirmed that this workaround does not affect dm-crypt/LUKS kTLS IPsec/XFRM OpenSSL GnuTLS NSS and SSH. This vulnerability historically significant is a pattern that cybersecurity researchers point out again and again. There are more than 20 entries in the Linux kernel’s KEV catalog including both Dirty Cow and Dirty Pipe. Every time a flaw like this appears the community reacts and patches are released and yet the majority of systems remain unpatched because patch management is boring and no emergency is felt.
Copy Fail is different this time because the exploit combines reliability and simplicity at an unprecedented level. A 732-byte Python script that grants root without any special setup is an attackers dream tool in post-exploitation. Microsoft Defender clearly stated that kernel trust boundaries are broken, SELinux and AppArmor protections are effectively neutralized and local security controls are bypassed.
If you run Linux on-premise in the cloud or in containers and have a kernel later than 2017 and you have this vulnerability. Patch timeline matters. If a patch is possible within 24 hours, do it now and run audited exploits to catch exploitation attempts. 24 hour cycle not realistic so blacklist algif_aead and apply seccomp profile for AF_ALG socket creation on untrusted processes.
Multi tenant containers running on shared kernels are a P1 priority right now. Start migrating critical workloads to microVM runtimes like Firecracker Cloud Hypervisor or gVisor. Copy Fail proved that a bug hidden in the Linux kernel for 9 years can compromise the entire cloud infrastructure in 2026 with a simple Python script. This is a wake up call not just to patch but to continuously audit exactly what load is on your systems and how long they will remain secure.
