Linux Kernel Local Privilege Escalation (CVE-2026-31431)
Posted on
May 8, 2026
Information Security Advisory
A recently disclosed vulnerability (CVE‑2026‑31431), commonly referred to as “Copy Fail”, affects the Linux kernel and may allow a local, unprivileged attacker to escalate privileges and gain full root access on affected systems. Severity level: CVSS Score: 7.8/High. Description: CVE‑2026‑31431 is a local privilege escalation vulnerability caused by a logic flaw in the Linux kernel’s cryptographic subsystem, specifically the algif_aead module within the AF_ALG interface. Due to improper handling of in‑place cryptographic operations, an unprivileged local user can perform a controlled write to the kernel’s page cache of readable files. The attack vector is local (AV:L) and requires low privileges with no user interaction. Affected Versions: Linux Kernel: All kernel versions released from August 2017 up to the availability of vendor patches.
Impacted Linux Distribution: Ubuntu (all supported releases prior to patched kernels). Debian. Red Hat Enterprise Linux (RHEL). Amazon Linux. SUSE Linux Enterprise. Fedora, Arch Linux, AlmaLinux, Rocky Linux, Oracle Linux
Impact: Successful exploitation may allow attackers to escalate from an unprivileged local user to full root access.
Resolution: Please update the Linux kernel to the fixed version released by the distribution vendor.
Mitigations: Where immediate patching is not possible: Disable or restrict access to the AF_ALG interface. Prevent loading of the vulnerable algif_aead module where supported. Limit local shell access and enforce least‑privilege controls.
Reference:
Information Security
Contact IT Client Services at askIT@yorku.ca or 416 736 5800
