A recently disclosed vulnerability (CVE‑2026‑31431), commonly referred to as “Copy Fail”, affects the Linux kernel and may allow a local, unprivileged attacker to escalate privileges and gain full root access on affected systems.
Severity level:
CVSS Score: 7.8/High.
Description:
CVE‑2026‑31431 is a local privilege escalation vulnerability caused by a logic flaw in the Linux kernel’s cryptographic subsystem, specifically the algif_aead module within the AF_ALG interface. Due to improper handling of in‑place cryptographic operations, an unprivileged local user can perform a controlled write to the kernel’s page cache of readable files. The attack vector is local (AV:L) and requires low privileges with no user interaction.
Affected Versions:
Linux Kernel :- All kernel versions released from August 2017 up to the availability of vendor patches.
Impacted Linux Distribution:-
- Ubuntu (all supported releases prior to patched kernels).
- Debian.
- Red Hat Enterprise Linux (RHEL).
- Amazon Linux.
- SUSE Linux Enterprise.
- Fedora, Arch Linux, AlmaLinux, Rocky Linux, Oracle Linux
Impact:
Successful exploitation may allow attackers to escalate from an unprivileged local user to full root access.
Resolution:
Please update the Linux kernel to the fixed version released by the distribution vendor.
Mitigations:
Where immediate patching is not possible:
- Disable or restrict access to the AF_ALG interface.
- Prevent loading of the vulnerable algif_aead module where supported.
- Limit local shell access and enforce least‑privilege controls.
Reference:
UIT Information Security