A 732-byte Python script. No race conditions. No recompilation. Just instant, reliable root access on almost every Linux machine released since 2017. Here is everything you need to know and do.
Some vulnerabilities are loud. They crash servers, flood logs, and set off every alarm in the room. Others are quiet – sitting patiently inside code that thousands of engineers have reviewed, waiting for someone to finally connect the dots.
Copy Fail is one of the quiet ones. It lived inside the Linux kernel for nine years. It needed no exotic setup, no timing tricks, no special permissions. When researchers finally found it, the exploit was almost embarrassingly straightforward: a short Python script that hands any local user the keys to the entire machine.
This is the full story of CVE-2026-31431 – where it came from, how it works, who is at risk, and what you need to do right now.
So, What Exactly Is Copy Fail?
Copy Fail is a local privilege escalation (LPE) vulnerability inside the Linux kernel’s authencesn cryptographic template. Researcher Taeyang Lee at security firm Theori discovered it, and the Xint Code Research Team – using AI-assisted analysis – built the complete exploit chain that followed.
⚠ At a GlanceCVE: CVE-2026-31431 · Severity: High – CVSS 7.8 · Introduced: Linux kernel 4.14, 2017 · Exploit: 732-byte Python script, zero privileges needed · Outcome: Deterministic root shell on virtually every major distribution
The word deterministic – producing the same outcome every time, with no randomness – is the detail that sets this apart. Most privilege escalation bugs require winning a race condition, getting lucky with memory layout, or guessing version-specific offsets. Copy Fail needs none of that. Run the script. Get root. Every single time.
How Does It Actually Work?
Three separate, collectively reasonable law changes made in 2011, 2015, and 2017 – gathered into commodity dangerous that nothing noticed for nearly a decade. Then the short interpretation:
The Page Cache
When Linux reads a train, it caches it in memory. Every process on the system including holders shares this cache. When the kernel runs a program, it reads from this cache. Modify a page cache entry without touching the disk and the kernel will execute your modified version, because it trusts its own memory.
splice() + AF_ALG
Linux lets druggies push data through a cryptographic socket interface called AF_ALG. When paired with the splice() system call, data moves directly from a train into a kernel crypto operation – without being copied through user space. That means live runner cache runners get handed to the kernel crypto subcaste by reference.
The 2017 Optimization That Broke Everything
A 2017 performance tweak in algif_aead.c set req->src = req->dst, making source and destination point to the same place. Reasonable in isolation. But with splice() involved, that source now contained live page cache pages — suddenly placed in a writable destination buffer. The authencesn algorithm then wrote 4 bytes past its declared boundary, directly into those page cache pages.
Three independent, reasonable code changes across 2011, 2015, and 2017 converged to create this exploitable condition, with nobody connecting their intersection for nearly a decade.
The attacker then runs a setuid binary like /usr/bin/su. The kernel loads the corrupted in-memory version and hands over a root shell. The on-disk file is untouched, so file integrity checkers see nothing wrong. The attack is forensically stealthy – leaving almost no evidence behind.
Read More: How to Use Claude Code for Free (VS Code, Ollama & Terminal)
How It Compares to Dirty Cow and Dirty Pipe
| Vulnerability | CVE | Race Condition? | Deterministic? | Complexity |
|---|---|---|---|---|
| Dirty Cow | CVE-2016-5195 | Yes | No | Complex C binary |
| Dirty Pipe | CVE-2022-0847 | Partial | Partial | Moderate |
| Copy Fail | CVE-2026-31431 | None | Yes | 732-byte Python |
Who Is Affected?
Any Linux system running kernel 4.14 or latterly is potentially vulnerable which covers nearly every major distribution packed since late 2017. Experimenters verified root shells on Ubuntu 24.04 LTS, Amazon Linux 2023, RHEL 10.3, and SUSE 16 using the same unmodified script.
The vulnerability is not remotely exploitable on its own – a local foothold is required first. But it is of immediate concern anywhere multiple users share a system: university servers, CI/CD runners executing untrusted code, shared hosting environments. Chained with a web application exploit or an SSH compromise, it becomes a fast and reliable escalation path from initial access to full ownership.
It also works as a Kubernetes container escape. Because the page cache is shared across container boundaries on the same host, a compromised container can corrupt binaries visible to other containers and to the host kernel itself.
A Second Linux Threat Hit the Same Week
⚡ Also Disclosed — Pack2TheRoot
CVE-2026-41651 · CVSS 8.1 · Unprivileged users can install arbitrary root-level packages without authentication, via a race condition in PackageKit. Likely present for 14 years. Fixed in PackageKit 1.3.5.
Pack2TheRoot is a TOCTOU (time-of-check time-of-use) race condition inside PackageKit – the package management layer used by most Linux desktops. The gap between when an authorization is checked and when it is acted upon can be exploited to install any RPM package, including its install scripts, running as root – no password required.
Unlike Copy Fail, Pack2TheRoot leaves a trace the Package Kit daemon crashes after exploitation, which shows up in system logs. It’s fixed in interpretation 1.3.5. still, check them first – Package Kit is a Cockpit reliance, If your waiters run Cockpit.
What You Should Do Right Now
- Update your kernel
Apply your distribution’s security update immediately. Debian, Ubuntu, SUSE, and Fedora already have patched kernels available. Red Hat updates are rolling out. Reboot after patching.
- Can’t reboot yet? Disable the module now
This blocks the attack surface without a reboot:
# Block the module from loading echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif-aead.conf # Remove it from the running kernel rmmod algif_aead 2>/dev/null- Update PackageKit
Upgrade to version 1.3.5 or apply your distro’s security update. Prioritize servers running Cockpit.
- Audit containers and CI pipelines
Treat any compromised container as a potential host escape until all Kubernetes nodes are patched. Review who holds local shell access on every shared system.
Read More: Build a Mobile App Without Coding in 2026 (Using Replit)
The Bottom Line
Copy Fail is not a story about careless code. Each change that contributed to it was reasonable in isolation. It is a story about the inherent complexity of a kernel built over decades – and about the accelerating role AI now plays in making that complexity navigable for both defenders and attackers.
The same AI-assisted tools that found Copy Fail are shortening the gap between disclosure and active exploitation. The timeline here – private report on March 23, public exploit on April 29 – gives administrators just 37 days before anyone in the world can root their systems with a small Python script.
The patch is available. The exploit is public. Patch your kernel today.
