Copy Fail is a critical Linux kernel privilege escalation vulnerability affecting all mainstream distributions from 2017 to present. It requires only an unprivileged local user account and the default-enabled kernel crypto API (AF_ALG) to escalate to root. Risk is critical in multi-tenant systems, Kubernetes clusters, CI runners, and cloud SaaS environments.
Infrastructure
Copy Fail — 732 Bytes to Root
Copy Fail, a critical Linux kernel privilege escalation affecting all major distros since 2017, lets unprivileged users reach root via the default-enabled AF_ALG crypto API—hitting multi-tenant systems, Kubernetes, and cloud SaaS especially hard.
Thursday, April 30, 2026 12:00 PM UTC2 MIN READSOURCE: LobstersBY sys://pipeline
Tags
infrastructure
/// RELATED
Safety5d ago
Linux cryptographic code flaw offers fast route to root
CVE-2026-31431 ('Copy Fail') exposes a critical Linux kernel cryptographic flaw exploitable with just 10 lines of code, affecting virtually all distributions since 2017 and enabling container escapes.
Safety5d ago
Copy Fail: 732 Bytes to Root on Every Major Linux Distributions
CVE-2026-31431 (Copy Fail) enables unprivileged users to achieve root access across all major Linux distributions via a 732-byte exploit script targeting kernel page cache corruption present since 2017.