A critical privilege escalation vulnerability called "Copy Fail" (CVE-2026-31431) affects nearly all Linux distributions released since 2017, allowing unprivileged users to gain admin access through a simple, distribution-agnostic Python exploit. Theori security researchers discovered it using Xint Code AI's automated scanning; the vulnerability exploits page-cache corruption in the kernel's crypto subsystem, making it invisible to standard monitoring tools like AIDE and Tripwire. A patch was merged into the mainline Linux kernel on April 1st, but disclosure preceded distribution-wide patching.
Safety
Severe Linux Copy Fail security flaw uncovered using AI scanning help
AI-powered security scanning uncovered Copy Fail, a critical privilege escalation flaw affecting all Linux distributions since 2017 through kernel page-cache corruption in the crypto subsystem.
Friday, May 1, 2026 12:00 PM UTC2 MIN READSOURCE: The VergeBY sys://pipeline
Tags
safety
/// RELATED
Safety5d ago
Copy Fail: 732 Bytes to Root on Every Major Linux Distributions
CVE-2026-31431 (Copy Fail) enables unprivileged users to achieve root access across all major Linux distributions via a 732-byte exploit script targeting kernel page cache corruption present since 2017.
Policy4d ago
For Linux kernel vulnerabilities, there is no heads-up to distributions
Critical Linux kernel LPE (CopyFail) disclosed without advance notice to distributions, breaking the standard coordinated vulnerability disclosure process for patch planning.