## https://sploitus.com/exploit?id=24559EF1-6781-5E0C-AD45-223357F8D558
# CVE-2026-31431 Checker & Mitigator
A simple, safe vulnerability scanner and mitigation tool for **CVE-2026-31431** (aka "Copy Fail"), a local privilege escalation vulnerability in the Linux kernel's AF_ALG cryptographic interface.
## About the Vulnerability
- **CVE**: CVE-2026-31431
- **Severity**: High (Local Privilege Escalation to root)
- **Affected**: Most Linux kernels with `algif_aead` enabled (since ~2017)
- **Exploit**: Abuses `AF_ALG` + `splice()` to corrupt page cache of setuid binaries (e.g. `/usr/bin/su`)
## Features
- โ Detects if your system is likely vulnerable
- โ Safe vulnerability scanning (no system damage)
- โ One-click mitigation (disables vulnerable module)
- โ Optional PoC execution (for testing in isolated environments only)
- โ Easy to use
## Requirements
- Python 3.6+
- Linux system
- Root privileges recommended for mitigation
## Installation
```bash
# Clone or download the script
git clone https://github.com/yourusername/cve-2026-31431-checker.git
cd cve-2026-31431-checker
# Make executable
chmod +x cve-2026-31431-checker.py
```
## Usage
```bash
sudo ./cve-2026-31431-checker.py
```
### Menu Options
1. **Run PoC** โ Executes the full exploit (DANGEROUS โ only use in VMs/test systems!)
2. **Apply Mitigation** โ Disables the vulnerable `algif_aead` module
3. **Exit**
## Recommended Mitigation (Manual)
```bash
# Quick mitigation (no reboot required in most cases)
echo "install algif_aead /bin/false" | sudo tee /etc/modprobe.d/disable-algif.conf
sudo rmmod algif_aead 2>/dev/null || true
```
For systems where the module is built-in, add to kernel command line:
```
initcall_blacklist=algif_aead_init
```
## Best Fix
**Update your kernel** to a version containing the official patch from your distribution.
## Warning
- Never run the PoC on production systems.
- The PoC can corrupt files if it fails.
- Use only for authorized security testing.
## Disclaimer
This tool is provided for defensive and educational purposes only. The author is not responsible for any damage caused by misuse of the PoC.
### Author
`w01f`
### REF
- https://nvd.nist.gov/vuln/detail/CVE-2026-31431
- https://github.com/JuanBindez/CVE-2026-31431/tree/main