Share
## https://sploitus.com/exploit?id=36238032-9B34-5B9D-B4A5-9C0F8B7D9348
# CVE-2026-31431 - Linux Kernel AF_ALG "Copy Fail" Local Privilege Escalation

An automated Metasploit Post-Exploitation module that leverages **CVE-2026-31431** (popularly known as **"Copy Fail"**) to perform Local Privilege Escalation (LPE) on vulnerable Linux kernels (versions 4.14 through 6.19.12).

## Description

The module exploits a logic flaw within the Linux kernel’s cryptographic subsystem (`algif_aead` module of the `AF_ALG` interface). Due to an improper in-place memory optimization, an unprivileged local user can use the `splice()` system call to map a read-only system binary (such as `/usr/bin/su` or `/usr/bin/sudo`) into an AF_ALG socket and perform a controlled 4-byte overwrite directly in the system's shared **Page Cache** (RAM). 

By corrupting specific privilege-checking instructions of a setuid binary in memory, the module successfully bypasses access controls and drops into a root shell upon execution, without modifying the physical file on disk.

## Features
- **Deterministic Exploitation:** Logic-based flaw; does not rely on unstable race conditions.
- **Session Support:** Fully compatible with both standard POSIX `shell` and `meterpreter` sessions.
- **Automated Cleanup:** Automatically tracks and deletes uploaded payload files using the Metasploit framework's native `register_file_for_cleanup` functionality.

## Installation

You can install this module automatically using the provided installation script, or manually by copying the module structure:

```bash
git clone [https://github.com/adityasingh108/CVE-2026-31431-Metasploit.git](https://github.com/YOUR_USERNAME/CVE-2026-31431-Metasploit.git)
cd CVE-2026-31431-Metasploit-exploit
chmod +x install.sh
./install.sh