## https://sploitus.com/exploit?id=447079EE-EF63-5507-A550-D0EB7BD90D37
# CVE-2026-31431 (Copy Fail) Detection Tool
A comprehensive detection and analysis tool for CVE-2026-31431 "Copy Fail" vulnerability in Linux kernels.
## โ ๏ธ IMPORTANT DISCLAIMER
**This tool is for DETECTION ONLY. It does not exploit or modify any system files.**
- Only reads system information and configuration files
- Does not write to `/etc/passwd`, `/usr/bin/su`, or any system binaries
- Does not perform actual exploitation attempts
- Use only on systems you own and have permission to test
**This tool may produce false positives or false negatives.** Always use the [official detector](https://github.com/sibersan/cve-2026-31431-checker
) for definitive verification.
## About CVE-2026-31431
CVE-2026-31431 "Copy Fail" is a critical Linux kernel vulnerability discovered by Taeyang Lee from Theori and analyzed by Xint Code Research. It affects most Linux distributions since 2017 and allows unprivileged local users to escalate privileges to root.
**CVSS Score:** 7.8 (High)
**Affected:** Linux kernels 4.13+ (August 2017) until April 2026 patches
## What This Tool Does
1. **System Analysis**: Collects kernel version, distribution, and architecture info
2. **Module Status Check**: Verifies if `algif_aead` module is loaded and mitigated
3. **AF_ALG Reachability Test**: Tests if vulnerable interfaces are accessible (non-destructive)
4. **Patch Verification**: Analyzes kernel build dates and mitigation configurations
5. **Guidance**: Provides instructions for running the official detector
## Installation & Usage
```bash
# Download
git clone https://github.com/sibersan/cve-2026-31431-checker
cd cve-2026-31431-checker
# Run (no root required, but sudo recommended for complete checks)
python3 cve_2026_31431_checker.py
```
**Requirements**: Python 3.6+ on Linux
## Sample Output
```
CVE-2026-31431 (Copy Fail) Detection Tool
Version 1.0.0 | 2026-05-01 | Developed by: SiberSAN
Detection only โ does not write to system files.
โโ System Information โโ
โข Hostname : webserver-01
โข Distro : Ubuntu 22.04.5 LTS
โข Kernel : 5.15.0-119-generic (x86_64)
โโ SUMMARY REPORT โโ
Target : webserver-01 (Ubuntu 22.04.5 LTS)
Kernel : 5.15.0-119-generic
Date : 2026-05-01T14:30:00
Tool : v1.0.0 โ SiberSAN
Result : VULNERABLE / AT RISK
- AF_ALG authencesn interface reachable
- Uncertain about kernel patch status
```
## Official Sources & Credits
This tool is based on research and guidance from:
- **Vulnerability Research**: [Theori/Xint Code](https://xint.io/blog/copy-fail-linux-distributions)
- **Official Detector**: [rootsecdev/cve_2026_31431](https://github.com/rootsecdev/cve_2026_31431)
- **CERT-EU Advisory**: [2026-005](https://cert.europa.eu/publications/security-advisories/2026-005/)
- **Ubuntu Security**: [Copy Fail Advisory](https://ubuntu.com/blog/copy-fail-vulnerability-fixes-available)
**Credit**: CVE-2026-31431 was discovered by Taeyang Lee from Theori and analyzed by the Xint Code Research team.
## Mitigation (If Vulnerable)
If the tool reports "VULNERABLE", apply immediate mitigation:
```bash
# Disable the vulnerable module
echo -e 'blacklist algif_aead\ninstall algif_aead /bin/false' \
| sudo tee /etc/modprobe.d/cve-2026-31431.conf
sudo rmmod algif_aead 2>/dev/null
# For RHEL/Enterprise kernels (if module is built-in)
sudo grubby --update-kernel=ALL --args="initcall_blacklist=algif_aead_init"
sudo reboot
```
Then update your kernel to the latest patched version.
## Definitive Verification
Always use the official detector for final verification:
```bash
git clone https://github.com/sibersan/cve-2026-31431-checker
cd cve_2026_31431
python3 test_cve_2026_31431.py
```
**Exit codes**: 0 = not vulnerable, 2 = vulnerable, 1 = test error
## License
MIT License - see [LICENSE](LICENSE) file for details.
## Contributing
1. Fork the repository
2. Create a feature branch (`git checkout -b feature/improvement`)
3. Commit changes (`git commit -am 'Add improvement'`)
4. Push to branch (`git push origin feature/improvement`)
5. Create Pull Request
## Support
- Check [Issues](https://github.com/sibersan/cve-2026-31431-checker/issues) for known problems
- Always verify results with the official detector
- For vulnerability questions, refer to the [original research](https://xint.io/blog/copy-fail-linux-distributions)
---
**Developed by SiberSAN** | **Detection Tool Only โ Not an Exploit**