Share
## https://sploitus.com/exploit?id=9A7338FA-DD5B-52AA-9758-E900964564CC
# Copy Fail (CVE-2026-31431) - Vulnerability Checker

Conceptual validation script for CVE-2026-31431 "Copy Fail" โ€” a Linux kernel local privilege escalation via `algif_aead` page-cache write.

## Vulnerability

CVE-2026-31431 is a logic bug in the Linux kernel's `authencesn` AEAD template. When combined with `AF_ALG` and `splice()`, it allows an unprivileged local user to perform a controlled 4-byte write into the page cache of any readable file. A 732-byte Python script can obtain root on every major Linux distribution shipped since 2017.

## Full Article



## Usage

This script **checks vulnerability status only**. It does NOT exploit the vulnerability.

```bash
python3 cve_2026_31431_check.py
```

For the real PoC, see: 

## Requirements

- Python 3.10+ (for `os.splice`)
- Linux kernel with `AF_ALG` support
- Unprivileged user account

## Disclaimer

This tool is provided for **educational and authorized security research purposes only**. You may only run it on systems you own or have explicit written authorization to test. Unauthorized use is illegal and unethical. Hunt-Benito Limited accepts no liability for misuse.