Share
## https://sploitus.com/exploit?id=D98D126C-CD0E-5C31-8484-9527EE974E28
# CVE-2026-31431 โ€” Copy Fail

**Severity:** Critical  
**CVSS v3.1:** 9.8 (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)  
**Status:** Public Exploit Available  

---

## Summary

CVE-2026-31431 ("Copy Fail") is a local privilege escalation vulnerability in the Linux kernel cryptographic subsystem.

Any unprivileged user can escalate to **root within seconds** using a minimal Python script (~732 bytes), affecting most Linux systems compiled after 2017.

---

## Impact

- Full system compromise (root access)
- Cross-container / cross-tenant breakout
- No disk artifacts (memory-resident execution)
- Difficult to detect using FIM/SIEM

---

## Affected Systems

- Linux kernel builds including `CONFIG_CRYPTO_USER_API_AEAD`
- Most distributions compiled after 2017

---

## Mitigation

๐Ÿ‘‰ See: [docs/mitigation.md](docs/mitigation.md)

---

## Technical Details

๐Ÿ‘‰ See: [docs/technical-analysis.md](docs/technical-analysis.md)

---

## Detection

๐Ÿ‘‰ See: [ioc/detection-rules.md](ioc/detection-rules.md)

---

## References

- copy.fail  
- Sysdig TRT  
- Bugcrowd  
- CloudLinux Security Blog  

---

## Disclaimer

Do not run exploit code in production systems.