Share
## https://sploitus.com/exploit?id=F374BC37-7FCF-565A-93FF-414B61A6CDC4
This is a public Proof-of-Concept (PoC) for CVE-2026-31431 ("Copy Fail"), a Linux kernel local privilege escalation vulnerability (CVSS 7.8) affecting most major distributions since ~2017. It corrupts the page cache of a setuid binary (like /usr/bin/su) using the kernel's AF_ALG crypto API + splice(), allowing unprivileged users to gain root.
โš ๏ธ DANGER WARNING

This modifies the in-memory page cache of /usr/bin/su (not the on-disk file).
Running it on a production system can break su, leave a backdoored binary in cache, or trigger security alerts.
Test only in a disposable VM. Reinstall the affected package afterward (e.g. apt reinstall sudo or equivalent).
Many distros have released patches; check your kernel and update.

# CVE-2026-31431 "Copy Fail" PoC

**Educational Proof of Concept** for the Linux kernel vulnerability CVE-2026-31431.

## โš ๏ธ IMPORTANT DISCLAIMER

**This repository is for educational, research, and defensive security purposes only.**

- This code demonstrates a **critical local privilege escalation** vulnerability.
- **Do not run this on any production system**, shared environment, or machine you do not own and control.
- Running this code will **modify the page cache** of `/usr/bin/su` (or another setuid binary). It can break system tools and leave a modified binary in memory.
- The authors and contributors are **not responsible** for any damage, data loss, system instability, or legal consequences caused by the use or misuse of this code.
- Use **exclusively in isolated virtual machines** for testing and research.
- After testing, reinstall affected packages (e.g. `sudo`, `util-linux`) to restore clean binaries.

### Legal & Ethical Notice
- This PoC is released in accordance with responsible disclosure practices after vendor patches became available.
- Unauthorized use on systems you do not own is illegal and violates computer misuse laws in most jurisdictions.
- By using this code you agree that you are doing so **at your own risk**.

## Mitigation
- Update your kernel to a patched version.
- Temporary workaround: `echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif-aead.conf`

---

**This is NOT a weaponized tool. Stay ethical.**