Share
## https://sploitus.com/exploit?id=F523158B-BD4C-55BE-A936-3E953197DB34
# Description of the Vulnerability CVE-2026-31431  
**CVE ID**: CVE-2026-31431  
**Nickname**: Copy Fail  
**Vulnerability Level**: High (CVSS score: 7.8)  
**Type of Vulnerability**: Local privilege escalation (LPE)  
**Affected Component**: The algif_aead module of the Linux kernel (AF_ALG encryption interface)  
**Condition for Exploitation**: An attacker only needs to have execution privileges as a regular user on the target system (even in a restricted container). No special capabilities or user interactions are required.  
**Scope of Impact**:  
* Red Hat-based distributions: Red Hat Enterprise Linux 8/9/10, CentOS, AlmaLinux, Rocky Linux, etc.  
* Debian-based distributions: Ubuntu 20.04/22.04/24.04 LTS, etc. (Note: Ubuntu 26.04 and later versions are not affected.)  
* Other distributions: SUSE Linux Enterprise 16, Amazon Linux 2023, Fedora, Arch Linux, etc.  

# How to Trigger the Vulnerability  
> Check whether the service is enabled.  
> 
> `lsmod | grep algif_aead`  
> 
> If the service is not enabled, manually enable it.  
> 
> `sudo modprobe algif_aead`  

## Triggering Environment 1  
**Environment**: Linux, song 6.8.0-110-generic #110~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC  
Date: Fri Mar 27 12:43:08 UTC  
Architecture: x86_64, x86_64, x86_64  
OS: GNU/Linux  

## Triggering Environment 2  
**Environment**: Linux, ubuntu-linux-2404 6.8.0-110-generic #110-Ubuntu SMP PREEMPT_DYNAMIC  
Date: Thu Mar 19 17:16:23 UTC 2026  
Architecture: aarch64, aarch64, aarch64  
OS: GNU/Linux