## https://sploitus.com/exploit?id=F523158B-BD4C-55BE-A936-3E953197DB34
# Description of the Vulnerability CVE-2026-31431
**CVE ID**: CVE-2026-31431
**Nickname**: Copy Fail
**Vulnerability Level**: High (CVSS score: 7.8)
**Type of Vulnerability**: Local privilege escalation (LPE)
**Affected Component**: The algif_aead module of the Linux kernel (AF_ALG encryption interface)
**Condition for Exploitation**: An attacker only needs to have execution privileges as a regular user on the target system (even in a restricted container). No special capabilities or user interactions are required.
**Scope of Impact**:
* Red Hat-based distributions: Red Hat Enterprise Linux 8/9/10, CentOS, AlmaLinux, Rocky Linux, etc.
* Debian-based distributions: Ubuntu 20.04/22.04/24.04 LTS, etc. (Note: Ubuntu 26.04 and later versions are not affected.)
* Other distributions: SUSE Linux Enterprise 16, Amazon Linux 2023, Fedora, Arch Linux, etc.
# How to Trigger the Vulnerability
> Check whether the service is enabled.
>
> `lsmod | grep algif_aead`
>
> If the service is not enabled, manually enable it.
>
> `sudo modprobe algif_aead`
## Triggering Environment 1
**Environment**: Linux, song 6.8.0-110-generic #110~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC
Date: Fri Mar 27 12:43:08 UTC
Architecture: x86_64, x86_64, x86_64
OS: GNU/Linux
## Triggering Environment 2
**Environment**: Linux, ubuntu-linux-2404 6.8.0-110-generic #110-Ubuntu SMP PREEMPT_DYNAMIC
Date: Thu Mar 19 17:16:23 UTC 2026
Architecture: aarch64, aarch64, aarch64
OS: GNU/Linux