Share
## https://sploitus.com/exploit?id=F55719A2-6372-5768-9FB8-72F27C0FE545
# copyfailRecurrence  
# Copy Fail (CVE-2026-31431) – Kernel Vulnerability Replay Environment  

>This project provides a complete environment for reproducing and debugging kernel vulnerabilities, specifically related to Copy Fail (CVE-2026-31431). It supports dynamic debugging using QEMU + GDB. ---  

# πŸ“Œ Vulnerability Overview  
Copy Fail (CVE-2026-31431) is a local privilege escalation vulnerability in the Linux kernel:  
- Affected versions: Linux 4.14 to 6.18 (before fixes)  
- Exploitation method: From ordinary user to root  
- Type: Logical vulnerability (not a race condition)  
- Module affected: `algif_aead` (AF_ALG interface)`  

---  

# 🧠 Why Choose 6.6.1?  
This project uses Linux **6.6.1**:  
- βœ” Part of the 6.6 LTS branch  
- βœ” Within the scope of the vulnerability’s impact  
- βœ” Has the fewest patches, resulting in faster compilation times  
- βœ” Cleanest debugging paths  

Linux 6.6.1 is an early stable version of the 6.6 series, officially released and maintained by the community. :contentReference[oaicite:0]{index=0}  

---  

# 🧰 I. Environmental Requirements  
Recommended:  
- Ubuntu 20.04 / 22.04 / 24.04 (physical or virtual machine)  
- x86_64 CPU  
- KVM support  

Check availability of `/dev/kvm`:  
```bash
ls /dev/kvm
```  

---  

# πŸ“¦ II. Install Dependencies  
```bash
sudo apt update  
sudo apt install -y build-essential flex bison libncurses-dev libssl-dev libelf-dev qemu-system-x86 qemu-utils wget cpio gdb curl  
```  

---  

# πŸ“ III. Working Directory  
```bash
mkdir -p ~/copyfail-lab  
cd ~/copyfail-lab  
```  

---  

# πŸ“₯ IV. Download Kernel Source Code from Two Sources  
## 🌍 Official Source (Recommended)  
```bash
wget https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-6.6.1.tar.xz  
```  
## πŸ‡¨πŸ‡³ Tuna Mirror (Faster in China)  
```bash
wget https://mirrors.tuna.tsinghua.edu.cn/kernel/v6.x/linux-6.6.1.tar.xz  
```  
---  

## Unzip the File  
```bash
tar -xf linux-6.6.1.tar.xz  
cd linux-6.6.1  
```  

---  

# βš™οΈ V. Configure the Kernel  
```bash
make defconfig  
make menuconfig  
```  

---  

## Features to Enable:  
| Feature        | Options                          |
|---------------|-------------------------------|
| initramfs     | `CONFIG_BLK_DEV_INITRD=y`     |
| RAM Disk      | `CONFIG_BLK_DEV_RAM=y`       |
| devtmpfs      | `CONFIG_DEVTMPFS=y`           |
| Debug Symbols   | `CONFIG_DEBUG_INFO=y`         |
| Vulnerability Module | `CONFIG_CRYPTO_USER_API_AEAD=y` |
| User Interface | `CONFIG_CRYPTO_USER_API=y`      |  

---  

## Features to Disable:  
```bash
CONFIG_RANDOMIZE_BASE=n  
```  

Or during runtime:  
```bash
nokaslr  
```  

---  

# πŸ”§ VI. Compile the Kernel  
```bash
make olddefconfig  
make -j$(nproc)  
```  

---  

## Output Files:  
* `vmlinux` (for GDB use)  
* `bzImage` (for QEMU booting)  

---  

# πŸ“¦ VII. Build the Rootfs (BusyBox)  
## Download  
```bash
cd ~/copyfail-lab  
wget https://busybox.net/downloads/busybox-1.37.0.tar.bz2  
tar -xf busybox-1.37.0.tar.bz2  
cd busybox-1.37.0  
make menuconfig  
```  

## Compile  
```bash
make -j$(nproc)  
make install  
```  

---  

## Initialize the Rootfs  
```bash
cd _install  
mkdir -p proc sys dev etc/init.d  
ln -sf bin/busybox init  
```  

---  

## Device Nodes  
```bash
sudo mknod -m 666 dev/console c 5 1  
sudo mknod -m 666 dev/null c 1 3  
```  

---  

## Boot Script  
```bash
cat > etc/init.d/rcS rootfs.cpio.gz  
```  

---  

# πŸš€ VIII. Start QEMU  
## Create Script  
```bash
cd ~/copyfail-lab/linux-6.6.1  
cat > run.sh busybox  
chmod 600 run.sh  
```  

---  

## Issues with GDB Breakpoints  
Solution:  
```gdb
hbreak  
```  

---  

## Slow Compilation  
Optimization tips:  
- Use `-j$(nproc)`  
- Simplify configuration  
- Disable DEBUG_INFO if not debugging