All posts
Security·May 9, 2026·5 min read

Copy Fail: 732 bytes to root on every major Linux distro

CVE-2026-31431 is a nine-year-old logic bug in the kernel crypto API. A single Python script gets you root. No race conditions, no offsets, no retries. If you run Linux, patch now.

By VoidOrigin Labs

On April 29, 2026, security firm Theori publicly disclosed CVE-2026-31431, a local privilege escalation vulnerability in the Linux kernel they named Copy Fail. A 732-byte Python script can get you root on essentially every major Linux distribution shipped since 2017. No race conditions. No kernel offsets. No retries. Straight-line deterministic code.

If you run Linux in production, you need to patch or mitigate this now.

What it is

Copy Fail is a logic bug in the Linux kernel's algif_aeadmodule, the AEAD socket interface of the kernel's userspace crypto API (AF_ALG). The flaw lets an unprivileged local user trigger a controlled 4-byte write into the page cache of any readable file on the system.

The page cache is the kernel's in-memory copy of file contents. When you run/usr/bin/su, the kernel doesn't read from disk every time. It reads from the cached copy in memory. Copy Fail lets you write to that cached copy, even for files you don't have write permission on.

Target a setuid binary. Overwrite 4 bytes of code. Wait for any privileged process to execute it. Root shell.

The root cause

In 2017, commit 72548b093ee3 introduced an in-place optimization to theauthencesn cryptographic template. The optimization allowed page-cache pages to be placed into a writable destination scatterlist.

The authencesn(hmac(sha256),cbc(aes)) algorithm writes four bytes at offset assoclen + cryptlen as scratch space for Extended Sequence Number rearrangement. Because of the 2017 change, when you chain an AF_ALG socket operation with splice(), the output scatterlist extends into chained page-cache pages. That four-byte write ends up inside the spliced file's cached data in memory, bypassing file permissions entirely.

The bug sat in the kernel for nine years before disclosure.

Why this is severe

Most kernel privilege escalation bugs require winning a race condition, spraying memory, or knowing specific kernel offsets that vary by build. Copy Fail requires none of that. The exploit is deterministic. It works on the first try. The proof-of-concept is 732 bytes of Python.

CVSS score: 7.8. Local privilege escalation means any user with shell access, any compromised web app, any container escape attempt, any malicious package in your dependency tree can use this to go from unprivileged to root.

What's affected

Every mainstream Linux distribution shipping a kernel built between 2017 and April 2026. Ubuntu, Debian, RHEL, Amazon Linux, SUSE, AlmaLinux, Fedora, Arch. If you're running Linux in production, assume you're affected until you verify otherwise.

Cloud environments are particularly exposed. Microsoft's security team documented the risk across Azure workloads. Any multi-tenant system where users have shell access is a target.

Check if you're vulnerable

The vulnerable module is algif_aead. Check if it's loaded:

lsmod | grep algif_aead

If you see output, the module is loaded and you're potentially vulnerable. If you see nothing, the module isn't loaded, but it may still be available to load on demand.

Check your kernel version. The fix landed in mainline commit a664bf3d603don April 1, 2026. Distributions began shipping patched kernels in late April and early May.

Mitigation

Option 1: Patch. Update to a kernel version released after April 2026. Most major distributions have patches available: Ubuntu, AlmaLinux, CloudLinux.

Option 2: Disable the module.If you can't patch immediately, disable algif_aead persistently:

echo "install algif_aead /bin/true" | sudo tee /etc/modprobe.d/disable-algif-aead.conf
sudo modprobe -r algif_aead

This prevents the module from loading. Some applications that use the kernel crypto API may break. Test before deploying to production.

Option 3: Container isolation.If you're running containers, ensure AF_ALG sockets are blocked via seccomp profiles. Most hardened container runtimes already do this, but verify your configuration.

What this tells us

A nine-year-old optimization introduced a logic bug that gives any local user root. No memory corruption. No race condition. Just a missed invariant in how scatter-gather lists were assembled.

The kernel crypto API is not a common attack surface. Most security research focuses on syscalls, networking, and filesystems. This bug sat undiscovered because few people were looking at AF_ALG socket operations combined withsplice().

If you haven't patched yet, do it today. If you can't patch, disable the module. If you're not sure whether your systems are affected, assume they are.

Share /
Link copied
End of post·Questions or corrections: [email protected]<VoidOrigin/>
Continue reading
May 29, 2026·AI

What KongCode is, honestly

Graph-backed permanent memory for Claude Code, reviewed without the marketing. What it does, why it is worth running, and the costs nobody puts on a landing page: the token bill that drains in the background, extraction that forgets on purpose, a database layer we are still hardening release after release, and a privacy tradeoff that lives or dies with one disk.

May 15, 2026·AI

The release with no features

174 commits. 17 days. Zero new features. The biggest KongCode release ever shipped was a cleanup, and we are honest about which parts were engineered and which parts were vibe coded.