CVE-2026-31431

HIGH

In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.

CVSS v3.1 Score

7.8
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Complexity
LOW
Privileges
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Published: 4/22/2026Modified: 5/11/2026

Related Intelligence (17)

CRITICALVulnerability

New ‘Dirty Frag’ exploit targets Linux kernel for root access

A newly disclosed Linux privilege escalation issue dubbed “Dirty Frag” is giving attackers a cleaner path to post-compromise escalation to root privileges. According to Microsoft, a couple of vulnerabilities constituting the issue, affecting Linux kernel networking and memory-fragment handling components, are already seeing active exploitation in the wild. The exploitation attempts look indistingu

CVE-2026-43284CVE-2026-43500
CSO Online
MEDIUMVulnerability

page_inject: CVE-2026-31431-killed page-cache exploit — code exec into containers sharing the same image layer

[object Object]

CVE-2026-31431
r/blueteamsec
MEDIUMVulnerability

Another Universal Linux Local Privilege Escalation (LPE) Vulnerability: Dirty Frag, (Fri, May 8th)

Less than two weeks after the public disclosure of the Copy Fail vulnerability (CVE-2026-31431), another local privilege escalation (LPE) vulnerability in the Linux kernel has been revealed. Referred to as "Dirty Frag," this vulnerability was discovered and reported by Hyunwoo Kim (@v4bel) [1]. In this diary, I will provide a brief background on Dirty Frag, and discuss its relations

CVE-2026-31431
SANS ISC
HIGHVulnerability

Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions

Details have emerged about a new, unpatched local privilege escalation (LPE) vulnerability impacting the Linux kernel. Dubbed Dirty Frag, it has been described as a successor to Copy Fail (CVE-2026-31431, CVSS score: 7.8), a recently disclosed LPE flaw impacting the Linux kernel that has since come under active exploitation in the wild. The vulnerability was reported to Linux kernel maintainers

CVE-2026-31431
The Hacker News
LOWVulnerability

Dirty Frag and other issues in Amazon Linux kernels

<p><b>Bulletin ID:</b> 2026-027-AWS<br> <b>Scope:</b> AWS<br> <b>Content Type:</b> Important (requires attention)<br> <b>Publication Date:</b> 2026/05/07 19:45 PM PDT</p> <p><b>Description:</b></p> <p>Amazon is aware of a class of issues in the Linux kernel related to the original issue (CVE-2026-31431). The issues commonly referred to as "DirtyFrag" are present in a number of loadable modules, in

CVE-2026-31431
AWS Security Bulletins
CRITICALVulnerability

Copy Fail: What You Need to Know About the Most Severe Linux Threat in Years

Copy Fail (CVE-2026-31431) is a critical Linux kernel LPE that allows stealthy root access. This flaw impacts millions of systems. Read our analysis. The post Copy Fail: What You Need to Know About the Most Severe Linux Threat in Years appeared first on Unit 42 .

CVE-2026-31431
Unit 42 (Palo Alto)
MEDIUMVulnerability

CVE-2026-31431:我用 DeepSeek 复现了 AI 发现Copy Fail 提权的全过程 - CVE-2026-31431: I used DeepSeek to reproduce the entire process of AI detecting Copy Fail privilege escalation.

[object Object]

CVE-2026-31431
r/blueteamsec
CRITICALVulnerability

CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a recently disclosed security flaw impacting various Linux distributions to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability, tracked as CVE-2026-31431 (CVSS score: 7.8), is a case of local privilege escalation (LPE) flaw that could allow an

CVE-2026-31431
The Hacker News
MEDIUMVulnerability

How to block CVE-2026-31431 (Copy Fail)

[object Object]

CVE-2026-31431
r/blueteamsec
MEDIUMVulnerability

CVE-2026-31431: Copy Fail vulnerability enables Linux root privilege escalation across cloud environments | Microsoft Security Blog

[object Object]

CVE-2026-31431
r/cybersecurity
MEDIUMVulnerability

CVE-2026-31431 eBPF fix - Copy.fail

[object Object]

CVE-2026-31431
r/blueteamsec
MEDIUMVulnerability

CVE-2026-31431 (Copy Fail) PHP PoC

[object Object]

CVE-2026-31431
r/cybersecurity
LOWAi

Metasploit Wrap-Up 05/01/2026

MCP server This release our very own cdelafuente-r7 finished implementing the Metasploit MCP Server (msfmcpd), bringing Model Context Protocol support to Metasploit Framework. MCP lets AI applications like Claude, Cursor, or your own custom agents query Metasploit data. Think of it as a middleware layer that exposes 8 standardized tools for searching modules and pulling reconnaissance data, all bu

CVE-2026-31431
Rapid7
CRITICALSupply Chain

‘Trivial’ exploit can give attackers root access to Linux kernel

CSOs must ensure their Linux-based systems block unauthorized privilege escalation until distros release patches to plug a serious kernel vulnerability affecting all Linux distributions shipped since 2017. Until fixes are available for what’s been dubbed the Copy Fail logic bug ( CVE-2026-31431 ), which lets users easily obtain root access, there isn’t much CSOs can do, says Johannes Ullrich , dea

CVE-2026-31431CVE-2016-5195
CSO Online
HIGHVulnerability

CISA KEV: Linux Kernel — Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability

Linux Kernel contains an incorrect resource transfer between spheres vulnerability that could allow for privilege escalation.

CVE-2026-31431Linux Kernel
CISA KEV
MEDIUMVulnerability

CVE-2026-31431 (Copy Fail) detection toolkit — auditd, eBPF, Sigma, YARA

[object Object]

CVE-2026-31431
r/blueteamsec
LOWVulnerability

New Linux 'Copy Fail' Vulnerability Enables Root Access on Major Distributions

Cybersecurity researchers have disclosed details of a Linux local privilege escalation (LPE) flaw that could allow an unprivileged local user to obtain root. The high-severity vulnerability tracked as CVE-2026-31431 (CVSS score: 7.8) has been codenamed Copy Fail by Xint.io and Theori. "An unprivileged local user can write four controlled bytes into the page cache of any readable file on a Linux

CVE-2026-31431
The Hacker News

References (83)

https://git.kernel.org/stable/c/19d43105a97be0810edbda875f2cd03f30dc130cPatchhttps://git.kernel.org/stable/c/3115af9644c342b356f3f07a4dd1c8905cd9a6fcPatchhttps://git.kernel.org/stable/c/893d22e0135fa394db81df88697fba6032747667Patchhttps://git.kernel.org/stable/c/8b88d99341f139e23bdeb1027a2a3ae10d341d82Patchhttps://git.kernel.org/stable/c/961cfa271a918ad4ae452420e7c303149002875bPatchhttps://git.kernel.org/stable/c/a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5Patchhttps://git.kernel.org/stable/c/ce42ee423e58dffa5ec03524054c9d8bfd4f6237Patchhttps://git.kernel.org/stable/c/fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8Patchhttp://www.openwall.com/lists/oss-security/2026/04/29/23ExploitMailing Listhttp://www.openwall.com/lists/oss-security/2026/04/29/25Mailing ListPatchhttp://www.openwall.com/lists/oss-security/2026/04/29/26ExploitMailing Listhttp://www.openwall.com/lists/oss-security/2026/04/30/10Mailing ListPatchhttp://www.openwall.com/lists/oss-security/2026/04/30/11Mailing ListPatchhttp://www.openwall.com/lists/oss-security/2026/04/30/12Mailing ListPatchhttp://www.openwall.com/lists/oss-security/2026/04/30/14Mailing ListPatchhttp://www.openwall.com/lists/oss-security/2026/04/30/15Mailing ListPatchhttp://www.openwall.com/lists/oss-security/2026/04/30/16Mailing ListPatchhttp://www.openwall.com/lists/oss-security/2026/04/30/17Mailing Listhttp://www.openwall.com/lists/oss-security/2026/04/30/18ExploitMailing Listhttp://www.openwall.com/lists/oss-security/2026/04/30/2Mailing Listhttp://www.openwall.com/lists/oss-security/2026/04/30/20Mailing Listhttp://www.openwall.com/lists/oss-security/2026/04/30/5ExploitMailing Listhttp://www.openwall.com/lists/oss-security/2026/04/30/6Mailing Listhttp://www.openwall.com/lists/oss-security/2026/05/01/10Mailing Listhttp://www.openwall.com/lists/oss-security/2026/05/01/12Mailing Listhttp://www.openwall.com/lists/oss-security/2026/05/01/15Mailing Listhttp://www.openwall.com/lists/oss-security/2026/05/01/16Mailing Listhttp://www.openwall.com/lists/oss-security/2026/05/01/17Mailing Listhttp://www.openwall.com/lists/oss-security/2026/05/01/18Mailing Listhttp://www.openwall.com/lists/oss-security/2026/05/01/2Mailing Listhttp://www.openwall.com/lists/oss-security/2026/05/01/22Mailing Listhttp://www.openwall.com/lists/oss-security/2026/05/01/23Mailing Listhttp://www.openwall.com/lists/oss-security/2026/05/01/24Mailing Listhttp://www.openwall.com/lists/oss-security/2026/05/01/3Mailing Listhttp://www.openwall.com/lists/oss-security/2026/05/02/14Mailing Listhttp://www.openwall.com/lists/oss-security/2026/05/02/15Mailing Listhttp://www.openwall.com/lists/oss-security/2026/05/02/16Mailing Listhttp://www.openwall.com/lists/oss-security/2026/05/02/17Mailing Listhttp://www.openwall.com/lists/oss-security/2026/05/02/18Mailing Listhttp://www.openwall.com/lists/oss-security/2026/05/02/19Mailing Listhttp://www.openwall.com/lists/oss-security/2026/05/02/20Mailing Listhttp://www.openwall.com/lists/oss-security/2026/05/02/21Mailing Listhttp://www.openwall.com/lists/oss-security/2026/05/02/23Mailing Listhttp://www.openwall.com/lists/oss-security/2026/05/02/24Mailing Listhttp://www.openwall.com/lists/oss-security/2026/05/02/25Mailing Listhttp://www.openwall.com/lists/oss-security/2026/05/02/4Mailing Listhttp://www.openwall.com/lists/oss-security/2026/05/02/5Mailing Listhttp://www.openwall.com/lists/oss-security/2026/05/02/6Mailing Listhttp://www.openwall.com/lists/oss-security/2026/05/02/7Mailing Listhttp://www.openwall.com/lists/oss-security/2026/05/02/8Mailing Listhttp://www.openwall.com/lists/oss-security/2026/05/03/10Mailing Listhttp://www.openwall.com/lists/oss-security/2026/05/03/12Mailing Listhttp://www.openwall.com/lists/oss-security/2026/05/03/13Mailing Listhttp://www.openwall.com/lists/oss-security/2026/05/03/3Mailing Listhttp://www.openwall.com/lists/oss-security/2026/05/03/4Mailing Listhttp://www.openwall.com/lists/oss-security/2026/05/03/5Mailing Listhttp://www.openwall.com/lists/oss-security/2026/05/03/6Mailing Listhttp://www.openwall.com/lists/oss-security/2026/05/04/1Mailing Listhttp://www.openwall.com/lists/oss-security/2026/05/04/10Mailing Listhttp://www.openwall.com/lists/oss-security/2026/05/04/11Mailing Listhttp://www.openwall.com/lists/oss-security/2026/05/04/12Mailing Listhttp://www.openwall.com/lists/oss-security/2026/05/04/13Mailing Listhttp://www.openwall.com/lists/oss-security/2026/05/04/14Mailing Listhttp://www.openwall.com/lists/oss-security/2026/05/04/2Mailing Listhttp://www.openwall.com/lists/oss-security/2026/05/04/24Mailing Listhttp://www.openwall.com/lists/oss-security/2026/05/04/27Mailing Listhttp://www.openwall.com/lists/oss-security/2026/05/04/28Mailing Listhttp://www.openwall.com/lists/oss-security/2026/05/04/29Mailing Listhttp://www.openwall.com/lists/oss-security/2026/05/04/31Mailing Listhttp://www.openwall.com/lists/oss-security/2026/05/04/8Mailing Listhttp://www.openwall.com/lists/oss-security/2026/05/04/9Mailing Listhttp://www.openwall.com/lists/oss-security/2026/05/06/5Mailing Listhttp://www.openwall.com/lists/oss-security/2026/05/07/12Mailing Listhttp://www.openwall.com/lists/oss-security/2026/05/07/2Mailing Listhttp://www.openwall.com/lists/oss-security/2026/05/08/13Mailing Listhttps://copy.failExploithttps://websec.net/blog/cve-2026-31431-linux-algifaead-page-cache-write-to-root-69f38a4ccddd2db1f520f170ExploitThird Party Advisoryhttps://www.kb.cert.org/vuls/id/260001Third Party Advisoryhttps://access.redhat.com/security/cve/cve-2026-31431#cve-details-mitigationThird Party Advisoryhttps://github.com/theori-io/copy-fail-CVE-2026-31431Exploithttps://lore.kernel.org/linux-cve-announce/2026042214-CVE-2026-31431-3d65@gregkh/Vendor Advisoryhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-31431US Government Resourcehttps://xint.io/blog/copy-fail-linux-distributions#the-fix-6ExploitPatch