Linux 'Copy Fail' CVE-2026-31431 Enables Root on All Major Distros Since 2017

CVE-2026-31431, dubbed “Copy Fail” by researchers at Xint.io and Theori, is a local privilege escalation flaw in the Linux kernel’s authencesn cryptographic template (CVSS 7.8). Introduced in 2017, it affects all major Linux distributions running kernels from that point forward. An unprivileged local user can write four controlled bytes into the page cache of any readable file to gain root. A working public exploit has been released.

The flaw is local-only — an attacker needs existing code execution at low privilege first. Nonetheless, the exploit availability and decade-long exposure make patching urgent. Apply kernel updates from your distribution vendor; most major distros have patches available or in progress.