New Linux 'Copy Fail' Vulnerability Enables Root Access on Major Distributions
The Hacker News, Thursday, April 30th, 2026
A critical Linux kernel vulnerability (CVE-2026-31431) allows unprivileged users to gain root access on major distributions.
Cybersecurity researchers have disclosed CVE-2026-31431, a high-severity local privilege escalation vulnerability dubbed 'Copy Fail' that affects major Linux distributions including Amazon Linux, RHEL, SUSE, and Ubuntu.
The flaw stems from a logic error in the Linux kernel's algif_aead module introduced in August 2017, allowing an unprivileged local user to write controlled bytes into the page cache and obtain root access through a simple 732-byte Python script.
What makes this vulnerability particularly dangerous is that it is portable, requires no race conditions, works reliably across all Linux versions and distributions, and can bypass sandboxing and container isolation.
The vulnerability echoes Dirty Pipe (CVE-2022-0847) as another page-cache exploitation technique, and major Linux distributions have already released advisories to address the issue.