Copy Fail: The 732-Byte Script That Roots Every Major Linux System
OSTechNix, Thursday, April 30th, 2026
Copy Fail (CVE-2026-31431) is a critical Linux kernel vulnerability enabling reliable root access via a 732-byte exploit script.
Copy Fail (CVE-2026-31431) is a high-severity logic flaw in the Linux kernel affecting nearly every major Linux distribution released since 2017.
The vulnerability allows unprivileged users to gain root access through a tiny 732-byte Python script that exploits the page cache to corrupt in-memory versions of setuid binaries like /usr/bin/su.
The exploit is 100% reliable, requires no compiled payloads, and works unmodified across multiple architectures. The fix is available in Linux Kernel versions 6.18.22, 6.19.12, and 7.0, or users can temporarily disable the algif_aead module as a mitigation.