Copy Fail: Linux Kernel Zero-Day That Grants Root Across Distros
Security researchers disclosed Copy Fail, a Linux kernel zero-day (CVE-2026-31431) that lets any unprivileged local user gain root on major distros since 2017 by abusing AF_ALG sockets and splice() to corrupt in-memory page cache, leaving on-disk files unchanged; a 732-byte Python exploit reliably achieves root on tested systems (Ubuntu 24.04 LTS, Amazon Linux 2023, RHEL, SUSE). A patch reverts algif_aead.c to stop the behavior; mitigations include updating kernels or disabling the algif_aead module, with public disclosure on April 29, 2026 and Kubernetes container escape implications.