Copy Fail exposes Linux to root by exploiting kernel crypto path
Security researchers disclosed Copy Fail (CVE-2026-31431), a Linux local privilege-escalation flaw in the algif_aead kernel module that lets an unprivileged user corrupt a page cache and elevate to root across major distributions since 2017. The issue is portable, cross-container, and can be triggered with a small Python script, prompting advisories from major distros. Exploitation is local (not remote) but remains highly dangerous due to its ease and wide impact.