
Linux Copy Fail flaw exploited to gain root across major distros, CISA warns
CISA warns that the Copy Fail vulnerability (CVE-2026-31431) in the Linux kernel’s algif_aead interface is being exploited to obtain root privileges on unpatched systems, with a PoC shown for Ubuntu 24.04 LTS, Amazon Linux 2023, RHEL 10.1, and SUSE 16. Patches are rolling out across major distros; CISA added the flaw to the Known Exploited Vulnerabilities catalog and urges prompt patching per vendor guidance under BOD 22-01, following earlier patches like Pack2TheRoot.



