9-Year-Old Linux Kernel Vulnerability “Copy Fail” Enables Full Root Access

Offensive security research firm Theori discovered a bug in the Linux kernel that, surprisingly, has existed since 2017. The flaw, dubbed Copy Fail and tracked as CVE-2026-31431, allows a regular user to take total control of a computer system.

The Xint Code Research Team at Theori used their AI-powered code auditing tool to find this hidden error after an initial lead from researcher Taeyang Lee. The problem lies in how Linux handles security tasks within its cryptographic subsystem, specifically the algif_aead module.

A Tiny Script with Massive Impact

You need to know about the page cache to understand this flaw. A Page cache is a part of computer memory that stores bits of files so they can be read quickly without checking the storage drive every time. Copy Fail happens because of a mistake in authencesn tool, which uses a security method called the AEAD algorithm to lock data and ...