‘Copy Fail’ Logic Flaw in Linux Kernel Enables System Takeover

Affecting the kernel’s authencesn cryptographic template, the vulnerability was introduced in 2017 and impacts all distributions.

A high-severity logic bug in the Linux kernel allows unprivileged attackers to write code to other files’ memory and obtain root shell, cybersecurity firm Theori reports.

Tracked as CVE-2026-31431 (CVSS score of 7.8) and dubbed Copy Fail, the issue is believed to affect all Linux distributions since 2017.

The security defect impacts the kernel’s authencesn Authenticated Encryption with Associated Data (AEAD) template, which IPsec uses for Extended Sequence Number (ESN) support.

According to Theori, the issue is that Linux places page cache pages in a writable scatterlist, that authencesn uses the caller’s destination scatterlist as scratch space, and that a 2017 optimization put page cache pages in the writable scatterlist.

When performing byte rearrangement in the scratch space, authencesn makes a call that writes four bytes of code past the ...