Linux 'Copy Fail' Flaw Delivers Root-Level Access to Distros

AI-Assisted Offensive Security Researcher Discovered Flaw After 1 Hour of Scanning Mathew J. Schwartz (euroinfosec) • April 30, 2026

The Linux kernel needs to be patched to fix a vulnerability that exists in every distribution of the operating system created from 2017, onward. Successfully exploiting the flaw in the kernel's cryptography API would give an attacker root-level access to the operating system.

See Also: AI Agents Introduce a New Insider Threat Model

"An unprivileged local user can write 4 controlled bytes into the page cache of any readable file on a Linux system, and use that to gain root," said researchers at offensive security firm Theori on Wednesday of the local privilege escalation flaw, CVE-2026-31431. They nicknamed it "Copy Fail."

"Most major distributions are shipping the fix now," they said. As a temporary mitigation, users can "disable the algif_aead module" to block the flaw from being exploited, although ...