A logic flaw in the Linux kernel’s cryptographic subsystem lets any unprivileged local user write to the page cache of privileged binaries – gaining root access without a race condition, without recompiling anything, and without crashing the system.
PoC publicly available
CISA KEV listed
4 May 2026
A logic flaw in the Linux kernel’s cryptographic subsystem lets any unprivileged local user write to the page cache of privileged binaries – gaining root access without a race condition, without recompiling anything, and without crashing the system.
Bottom line
A public 732-byte Python exploit works reliably across Ubuntu, Amazon Linux, RHEL, and SUSE on every kernel shipped since 2017. If you run multi-tenant Linux – shared hosting, Kubernetes nodes, CI/CD runners – patch or apply the workaround now. This is already in CISA’s Known Exploited Vulnerabilities catalog.
What is this vulnerability?
Copy Fail is a logic flaw in algif_aead – the AEAD (authenticated encryption) socket interface that exposes kernel crypto operations to userspace via AF_ALG sockets. The bug was introduced in July 2017 with a commit that switched AEAD operations to process data in-place rather than copying it.
That in-place optimisation placed page cache pages into a writable scatterlist. The authencesn algorithm – used by IPsec for extended sequence number (ESN) support – writes four bytes of scratch data as part of its operation. Those four bytes land inside the page cache of whatever file was spliced into the socket, not into a safe scratch buffer.
The result: any unprivileged user can make a controlled, deterministic 4-byte write into the in-memory copy of any readable file on the system – including setuid root binaries like /usr/bin/sudo or /bin/su. Overwrite the right bytes, and the binary now runs attacker-controlled code as root.
We've got your back
How does the exploit work?
The published proof of concept is a 732-byte Python script using only the standard library. The technique chains three standard Linux syscalls:
Open an AF_ALG socket and configure it to use authencesn(hmac(sha256),cbc(aes))
Use splice() to feed page cache pages from a target setuid binary directly into the socket’s input scatterlist – no copy, pages are referenced in place
Trigger a decrypt operation – authencesn‘s scratch write goes into the now-chained page cache pages, overwriting bytes of the target binary in memory
Because there is no race condition and no timing window, the exploit succeeds on the first attempt every time. It requires Python 3.10+ for os.splice and no compiled code or external dependencies.
Comparison to prior kernel LPEs
Dirty Cow (CVE-2016-5195) needed a race condition and often required multiple attempts. Dirty Pipe (CVE-2022-0847) was version-specific and required precise pipe buffer manipulation. Copy Fail is a straight-line logic flaw – no races, no retries, no crashes, portable across distributions without modification.
Who is affected?
Any system running a Linux kernel between version 4.14 and the patched releases, where CONFIG_CRYPTO_USER_API_AEAD=y is set – which is the default on essentially all distributions. The regression was introduced in July 2017 and had been present for nearly nine years.
Attack vector
Local – requires code execution as an unprivileged user
Prerequisites
Any local unprivileged account – no special permissions, no sudo
User interaction
None required
While there is no standalone remote vector, this becomes critical when chained with common initial access techniques: SSH access with a low-privilege account, a web application RCE, a malicious CI/CD job, or a container foothold where the container shares the host kernel.
Patch and distribution status
As of 4 May 2026:
Patched
Ubuntu 26.04+
Arch Linux
Fedora
Patch pending – use workaround
Ubuntu 22.04 LTS
RHEL / AlmaLinux
Amazon Linux 2023
SUSE
Immediate mitigation – disable the module
CERT-EU and Ubuntu both recommend disabling algif_aead as an interim measure. This does not affect dm-crypt, LUKS, kTLS, IPsec/XFRM, OpenSSL, GnuTLS, NSS, or SSH.
echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf rmmod algif_aead 2>/dev/null || true
Important – RHEL/AlmaLinux/CloudLinux caveat
On RHEL-family distributions, algif_aead is built into the kernel, not as a loadable module. The modprobe.d workaround will appear to succeed but leaves the system unprotected. Only a patched kernel or live patch resolves this on those distributions. Check with your vendor for KernelCare or equivalent live patch availability.
You can check whether any process is currently using AF_ALG sockets before removing the module:
lsof | grep AF_ALG
If the module is in active use, a reboot after applying the config file will safely disable it, allowing applications to fall back to non-accelerated crypto.
Detection
The exploit relies entirely on standard syscalls – socket, setsockopt, splice, sendmsg, recvmsg. There is no unusual binary execution or network traffic to detect at the OS level. Host-based detection should look for:
Unprivileged processes opening AF_ALG sockets – particularly with the authencesn algorithm string in setsockopt
splice() calls that read from a setuid binary into an AF_ALG socket
Unexpected privilege escalation events in audit logs following the above syscall patterns
Sysdig Secure has a published detection rule “AF_ALG Page Cache Poisoning Leading to Privilege Escalation.” Microsoft Defender Vulnerability Management surfaces affected devices under the CVE-2026-31431 identifier.
Disclosure timeline
July 2017
Regression introduced in Linux kernel 4.14 via commit 72548b093ee3 – AEAD in-place optimisation
Early April 2026
Upstream fix included in kernel patch series (commit fafe0fa2995a), reverting the 2017 in-place change
29 April 2026
Public disclosure by Theori/Xint Code with full writeup and 732-byte PoC. Found via one-hour automated scan of the kernel crypto/ subsystem with a single operator prompt
30 April 2026
CERT-EU advisory published. Vendor patches and mitigations begin rolling out. CISA adds to KEV catalog
2 May 2026
Debian releases patched downstream kernel. CloudLinux live patches (KernelCare) available for affected versions
Ongoing
RHEL, older Ubuntu LTS, Amazon Linux, and SUSE patches in progress – check vendor advisories
The bigger picture
What makes Copy Fail notable beyond its severity is how it was found. Theori’s Xint Code automated security scanner identified the flaw with approximately one hour of runtime and a single operator prompt pointing it at the kernel’s crypto/ directory. The bug had been missed by human review for nearly nine years.
This has implications for shared-kernel deployment models. Namespace-based container isolation was never a security boundary against a compromised host kernel. If your threat model includes potentially malicious workloads on shared kernel hosts – public CI/CD pipelines, multi-tenant compute, Kubernetes with untrusted pods – Copy Fail is a reminder that a VM or hardware boundary is the appropriate isolation primitive, not cgroups and namespaces.
Summary action list
1. Identify all Linux hosts running kernel 4.14 – 6.18.21 (or 6.19 – 6.19.11) across your environment
2. Apply the modprobe.d workaround immediately on distros where it works (Debian, Ubuntu)
3. For RHEL-family distros, deploy a live patch or patched kernel as soon as available from your vendor
4. Treat any container RCE on a vulnerable host as potential host compromise
5. Check NVD (CVE-2026-31431) and your distro’s security tracker for the latest patch status
Need help assessing or patching your Linux servers?
Our team can assist with vulnerability assessment, patching, and post-incident investigation across your infrastructure.
