On April 29, 2026, a security research firm called Theori published a disclosure, a dedicated website at copy.fail, a GitHub repository, and a 732-byte Python script. That script gives any unprivileged local user on a Linux machine from 2017 or later full root access. No race condition. No per-distro adjustments. Straight-line, deterministic logic that works unmodified on Ubuntu, SUSE, Amazon Linux, Red Hat, Debian, Arch, and every other major distribution shipping a kernel built since August 2017.
They found it in about an hour.
What CopyFail Actually Does
The vulnerability — CVE-2026-31431 — is not a buffer overflow or a use-after-free. It is a logic flaw that creates a precise, controlled four-byte write into the page cache of any readable file on the system, including setuid-root binaries.
The page cache is where the kernel stores file contents in memory. When you execute /usr/bin/su, the kernel loads that binary's pages into memory and runs from there. If you can modify those in-memory pages without touching the file on disk, you have changed what the kernel executes without triggering any file-integrity check. The file on disk is pristine. Your IDS, your checksum monitoring, your SELinux file labels — all of them are watching the wrong thing.
That is exactly what this exploit does. It patches su in memory, calls execve, and the kernel runs your injected shellcode as UID 0 because su is setuid-root. Root access, no noise left on disk.
The Three-Piece Bug That Composed Over Six Years
This is the part that makes CopyFail interesting as a vulnerability class, not just as an exploit. The flaw was not introduced all at once. It is the combination of three independent changes spread across six years.
2011: A cryptographic template called authencesn was added to the kernel to support IPsec ESP with 64-bit Extended Sequence Numbers. From the beginning, it used its output scatterlist as scratch space — writing ESN bytes into a chained page of the destination buffer. Normal behaviour for kernel crypto, nothing alarming in isolation.
2015: The AF_ALG interface — a socket layer that exposes kernel crypto algorithms to userspace — gained AEAD support with a splice() path. This let you deliver file page-cache pages directly into crypto scatterlists, which is also normal and useful in isolation.
2017: A performance optimisation was added to algif_aead.c. To avoid allocating a separate output buffer, it set the AEAD request source and destination to the same memory — req->src = req->dst — and chained the tag pages from the TX scatter-gather list into the RX side using sg_chain(). This meant page-cache pages delivered via splice() ended up in the writable destination scatterlist. When authencesn then wrote its four ESN scratch bytes into dst[assoclen + cryptlen], it was writing into those chained page-cache pages.
The 2017 commit created the dangerous combination. Unprivileged userspace, a socket you can open without any special capabilities, and four bytes you can write exactly where you choose in the in-memory contents of any readable file on the machine.
The core insight that led to its discovery: "splice() can deliver page-cache references of read-only files to crypto TX scatter lists." One sentence. Nine years of exposure.
An AI Found It in One Hour
The researcher is Taeyang Lee at Theori. The tool is Xint Code, Theori's AI-assisted security auditing system. Lee had a hypothesis about the Linux crypto subsystem and page-cache-backed data interactions, turned that hypothesis into a single prompt, and handed it to the tool.
Scan time: approximately one hour. The same run surfaced at least one other high-severity privilege escalation bug alongside CopyFail.
This is worth sitting with for a moment. The gray market price for a universal, reliable, distro-agnostic Linux local privilege escalation is somewhere between $10,000 and $7,000,000 — the upper end is what Crowdfence and similar acquirers pay for exactly this class of primitive. Theori found it in an hour with an AI agent and published the proof of concept for free.
This does not mean kernel security was careless or that human reviewers failed. It means the search space for logic flaws across interconnected subsystems is large enough that tools operating at AI scale now have a structural advantage in finding the combinations that humans miss during individual code review.
Who Is Affected
Every Linux distribution shipping a kernel built since August 2017 is affected. Theori verified root access on:
- Ubuntu 24.04 LTS (and all prior LTS releases)
- Amazon Linux 2023
- Red Hat Enterprise Linux 10.1
- SUSE Linux Enterprise 16
- Debian (all current stable releases)
- Fedora, Rocky Linux, AlmaLinux, Oracle Linux
- Arch Linux
The exploit requires the algif_aead kernel module to be loaded. This is the default configuration on all major distributions, which is why the script works without modification across all of them.
The good news, such as it is: CopyFail is not remotely exploitable. You need a shell on the machine already — as any unprivileged user — to run the exploit. SSH access with a low-privilege account, a compromised web application, a CI/CD runner, or a container sharing a host kernel are all sufficient entry points. CrowdStrike has already confirmed in-the-wild attacks: a Jenkins server was compromised via an unpatched plugin, the attacker landed as the jenkins user, and immediately escalated to root using this script.
CISA added CVE-2026-31431 to its Known Exploited Vulnerabilities catalog on May 1, 2026 — two days after disclosure. That is as fast as the KEV process moves.
What You Need to Do
Patch. The upstream fix reverts the 2017 in-place optimization in algif_aead.c, restoring out-of-place operation so page-cache pages can never end up in a writable destination scatterlist. Patched versions are available: 7.0, 6.19.12, 6.18.22, 6.12.85, 6.6.137, 6.1.170, 5.15.204, and 5.10.254.
If you run Ubuntu, Debian, RHEL, SUSE, or Amazon Linux, your distribution has likely already shipped or is imminently shipping a patched kernel. Update and reboot.
If you cannot patch immediately, blocklist the algif_aead module:
echo "install algif_aead /bin/false" >> /etc/modprobe.d/disable-algif-aead.confThis closes the exploit path without a reboot if the module is not already loaded. It may affect applications that explicitly use kernel AEAD via AF_ALG — most systems will not notice.
Audit your attack surface. CopyFail requires local access, but local access is easier than it sounds. If you are running web applications, CI/CD runners, or any service that processes external input, you have potential footholds. The upgrade path for an attacker is now trivially scripted. Assume any low-privilege compromise on a vulnerable kernel is a root compromise.
The Bigger Picture
The Linux kernel is audited by some of the most skilled engineers alive. The authencesn change was a legitimate optimisation. The AF_ALG splice path is legitimate infrastructure. The 2017 in-place change was a reasonable performance improvement. None of them looked dangerous in isolation.
The bug only appears when you hold all three in your head simultaneously and trace the data flow across subsystem boundaries. That is exactly the kind of analysis AI-assisted tools are well-suited for — exhaustive cross-subsystem scans that are too expensive to run manually at the necessary breadth.
What Theori demonstrated is less about this specific vulnerability and more about what the new floor looks like. If a logic flaw hiding across six years of commits and three subsystems can be found in an hour with the right prompt, the question for every team running infrastructure is what else is sitting quietly in the codebases they depend on.
The answer is to patch CopyFail now, and to start taking AI-assisted security scanning seriously before someone else's AI finds the next one first.