Copy Fail

CVSS 7.8CVE-2026-31431
Deterministic logic bug in the authencesn cryptographic template allowing unprivileged page-cache writes into setuid binaries and container escape.

Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua.

Details

Author
Xint
Introduced
4.14 72548b093ee3<>
Fixed
6.19a664bf3d603d
Stable
6.18.22, 6.12.19, 6.6.52, 6.1.118

Am I affected?

yes

dont run this

Timeline

  1. Reported to Linux kernel security team
  2. Initial acknowledgment
  3. Patches proposed and reviewed[2]
  4. Patch committed to mainline[1]
  5. CVE-2026-31431 assigned[3][4]
  6. Public disclosure[7]

Mitigation

Disable algif_aead if it's a loadable module

ok

echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif-aead.conf
rmmod algif_aead 2>/dev/null || true

If algif_aead is built into the kernel

With CONFIG_CRYPTO_USER_API_AEAD=y, blacklist the initcall via your bootloader and reboot.[7]

initcall_blacklist=algif_aead_init

Sources

  1. https://github.com/theori-io/copy-fail-CVE-2026-31431
  2. https://github.com/torvalds/linux/commit/a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5
  3. https://ubuntu.com/blog/copy-fail-vulnerability-fixes-available
  4. https://access.redhat.com/security/vulnerabilities/RHSB-2026-02
  5. https://www.cisa.gov/known-exploited-vulnerabilities-catalog
  6. https://nvd.nist.gov/vuln/detail/CVE-2026-31431
  7. https://copy.fail/

History