Copy Fail: 10-Line Python Exploit Grants Root on Linux Systems Since 2017

Key facts

• CVE-2026-31431, dubbed Copy Fail, is a local privilege escalation vulnerability in the Linux kernel's cryptographic subsystem.
• The exploit is a 732-byte Python proof-of-concept that works on Linux distributions released since 2017.
• The flaw affects the authencesn chain via AF_ALG and splice, enabling controlled writes to the page cache.
• Confirmed vulnerable distributions include Ubuntu, Amazon Linux, RHEL, and SUSE (with the algif_aead module).
• The vulnerability was discovered by researchers at Theori using AI-assisted code analysis after about one hour of experiments.
• Patches have been released in kernel versions 6.18.22, 6.19.12, and 7.0, with distribution-specific updates rolling out.
• A workaround involves disabling the algif_aead kernel module via modprobe configuration.
• The vulnerability is rated 7.8 on the CVSS scale.

A Single Click to Root: How Copy Fail Works

A newly disclosed vulnerability in the Linux kernel, tracked as CVE-2026-31431 and named Copy Fail, allows an unprivileged local user to gain root access with a single click. The exploit, contained in a 10-line Python script of just 732 bytes, requires no race condition, no offset guessing, and no complex preparation. Researchers at Theori, who discovered the flaw, demonstrated that the same proof-of-concept code works on major Linux distributions released since 2017, including Ubuntu, Amazon Linux, Red Hat Enterprise Linux, and SUSE. The vulnerability stems from a logical error in the kernel's cryptographic subsystem. Specifically, the chain involving authencesn, AF_ALG, and the splice system call allows an attacker to perform a controlled write into the page cache. By modifying the cached copy of a setuid binary, the attacker can alter its execution behavior and escalate privileges to root. Because the kernel uses the page cache when launching binaries, the modification goes unnoticed by standard file event monitoring tools like inotify.

Discovery via AI-Assisted Code Analysis

Theori researchers identified the vulnerability using artificial intelligence after approximately one hour of experiments analyzing the kernel's cryptographic code. The flaw has been present since Linux kernel version 4.14, released in 2017, and affects all subsequent kernels until the fix. The researchers published a proof-of-concept exploit and a patch for the kernel (commit a664bf3d603d). The patch has been incorporated into kernel versions 6.18.22, 6.19.12, and 7.0. Distribution maintainers have begun rolling out updates. Debian, Ubuntu, SUSE/openSUSE, Red Hat, Gentoo, Arch, and Fedora have all released or are preparing patches. Administrators are urged to apply updates promptly, especially on multi-user systems, shared hosts, CI/CD runners, Kubernetes clusters, and SaaS platforms that run user code.

High Stakes for Containers and Shared Environments

While Copy Fail is not a remote code execution vulnerability on its own—an attacker needs local access or a way to execute code on the target system—it poses a critical risk in environments where multiple users or containers share a kernel. A container breakout is possible because the page cache is shared between the host and containers. Similarly, a malicious CI runner or a compromised web application that achieves code execution can leverage Copy Fail to gain root on the host. The vulnerability has been compared to Dirty Cow and Dirty Pipe, but without the need for a race condition, making exploitation more reliable. Theori noted that the exploit can be used in attack chains, for example after compromising a system via web RCE, SSH access, or a malicious CI runner.

Workaround and Detection

As a temporary mitigation, administrators can disable the algif_aead kernel module, which is used by OpenSSL when the afalg engine is explicitly enabled and by some specific applications. The module can be blacklisted by creating a configuration file and removing the module from memory. To check if any application is currently using AF_ALG, the command 'lsof | grep AF_ALG' can be used. Organizations should verify whether their systems are running a vulnerable kernel version. The vulnerability affects all kernels from 4.14 up to but not including the patched versions. Distribution-specific status pages are available for Debian, Ubuntu, SUSE/openSUSE, RHEL, Gentoo, Arch, and Fedora.

A Second Linux Flaw: Pack2TheRoot in PackageKit

Separately, researchers from the Deutsche Telekom Red Team disclosed a high-severity vulnerability in the PackageKit daemon, a background service for package management on Linux. Tracked as CVE-2026-41651 and named Pack2TheRoot, the flaw carries a CVSS score of 8.8. It is a TOCTOU (time-of-check time-of-use) issue that combines three errors: user flags are written without transaction authorization checks, even during transaction execution. This allows an unprivileged user to install arbitrary RPM packages (including scriptlets) with root privileges and without authentication. The vulnerability affects PackageKit versions from 1.0.2 (November 2014) up to 1.3.4, and may have existed since version 0.8.1, released about 14 years ago. Tests confirmed exploitation on Ubuntu Desktop 18.04 (EOL), 24.04.4 LTS, 26.04 LTS beta, Ubuntu Server 22.04–24.04 LTS, Debian Desktop Trixie 13.4, RockyLinux Desktop 10.1, Fedora 43 Desktop, and Fedora 43 Server. The list is not exhaustive; any distribution with PackageKit preinstalled and enabled by default is likely vulnerable. PackageKit is an optional dependency of the Cockpit project, meaning many servers running Cockpit, including Red Hat Enterprise Linux, may also be affected. Exploitation takes seconds but leaves traces: the PackageKit daemon crashes due to an assertion failure, though systemd restarts it on the next D-Bus call, so no denial of service occurs. The crash is logged and can serve as an indicator of compromise. Technical details and a PoC have not been published to allow time for patching. PackageKit version 1.3.5 fixes the issue, and updates are already available for Debian, Ubuntu, and Fedora.

Outlook: Patching Urgency and Long-Term Implications

The disclosure of two critical Linux vulnerabilities in quick succession underscores the growing complexity of securing the kernel and essential system services. Copy Fail's simplicity—a 10-line Python script—and its broad impact across distributions since 2017 make it a significant threat, particularly in shared and containerized environments. The use of AI in its discovery also highlights evolving methods in vulnerability research. For Pack2TheRoot, the lengthy exposure window (over a decade) and the widespread use of PackageKit in desktop and server distributions amplify the urgency. Administrators should prioritize updating both the kernel and PackageKit, and consider disabling unnecessary services like algif_aead and PackageKit where feasible. The security community will be watching for exploit code once the embargo lifts, and for whether similar logical flaws exist in other kernel subsystems.

The bottom line

• Copy Fail (CVE-2026-31431) is a Linux kernel LPE that works on distributions since 2017 with a 10-line Python script.
• The vulnerability exploits a logical error in the authencesn/AF_ALG/splice chain to write to the page cache and modify setuid binaries.
• Patches are available in kernel 6.18.22+, 6.19.12+, and 7.0; distribution updates are rolling out.
• Pack2TheRoot (CVE-2026-41651) in PackageKit allows unprivileged users to install RPM packages as root without authentication.
• Both flaws require local access but are critical in shared hosting, containers, CI/CD, and multi-user systems.
• Administrators should apply patches immediately and consider workarounds like disabling algif_aead and updating PackageKit to 1.3.5.