The same script works on every tested distribution and architecture
For nearly a decade, three seemingly innocuous changes to the Linux kernel lay dormant together, forming a path that any user with minimal access could walk straight to root. Discovered not by human intuition but by a machine learning tool, CVE-2026-31431 — Copy Fail — reminds us that complexity accumulates silently, and that the most dangerous vulnerabilities are often not the ones that look dangerous at all. A fix has arrived, but the nine-year window it leaves behind asks a harder question: how many other quiet combinations are still waiting to be found?
- A 732-byte Python script — small enough to fit in a tweet — grants any unprivileged user full root access on virtually every major Linux distribution released since 2017.
- The flaw requires no race conditions, no compiled payloads, and no version-specific knowledge, making it trivially portable across Ubuntu, Red Hat, Amazon Linux, SUSE, and more.
- Beyond local machines, the same exploit can break out of Kubernetes containers and compromise host nodes, threatening multi-tenant cloud environments at their foundations.
- A mainline kernel patch was committed April 1st, reverting the 2017 optimization that completed the dangerous combination — but patching across global infrastructure takes time.
- Organizations unable to patch immediately can blacklist the algif_aead kernel module with negligible performance cost, buying time while the broader fix propagates.
For nearly nine years, a flaw sat undetected inside the Linux kernel — not because it was hidden, but because no one thought to look at three separate changes together. It took a machine learning tool, Xint Code, developed by researchers at Theori, to finally surface what human eyes had missed. When the team understood what they had found, the implications were stark: any user with basic access to a Linux machine could run a tiny Python script and become root.
The vulnerability, CVE-2026-31431 — nicknamed Copy Fail — traces back to three independent kernel changes made between 2011 and 2017. Each was reasonable in isolation. A 2017 performance optimization to the cryptographic subsystem began reusing the same memory region for both input and output during decryption. Separately, a component called authencesn, used by IPsec, had a small quirk: it wrote four bytes past its intended boundary as scratch space. Neither change was wrong alone. Together, they opened a controlled path into the kernel's in-memory copy of setuid binaries — programs that run with elevated privileges. An attacker could choose which file to corrupt, where, and what to write. Four bytes was enough.
The exploit script fed cached memory pages into the cryptographic subsystem via the kernel's splice() function, triggering the out-of-bounds write into a setuid binary the attacker selected. Theori's team also discovered a second attack vector: because Linux's page cache is shared across all processes — including across container boundaries — the same primitive could be used to escape a Kubernetes pod and compromise the underlying host node, potentially crossing tenant boundaries in shared cloud environments.
A fix was committed to the mainline kernel on April 1st, reverting the 2017 optimization entirely. For organizations that cannot patch immediately, blacklisting the algif_aead kernel module carries minimal performance impact, since few production systems actively rely on the affected code path. The workaround is simple. The exposure window was not.
For nearly nine years, a flaw sat quietly in the Linux kernel, invisible to the thousands of security researchers who have combed through its code. It took a machine learning tool to find it. And when researchers at Theori finally understood what they were looking at, they realized that any person with basic access to a Linux machine—a contractor, a disgruntled employee, a compromised account—could run a 732-byte Python script and become root.
The vulnerability, catalogued as CVE-2026-31431 and nicknamed Copy Fail, affects virtually every major Linux distribution released since 2017. Ubuntu, Red Hat Enterprise Linux, Amazon Linux, SUSE—all of them carry the flaw. The severity rating sits at 7.8 out of 10, which in the language of cybersecurity means this is serious. What makes it genuinely alarming is its simplicity. Unlike earlier privilege escalation bugs that required precise timing, knowledge of specific kernel versions, or compiled exploit code, Copy Fail needs none of that. The same script works, unchanged, on every distribution and architecture the researchers tested.
The root cause is almost mundane in its ordinariness. Three separate changes to the kernel, made between 2011 and 2017, each seemed reasonable on its own. A 2017 performance optimization to the cryptographic subsystem switched how the kernel handled authenticated encryption with associated data—a standard operation in network security. The change made the system more efficient by using the same memory region for both input and output during decryption. Separately, another part of the kernel's cryptographic machinery, the authencesn template used by IPsec to secure network traffic, had a small quirk: it wrote four bytes past where it was supposed to, using that extra space as scratch memory during decryption. Neither change was wrong in isolation. Together, they created a path to controlled corruption.
When a user ran the exploit script, it fed cached memory pages into the cryptographic subsystem via a kernel function called splice(). Those pages sat in a buffer that the kernel could write into. The authencesn template then wrote those four bytes into a location it shouldn't have touched—but now, because of the 2017 optimization, that location was inside the kernel's in-memory copy of a setuid binary. A setuid binary is a program that runs with elevated privileges, and if an attacker could modify even four bytes of it, they could change its behavior. The attacker got to choose which file to corrupt, where in that file, and what value to write. That level of control was enough.
Theori's research team, led by Taeyang Lee and using an artificial intelligence scanning tool called Xint Code, discovered the flaw and traced its lineage back through years of kernel development. They also uncovered a second attack vector: the same primitive could be weaponized to escape from a Kubernetes container and compromise the host node. Because the page cache is shared across all processes on a Linux system, including across container boundaries, a compromised pod could corrupt a setuid binary on the host and potentially cross tenant boundaries in a multi-tenant environment.
A fix landed in the mainline kernel on April 1st, reverting the 2017 optimization entirely. For organizations unable to patch immediately, there is a simpler workaround: blacklist the algif_aead kernel module. Theori noted that this step would have no meaningful performance impact on most systems. The vulnerability had been dormant for so long that few systems actually rely on the affected code path. Still, the timeline is stark. Nine years of exposure. A script small enough to fit in a tweet. Root access on machines running some of the most widely deployed operating systems in the world. The only thing that stopped it earlier was that no one thought to look.
Notable Quotes
The same exact script works on every tested distribution and architecture— Theori's Xint Code research team
Blacklisting the algif_aead kernel module will have no measurable impact on the vast majority of systems— Theori
The Hearth Conversation Another angle on the story
Why did this take nine years to find? Isn't the Linux kernel constantly audited?
It is, but audits look for obvious mistakes. This wasn't a mistake in any single piece of code—it was a collision between three separate, reasonable changes that nobody connected until a machine learning tool was trained to spot these kinds of intersections.
So the Python script is the actual exploit? It's not just a proof of concept?
It's the actual exploit. 732 bytes. No compilation, no architecture-specific offsets, no race conditions to win. You run it and you're root. That's what makes it dangerous—it's not fragile or finicky.
If it affects Kubernetes, does that mean cloud containers are vulnerable?
Yes. A compromised pod can corrupt binaries on the host node. In a shared hosting environment, that's a tenant isolation problem. You could potentially break out of your container and affect other customers' workloads.
What does blacklisting the module actually do?
It prevents the kernel from loading the algif_aead code path at all. For most systems, that code isn't being used anyway—it's for a specific cryptographic interface that most applications don't touch. So you lose nothing and gain protection.
Why does the fix revert a 2017 optimization? Doesn't that hurt performance?
It does, but only for systems actually using that cryptographic interface. For everyone else, it's invisible. The kernel team decided correctness mattered more than a micro-optimization that almost nobody was relying on.
How does an AI tool find something humans missed?
It can process patterns across millions of lines of code and spot when independent changes create unintended interactions. A human auditor might review each change in isolation and sign off. A machine can see the collision.