Vulnerability detail
Enriched intelligence for a single CVE
High
CVE-2026-31431
PUBLISHEDcrypto: algif_aead - Revert to operating out-of-place
1 day faster than CISA KEV
- Vendor
- Linux
- Product
- Linux
- Published
- Apr 22, 2026
- EPSS
- 2.2% · 85% pctl
Automate this intelligence with the Pro API
Everything on this page — CVSS, EPSS, exploit status, PoCs, scanner integrations, mentions, tags, and immediate honeypot data — is available programmatically for VM, SOC, and CTI workflows.
Description
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.
Weaknesses (CWE)
-
Incorrect Resource Transfer Between Spheres
CVSS scores
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitation status
Exploited in the wild
Recorded 2026-06-01 13:26:07 UTC · CVE
Proof of concept available
Recorded 2026-05-06 09:49:14 UTC · GitHub
References
- https://git.kernel.org/stable/c/893d22e0135fa394db81df88697fba6032747667
- https://git.kernel.org/stable/c/19d43105a97be0810edbda875f2cd03f30dc130c
- https://git.kernel.org/stable/c/961cfa271a918ad4ae452420e7c303149002875b
- https://git.kernel.org/stable/c/3115af9644c342b356f3f07a4dd1c8905cd9a6fc
- https://git.kernel.org/stable/c/8b88d99341f139e23bdeb1027a2a3ae10d341d82
- https://git.kernel.org/stable/c/fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8
- https://git.kernel.org/stable/c/ce42ee423e58dffa5ec03524054c9d8bfd4f6237
- https://git.kernel.org/stable/c/a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5
Known exploited vulnerability sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| CVE First | 2026-06-01 13:26 UTC |
| CISA | 2026-06-02 14:01 UTC |
Recent mentions
Juniper Security Advisories · Jun 01, 2026
Potential proof of concepts
These PoCs are unverified and could contain malware. Use at your own risk.
github · Created 2026-06-05 10:27:36 UTC · 0 stars
github · Created 2026-06-05 01:05:38 UTC · 0 stars
Exploit for Copy-Fail Vulnerability - Python3 Version
github · Created 2026-06-01 18:53:44 UTC · 0 stars
github · Created 2026-05-29 00:29:50 UTC · 0 stars
github · Created 2026-05-28 13:52:15 UTC · 0 stars
aarch64 and x64 python POC
github · Created 2026-05-21 19:43:50 UTC · 0 stars
CVE-2026-31431-CopyFail---Minified-LPE-PoC
github · Created 2026-05-21 07:36:55 UTC · 0 stars
github · Created 2026-05-18 22:14:21 UTC · 0 stars
github · Created 2026-05-18 07:44:05 UTC · 0 stars
Local Privilege Escalation. Flips the running user's UID to 0 in /etc/passwd's page cache, then invokes su for a root shell.
github · Created 2026-05-18 05:23:15 UTC · 6 stars
Research artifacts, PoC scripts, and lab assets for the Copy Fail Linux local privilege escalation writeup on https://4xura.com/binex/kernel/copy-fail
github · Created 2026-05-16 20:53:45 UTC · 0 stars
github · Created 2026-05-16 16:02:14 UTC · 2 stars
Automated Metasploit post-exploitation module for CVE-2026-31431 ("Copy Fail"). Weaponizes a deterministic logic flaw in the Linux kernel AF_ALG subsystem to achieve local privilege escalation (LPE) to root by safely corrupting a setuid binary directly in the shared Page Cache (RAM) without modifying files on disk
github · Created 2026-05-13 11:36:00 UTC · 0 stars
Reproduced the fileless LPE CVE‑2026‑31431 (“Copy Fail”) on Kali Linux, then built auditd, Sigma & YARA detections to catch this stealthy kernel exploit that leaves no disk footprint.
github · Created 2026-05-12 07:30:56 UTC · 1 stars
A CVE-2026-31431 implementation in c++ and inline assembly dependency free
github · Created 2026-05-11 13:35:49 UTC · 0 stars
Relatório de Análise Técnica: Exploração de Falha de Isolamento no Kernel Linux (CVE-2026-31431)
github · Created 2026-05-11 01:14:12 UTC · 0 stars
CVE-2026-31431 - Linux Kernel Page Cache Vulnerability
github · Created 2026-05-09 09:35:17 UTC · 0 stars
github · Created 2026-05-06 09:49:14 UTC · 2 stars
Exploit CVE-2026-31431 on Linux using a Rust implementation to achieve local privilege escalation via an arbitrary page cache write primitive.
github · Created 2026-05-04 05:58:50 UTC · 10 stars
Safe detection tooling for CVE-2026-31431 "Copy Fail" and CVE-2026-43284 "Dirty Frag" — a local privilege escalation in the Linux kernel's algif_aead module affecting all major distributions since 2017.
github · Created 2026-05-03 03:08:04 UTC · 0 stars
CVE-2026-31431 merupakan celah keamanan yang terjadi akibat kegagalan dalam proses penyalinan data (copy operation failure). Kerentanan ini muncul ketika sistem tidak melakukan validasi atau penanganan error dengan benar saat melakukan proses copy data dari satu buffer ke buffer lain
github · Created 2026-05-01 13:20:31 UTC · 0 stars
CVE-2026-31431 - Copy Fail - PoC exploit
github · Created 2026-04-30 23:40:58 UTC · 2 stars
「🧨」PoC (Proof of Concept) of Copy Fail Local Privilege Escalation in Linux Kernel
github · Created 2026-04-30 12:59:11 UTC · 9 stars
Copy Fail - CVE-2026-31431
github · Created 2026-04-30 06:47:01 UTC · 0 stars
github · Created 2026-04-30 03:22:01 UTC · 2 stars
Detection rules for CVE-2026-31431 Linux LPE Vulnerability - Credit: (Copy Fail) https://copy.fail
github · Created 2026-03-08 17:40:11 UTC · 0 stars
A demo and explanation of CVE-2026-31431
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Proof of Concept Exploit Available
-
Added to KEVIntel
-
KEV confirmed by CISA