CVE-2026-31431

high

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.

From the Tenable Blog

Copy Fail (CVE-2026-31431): Linux Kernel Privilege Escalation FAQ | Tenable®
Copy Fail (CVE-2026-31431): Linux Kernel Privilege Escalation FAQ | Tenable®

Published: 2026-04-30

CVE-2026-31431 (Copy Fail) is a Linux kernel local privilege escalation flaw with a public PoC affecting all major distributions since 2017. Patches available.

References

https://securityaffairs.com/194338/uncategorized/dirtyclone-fourth-linux-kernel-flaw-in-six-weeks-escalates-to-root.html

https://thehackernews.com/2026/06/new-dirtyclone-linux-kernel-flaw-lets.html

https://www.cisa.gov/news-events/ics-advisories/icsa-26-174-06

https://securityaffairs.com/192436/uncategorized/dirtydecrypt-poc-released-for-yet-another-linux-flaw.html

https://www.infosecurity-magazine.com/news/fragnesia-linux-kernel-lpe-root/

https://aws.amazon.com/security/security-bulletins/rss/2026-030-aws/

https://aws.amazon.com/security/security-bulletins/rss/2026-029-aws/

https://www.infosecurity-magazine.com/news/dirty-frag-linux-kernel/

https://www.databreachtoday.com/dirty-frag-gives-root-on-linux-distros-a-31641

https://kb.cert.org/vuls/id/260001

https://isc.sans.edu/diary/rss/32968

https://aws.amazon.com/security/security-bulletins/rss/2026-027-aws/

https://aws.amazon.com/security/security-bulletins/rss/2026-026-aws/

https://unit42.paloaltonetworks.com/cve-2026-31431-copy-fail/

https://docs.cloud.google.com/support/bulletins/index#gcp-2026-028

https://www.infosecurity-magazine.com/news/zero-day-2017-linux-kernel/

https://docs.cloud.google.com/support/bulletins/index#gcp-2026-026

https://www.theregister.com/software/2026/04/30/linux-cryptographic-code-flaw-offers-fast-route-to-root/5229187

https://www.securityweek.com/copy-fail-logic-flaw-in-linux-kernel-enables-system-takeover/

https://www.darkreading.com/vulnerabilities-threats/ai-assisted-software-scan-linux-bug

https://www.bleepingcomputer.com/news/security/new-linux-copy-fail-flaw-gives-hackers-root-on-major-distros/

https://webflow.sysdig.com/blog/cve-2026-31431-copy-fail-linux-kernel-flaw-lets-local-users-gain-root-in-seconds

https://thehackernews.com/2026/04/new-linux-copy-fail-vulnerability.html

https://hackread.com/linux-kernel-vulnerability-copy-fail-full-root-access/

https://arstechnica.com/security/2026/04/as-the-most-severe-linux-threat-in-years-surfaces-the-world-scrambles/

https://www.theregister.com/2026/04/30/linux_cryptographic_code_flaw/

Details

Source: Mitre, NVD

Published: 2026-04-22

Updated: 2026-07-01

Named Vulnerability: copy.failNamed Vulnerability: CopyFailNamed Vulnerability: Copy FailKnown Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

CVSS v4

Base Score: 8.6

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Severity: High

EPSS

EPSS: 0.96267

Vulnerability Watch

Tenable Research has classified this CVE under the following Vulnerability Watch classification, which includes active and historical (inactive) classifications. You can learn more about these classifications on our blog.

Vulnerability of Interest