Detections
Analytics
CVE-2026-31431
high
Description
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.
From the Tenable Blog
Copy Fail (CVE-2026-31431): Linux Kernel Privilege Escalation FAQ | Tenable®
Published: 2026-04-30
CVE-2026-31431 (Copy Fail) is a Linux kernel local privilege escalation flaw with a public PoC affecting all major distributions since 2017. Patches available.
References
https://www.kb.cert.org/vuls/id/260001
https://cert-portal.siemens.com/productcert/html/ssa-265688.html
https://cert-portal.siemens.com/productcert/html/ssa-082556.html
https://access.redhat.com/security/cve/cve-2026-31431#cve-details-mitigation
https://thehackernews.com/2026/05/linux-kernel-dirty-frag-lpe-exploit.html
https://thehackernews.com/2026/05/cisa-adds-actively-exploited-linux-root.html
https://therecord.media/linux-vulnerability-copy-fail-patch
https://www.helpnetsecurity.com/2026/04/30/copyfail-linux-lpe-vulnerability-cve-2026-31431/
https://www.infosecurity-magazine.com/news/fragnesia-linux-kernel-lpe-root/
https://aws.amazon.com/security/security-bulletins/rss/2026-030-aws/
https://aws.amazon.com/security/security-bulletins/rss/2026-029-aws/
https://www.infosecurity-magazine.com/news/dirty-frag-linux-kernel/
https://www.databreachtoday.com/dirty-frag-gives-root-on-linux-distros-a-31641
https://kb.cert.org/vuls/id/260001
https://isc.sans.edu/diary/rss/32968
https://aws.amazon.com/security/security-bulletins/rss/2026-027-aws/
https://aws.amazon.com/security/security-bulletins/rss/2026-026-aws/
https://unit42.paloaltonetworks.com/cve-2026-31431-copy-fail/
https://docs.cloud.google.com/support/bulletins/index#gcp-2026-028
https://www.infosecurity-magazine.com/news/zero-day-2017-linux-kernel/
https://docs.cloud.google.com/support/bulletins/index#gcp-2026-026
https://www.securityweek.com/copy-fail-logic-flaw-in-linux-kernel-enables-system-takeover/
https://www.darkreading.com/vulnerabilities-threats/ai-assisted-software-scan-linux-bug
https://thehackernews.com/2026/04/new-linux-copy-fail-vulnerability.html
https://hackread.com/linux-kernel-vulnerability-copy-fail-full-root-access/
https://www.theregister.com/2026/04/30/linux_cryptographic_code_flaw/
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-31431
https://lore.kernel.org/linux-cve-announce/2026042214-CVE-2026-31431-3d65@gregkh/
https://git.kernel.org/stable/c/fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8
https://git.kernel.org/stable/c/ce42ee423e58dffa5ec03524054c9d8bfd4f6237
https://git.kernel.org/stable/c/a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5
https://git.kernel.org/stable/c/961cfa271a918ad4ae452420e7c303149002875b
https://git.kernel.org/stable/c/8b88d99341f139e23bdeb1027a2a3ae10d341d82
https://git.kernel.org/stable/c/893d22e0135fa394db81df88697fba6032747667
https://git.kernel.org/stable/c/3115af9644c342b356f3f07a4dd1c8905cd9a6fc
https://git.kernel.org/stable/c/19d43105a97be0810edbda875f2cd03f30dc130c
http://www.openwall.com/lists/oss-security/2026/05/08/13
http://www.openwall.com/lists/oss-security/2026/05/07/2
http://www.openwall.com/lists/oss-security/2026/05/07/12
http://www.openwall.com/lists/oss-security/2026/05/06/5
http://www.openwall.com/lists/oss-security/2026/05/04/9
http://www.openwall.com/lists/oss-security/2026/05/04/8
http://www.openwall.com/lists/oss-security/2026/05/04/31
http://www.openwall.com/lists/oss-security/2026/05/04/29
http://www.openwall.com/lists/oss-security/2026/05/04/28
http://www.openwall.com/lists/oss-security/2026/05/04/27
http://www.openwall.com/lists/oss-security/2026/05/04/24
http://www.openwall.com/lists/oss-security/2026/05/04/2
http://www.openwall.com/lists/oss-security/2026/05/04/14
http://www.openwall.com/lists/oss-security/2026/05/04/13
http://www.openwall.com/lists/oss-security/2026/05/04/12
http://www.openwall.com/lists/oss-security/2026/05/04/11
http://www.openwall.com/lists/oss-security/2026/05/04/10
http://www.openwall.com/lists/oss-security/2026/05/04/1
http://www.openwall.com/lists/oss-security/2026/05/03/6
http://www.openwall.com/lists/oss-security/2026/05/03/5
http://www.openwall.com/lists/oss-security/2026/05/03/4
http://www.openwall.com/lists/oss-security/2026/05/03/3
http://www.openwall.com/lists/oss-security/2026/05/03/13
http://www.openwall.com/lists/oss-security/2026/05/03/12
http://www.openwall.com/lists/oss-security/2026/05/03/10
http://www.openwall.com/lists/oss-security/2026/05/02/8
http://www.openwall.com/lists/oss-security/2026/05/02/7
http://www.openwall.com/lists/oss-security/2026/05/02/6
http://www.openwall.com/lists/oss-security/2026/05/02/5
Details
Published: 2026-04-22
Updated: 2026-05-12
Named Vulnerability: copy.failNamed Vulnerability: CopyFailNamed Vulnerability: Copy FailKnown Exploited Vulnerability (KEV)
Risk Information
CVSS v2
Base Score: 6.8
Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C
Severity: Medium
CVSS v3
Base Score: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: High
CVSS v4
Base Score: 8.6
Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Severity: High
EPSS
EPSS: 0.00007
Vulnerability Watch
Tenable Research has classified this CVE under the following Vulnerability Watch classification, which includes active and historical (inactive) classifications. You can learn more about these classifications on our blog.
Vulnerability of Interest