Copy Fail: Easily gained root access in system.

Almost 2 days ago a Linux CVE is published named as Copy Fail (CVE-2026–31431). Using this CVE a non root user can gain access to the root.

Somnath Nandi

~1 min read · May 2, 2026 (Updated: May 2, 2026) · Free: Yes

What is happening ?

Researcher found a logical flaw in kernel's cryptographic algorithms that allows to rewrite the buffer and change the target binary (/usr/bin/su) with shell code, the binary itself is not changed in the disk (ssd, hdd).

These steps are followed:

Load the target binary in the kernel page cache.
Run the crypto algorithm which will write shell code in page cache using socket.
Now run target binary. Kernel will load the target binary from the page cache.
Instead it will execute the shell code from page cache. Because su runs with uid 0, it will run shell code in uid 0 also.
Now we will gain root access, now use it with remote code execution and you can gain access any system after 2017 release.

The Fix

The Patch(a664bf3d603d) fixed this issue. Update your system and install latest patch it will fix this automatically.

Links

Read this article to know about it more

#linux #cve #cve-2026-31431 #exploit #kernel

< Go to the original

Copy Fail: Easily gained root access in system.

Almost 2 days ago a Linux CVE is published named as Copy Fail (CVE-2026–31431). Using this CVE a non root user can gain access to the root.

Reporting a Problem