oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE-2026-31431: CopyFail: linux local privilege scalation

From: Sam James <sam () gentoo org>
Date: Wed, 29 Apr 2026 23:39:44 +0100
Jan Schaumann <jschauma () netmeister org> writes:


Hi,

This is currently making the rounds and looks pretty
severe:

https://copy.fail/

A local privilege escalation vulnerability with a
working PoC python script exploiting a logic flaw in
the kernel crypto API (AF_ALG) affecting most Linux
distributions.

More detailed write-up:
https://xint.io/blog/copy-fail-linux-distributions

[...]



Affected and fixed versions
===========================

Issue introduced in 4.14 with commit
72548b093ee38a6d4f2a19e6ef1948ae05c181f7 and fixed in
6.18.22 with commit
fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8

Issue introduced in 4.14 with commit
72548b093ee38a6d4f2a19e6ef1948ae05c181f7 and fixed in
6.19.12 with commit
ce42ee423e58dffa5ec03524054c9d8bfd4f6237

Issue introduced in 4.14 with commit
72548b093ee38a6d4f2a19e6ef1948ae05c181f7 and fixed in
7.0 with commit
a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5


To say it explicitly, all the kernels in-between before 6.18 aren't
fixed.



https://git.kernel.org/stable/c/fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8
https://git.kernel.org/stable/c/ce42ee423e58dffa5ec03524054c9d8bfd4f6237
https://git.kernel.org/stable/c/a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5

----

PoC:
https://github.com/theori-io/copy-fail-CVE-2026-31431/blob/main/copy_fail_exp.py


Mitigation:

# echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf
# rmmod algif_aead 


Brad Spengler has been pointing out that this won't work on a few common
enterprise kernels where CONFIG_CRYPTO_USER_API_AEAD=y (rather than m).




-Jan


sam

Attachment: signature.asc
Description:

Previous By Date Next
Previous By Thread Next

Current thread: