CVE-2026-31431: CVE-2026-31431: Local Privilege Escalation via Page Cache Corruption in Linux Ker…

1 / 2

CVE-2026-31431: CVE-2026-31431: Local Privilege Escalation via Page Cache Corruption in Linux Kernel AF_ALG

DEV Community·CVE Reports·about 1 month ago

#Mtc7CAEq

#exploit #security #cve #cybersecurity #kernel #linux

Reading 0:00

15s threshold

CVE-2026-31431: Local Privilege Escalation via Page Cache Corruption in Linux Kernel AF_ALG Vulnerability ID: CVE-2026-31431 CVSS Score: 7.8 Published: 2026-04-22 CVE-2026-31431, colloquially known as "Copy Fail," is a critical logic flaw in the Linux kernel's Cryptographic API (specifically the algif_aead module). It allows an unprivileged local user to perform a deterministic, controlled 4-byte write into the read-only page cache of any accessible file on the system. By corrupting the in-memory representation of SUID binaries, an attacker achieves local privilege escalation to the root user and can successfully escape containerized environments. TL;DR A logic flaw in the Linux kernel's AF_ALG socket interface allows unprivileged users to overwrite the page cache of SUID binaries via the splice() system call, yielding deterministic Local Privilege Escalation (LPE) and container escapes.…

Continue reading — create a free account

Join HashtagPLUS to read full articles, follow hashtags, vote, and join the conversation.

Create free account Log in

Menu

CVE-2026-31431: CVE-2026-31431: Local Privilege Escalation via Page Cache Corruption in Linux Kernel AF_ALG