Linux Kernel "Copy Fail" — 732-Byte Local Root Exploit Hits Every Major Distro Since 2017 (CVE-2026-31431)

AI relevance: AI agent code-execution sandboxes that run LLM-generated code inside Linux user namespaces can escape to root on the host via this 732-byte exploit — any agent environment relying on namespace isolation for security is now vulnerable.

What happened

• A zero-day vulnerability in the Linux kernel, dubbed "Copy Fail" and tracked as CVE-2026-31431 (CVSS 7.8), was publicly disclosed on April 30, 2026.
• Discovered by Theori researcher Taeyang Lee; the Xint Code Research Team built a full exploit chain using AI-assisted analysis.
• The bug is a logic error — not a race condition — in the kernel's authencesn cryptographic template, reachable via the AF_ALG socket interface combined with the splice() system call.
• A 732-byte Python script using only standard library modules achieves deterministic root on every tested distribution and architecture.
• Unlike Dirty Cow or Dirty Pipe, this exploit requires no race-winning, no kernel version offsets, no recompilation, and no compiled payloads.
• Affects every major Linux distribution shipped since 2017 — Ubuntu, Debian, RHEL, Fedora, SUSE, Arch, and derivatives.
• The flaw targets the kernel's page cache by triggering a copy operation failure that leaves stale data accessible to unprivileged users.

Why it matters

• AI agent sandboxes running untrusted, LLM-generated code typically rely on Linux user namespaces, containers, or seccomp profiles for isolation — this vulnerability pierces that boundary entirely.
• The exploit is trivially small (732 bytes) and uses only Python standard library, making it easy for any threat actor to adopt without specialized tooling.
• The Xint Code Research Team demonstrated that AI-assisted analysis can rapidly scale a vulnerability disclosure into a working exploit chain — shrinking the patch-to-exploit window.
• CI/CD runners executing untrusted pull requests on Linux are equally vulnerable, extending the blast radius to software supply chains.
• No kernel recompilation or version-specific offsets are needed, meaning the exploit works universally across patched and unpatched kernels alike until the CVE fix lands.

What to do

• Monitor your distribution's kernel update channel and apply patches as soon as they are released.
• Until patches are available, restrict AF_ALG socket access for unprivileged users (e.g., via sysctl or AppArmor/SELinux profiles).
• AI agent platforms running user-code sandboxes should implement additional defense-in-depth: seccomp-bpf filtering, no-new-privs enforcement, and read-only root filesystems.
• Review CI/CD runner configurations: isolate untrusted builds on dedicated, ephemeral VMs rather than shared containers until kernel patches are deployed.

Sources

• byteiota — Copy Fail CVE-2026-31431: 732 Bytes to Root
• The Hacker News — Linux "Copy Fail" Vulnerability
• Cybersecurity News — Linux Kernel 0-Day "Copy Fail"