CVE-2026-31431: “Copy Fail” Linux kernel flaw lets local users gain root in seconds

Copy Fail (CVE-2026-31431) is a Linux kernel local privilege escalation (CVSS 7.8) in the algif_aead AF_ALG interface that lets unprivileged users corrupt page cache of setuid binaries via splice() and an AEAD algorithm’s 4-byte scratch write, enabling reliable escalation to root; working PoCs exist for major distributions (Ubuntu 24.04, Amazon Linux 2023, RHEL 10.1, SUSE 16) and the report provides affected/fixed versions, technical exploitation details, Falco/Sysdig detection rules, and mitigation guidance including patching and restricting AF_ALG socket creation.