CISA Warning: High-Severity Linux Flaw Puts Unpatched Systems at Risk

This report details CVE-2026-31431 (nicknamed “Copy Fail”), a Linux kernel crypto/subsystem splice logic flaw that lets low-privileged users modify in-memory copies of privileged binaries to achieve root privileges; it is reportedly actively exploited, a proof-of-concept and exploit details have been published, and CISA has urged immediate patching while recommending interim mitigations such as auditing user privileges and restricting the algif_aead module.