CVE-2026-31431: Copy Fail vulnerability enables Linux root privilege escalation across cloud environments

**CVE-2026-31431 ("Copy Fail")** is a high-severity local privilege escalation in the Linux kernel crypto subsystem that allows an unprivileged user to perform a controlled in-memory corruption of readable files (including setuid binaries) via AF_ALG/splice interactions, enabling deterministic escalation to root and potential container escape; it affects kernels from 2017 onward across major distributions. Microsoft Defender provides technical analysis, an example attack chain, evidence of a public PoC and limited testing activity, detection mappings for Defender products, and immediate mitigation guidance (patching, disabling AF_ALG, isolation and node recycling).