'Copy Fail' Flaw: 5 YARA Rules for Detection

**Executive Summary:** Copy Fail (CVE-2026-31431) is a Linux kernel logic bug in the AF_ALG cryptographic template that allows any unprivileged local user to perform a controlled in-memory 4-byte write to the page cache (affecting kernels 4.14 through 7.0-rc), enabling reliable local privilege escalation to root; ReversingLabs observed the original 732-byte Python PoC and multiple trivial variants plus compiled shellcode payloads on disclosure and provides a five-tier YARA ruleset and references to mitigations and upstream fixes.