Copy Fail: Universal Linux Local Privilege Escalation Vulnerability

CVE-2026-31431 (“Copy Fail”) is a widespread Linux kernel vulnerability in the AEAD/algif_aead path that lets an unprivileged user overwrite 4 bytes in the page cache of any readable file (including setuid binaries) to achieve local root escalation and potentially container escape; upstream is patched but many distributions remained unpatched as of May 1, 2026, and the advisory includes mitigation, detection guidance, and references to a public proof-of-concept.