CopyFail: An AI Found a 9-Year-Old Bug That Roots Every Linux Machine on Earth in One Hour

There's a 732-byte Python script floating around the internet right now that can give any unprivileged user full root access on virtually every Linux machine that's been updated since 2017. No race conditions. No kernel-specific offsets. No compiled payloads. Just run it, get root.

This is CVE-2026-31431 — nicknamed CopyFail — and it's already on CISA's Known Exploited Vulnerabilities list and confirmed active in the wild by CrowdStrike. The story of how it was found might be the more important headline.

The Bug Itself

CopyFail lives in the Linux kernel's `authencesn` cryptographic template — a component that's been quietly sitting inside the kernel since commits made in 2015 and 2017. The vulnerability is a logic flaw in how `authencesn` interacts with `AF_ALG` (the kernel's crypto API interface) and the `splice()` system call.

Here's the short version: `authencesn` writes four bytes of scratch data into what it believes is a safe crypto output buffer. But due to a bug in the `algif_aead` splice function, that output buffer can accidentally point directly into the page cache — the kernel's in-memory cache of file contents — of a read-only file.

The exploit script targets `/usr/bin/su` — the setuid binary that's on every Linux distro and lets users execute commands as root. It corrupts the in-memory version of `su` via the page cache, the file on disk stays untouched, on-disk checksums show nothing unusual, and the corrupted version is what actually executes when anyone calls it.

Four bytes. Four controlled bytes written to the right location, and you're root.

What separates CopyFail from previous high-profile Linux exploits like Dirty Cow (CVE-2016-5195) or Dirty Pipe (CVE-2022-0847) is the absence of any race condition. Those exploits required precise timing, multiple attempts, and sometimes crashed the target system. CopyFail is a straight-line logic flaw — it works every time, on the first try, with no system instability.

The researchers at Theori who published the exploit verified it across Ubuntu 24.04 LTS, Amazon Linux 2023, RHEL 10.1, and SUSE 16 — and the same unmodified script produced a root shell on all four. Debian, Arch, Fedora, Rocky, Alma, Oracle — if the kernel was built between 2017 and the patch window, same story.

Who Found It, and How

This is the part that should make every security team rethink their tooling. The bug was surfaced by Xint Code — an AI-powered code auditing tool built by Theori, the security research firm that also has the most wins in DEF CON CTF history. A human researcher, Taeyang Lee, had a hunch: he was studying how the Linux crypto subsystem interacts with page-cache-backed data and noticed something worth investigating in the `splice()` interaction path. He gave Xint Code a single operator prompt — essentially: "splice() can deliver page cache references of read-only files to crypto TX scatter lists — go look."

Total scan time to identify CopyFail and produce a full root cause analysis: approximately one hour.

The going rate on the gray market for a universal Linux privilege escalation — the kind that works across all major distros without per-kernel customization — is between $10,000 and $7 million, per Crowdfence bounty pricing benchmarks. Theori dropped the proof of concept on the public internet for free.

The disclosure timeline: reported to the Linux kernel security team on March 23, patch committed to mainline by April 1, CVE assigned April 22, public disclosure on April 29. The patch reverts the 2017 `algif_aead` in-place optimization — the performance shortcut that introduced the flaw in the first place.

Who's Actually at Risk

CopyFail is a local privilege escalation — the attacker needs to already have an unprivileged user account on the system. This is not a remote code execution vulnerability. An attacker can't hit your machine cold from the internet with this. But "local only" does not mean "low risk," especially in 2026.

Consider: Multi-tenant Linux hosts — shared dev boxes, jump hosts, build servers. Any user becomes root.

Kubernetes and container clusters — the page cache is shared across the host. A container with the right primitives can use CopyFail to compromise the node and cross tenant boundaries. Theori is publishing a second post specifically on the Kubernetes container escape.

CI/CD runners — GitHub Actions self-hosted runners, GitLab runners, Jenkins agents. Anything that executes untrusted pull request code as a regular user on a shared kernel is fully exposed. A PR becomes root on the runner.

Cloud SaaS running user code — notebook hosts, agent sandboxes, serverless functions. Any tenant-supplied container or script on a shared kernel is a potential vector.

Standard Linux servers — lower risk if only your team has shell access, but it chains lethally with web RCE or stolen credentials.

What To Do Right Now

Patch. Every major distribution is shipping the kernel update now. This is a drop-everything situation for any multi-tenant or shared-kernel environment.

If you can't patch immediately: Disable the `algif_aead` module:

```bash echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf rmmod algif_aead ```

For the vast majority of systems, disabling `algif_aead` breaks nothing. It does not affect dm-crypt/LUKS, kTLS, IPsec, in-kernel TLS, OpenSSL, GnuTLS, or SSH. The only things affected are userspace applications explicitly configured to use `AF_ALG` — a narrow population. For any environment running untrusted workloads (containers, sandboxes, CI), block `AF_ALG` socket creation via seccomp as an additional layer regardless of patch state.

The Bigger Signal

An AI tool found a 9-year-old, universal Linux privilege escalation in one hour of scan time with a single human-written prompt. The human had the insight; the machine did the sweep.

This will not be the last time this happens. Xint's own disclosure notes that the same scan surfaced additional high-severity bugs still in coordinated disclosure. The Linux kernel is 30+ million lines of code. The crypto subsystem alone is enormous. The historical assumption was that bugs of this severity required deep human expertise and significant time to surface. That assumption is now operationally wrong.

The offensive implication is obvious — if defenders can do this, so can adversaries with equivalent or better tooling, and they may already be running these scans against every major codebase. CrowdStrike confirming in-the-wild exploitation within days of disclosure is consistent with this read. The defensive implication is equally clear: AI-assisted code auditing at scale is no longer a research curiosity. It's infrastructure. The teams that treat it that way will find their bugs before someone else does.

CopyFail is a 9-year-old logic flaw in a routine-looking crypto optimization. It needed 732 bytes to express and one hour to find. The question isn't whether more like it are sitting in production codebases right now. They are. The question is who finds them first.