High-severity Linux kernel authencesn logic bug (CVE-2026-31431) enables local privilege escalation

First reported

01.05.2026 13:45

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

A high-severity zero-day vulnerability in the Linux kernel, tracked as CVE-2026-31431 and nicknamed Copy Fail, has been disclosed after existing undetected since 2017. The flaw is a logic bug in the kernel’s authencesn cryptographic template that permits an unprivileged local user to perform a deterministic four-byte write into the page cache of any readable file on the system. Successful exploitation allows an attacker to escalate privileges to root on affected Linux distributions released since 2017, requiring only a local account and physical access to the target machine. The vulnerability affects multi-user shared systems, containerized environments (Kubernetes, Docker), and similar setups, enabling potential unauthorized access to other users’ data. It has been assigned a CVSS score of 7.8 (High severity).

Timeline

01.05.2026 13:45 1 articles · 1h ago

CVE-2026-31431 patch deployed for Linux kernel authencesn logic bug after nine-year exposure
The Linux kernel security team assigned CVE-2026-31431 on April 22, 2026, and Theori publicly disclosed the flaw on April 29, 2026. A patch reverting a 2017 optimization in the authencesn template was integrated into major Linux distributions, including Debian, Ubuntu, SUSE, and Red Hat.
Show sources

Nine-Year-Old Zero-Day Flaw in Linux Kernel Discovered by AI-Equipped Security Researcher — www.infosecurity-magazine.com — 01.05.2026 13:45
Open in new tab

Information Snippets

The vulnerability, CVE-2026-31431, was introduced in the Linux kernel in 2017 through an optimization in the authencesn cryptographic template.
First reported: 01.05.2026 13:45

1 source, 1 article
Show sources
- Nine-Year-Old Zero-Day Flaw in Linux Kernel Discovered by AI-Equipped Security Researcher — www.infosecurity-magazine.com — 01.05.2026 13:45
The flaw allows an unprivileged local user to perform a deterministic four-byte write into the page cache of any readable file on the system, enabling privilege escalation to root.
First reported: 01.05.2026 13:45

1 source, 1 article
Show sources
- Nine-Year-Old Zero-Day Flaw in Linux Kernel Discovered by AI-Equipped Security Researcher — www.infosecurity-magazine.com — 01.05.2026 13:45
Exploitation requires physical access to the target machine and a local unprivileged user account; no network access, kernel debugging features, or pre-installed primitives are needed.
First reported: 01.05.2026 13:45

1 source, 1 article
Show sources
- Nine-Year-Old Zero-Day Flaw in Linux Kernel Discovered by AI-Equipped Security Researcher — www.infosecurity-magazine.com — 01.05.2026 13:45
The vulnerability impacts multi-user shared systems, container clusters (e.g., Kubernetes, Docker), and environments where user separation is critical.
First reported: 01.05.2026 13:45

1 source, 1 article
Show sources
- Nine-Year-Old Zero-Day Flaw in Linux Kernel Discovered by AI-Equipped Security Researcher — www.infosecurity-magazine.com — 01.05.2026 13:45
The Linux kernel security team assigned CVE-2026-31431 on April 22, 2026, and Theori publicly disclosed it on April 29, 2026.
First reported: 01.05.2026 13:45

1 source, 1 article
Show sources
- Nine-Year-Old Zero-Day Flaw in Linux Kernel Discovered by AI-Equipped Security Researcher — www.infosecurity-magazine.com — 01.05.2026 13:45
The patch reverts the 2017 optimization in AEAD operations; distributions such as Debian, Ubuntu, SUSE, and Red Hat have integrated the fix in kernel versions that include commit a664bf3d603d.
First reported: 01.05.2026 13:45

1 source, 1 article
Show sources
- Nine-Year-Old Zero-Day Flaw in Linux Kernel Discovered by AI-Equipped Security Researcher — www.infosecurity-magazine.com — 01.05.2026 13:45

Summary

Timeline

CVE-2026-31431 patch deployed for Linux kernel authencesn logic bug after nine-year exposure

Information Snippets