Linux Kernel 0-Day “Copy Fail” Roots Every Major Distribution Since 2017
A critical zero-day vulnerability named “Copy Fail” (CVE-2026-31431) in the Linux kernel, affecting every major distribution since 2017, allows any unprivileged local user to gain root access by exploiting a flaw in the kernel's cryptographic template via the AF_ALG socket and splice() system call. The vulnerability, discovered by Theori and exploited by Xint Code Research Team, enables file page cache corruption undetectable by integrity tools, and also facilitates Kubernetes container escapes; a patch has been released and administrators are urged to update immediately.





