VU#260001: Linux kernel contains local privilege escalation vulnerability (Copy Fail) (opens in new tab)

Overview A privilege escalation vulnerability has been discovered in Linux kernel versions version 4.17 (released 2017) and later. Many popular distributions and Linux-based containers are affected. This vulnerability was publicly disclosed on April 29, 2026, has been assigned CVE ID CVE-2026-31431, and is commonly referred to as "Copy Fail." Description The Linux kernel, since version 4.17, includes the algif_aead module, which provides user space access to authenticated encryption with asso...