CVE-2026-31431, dubbed Copy Fail, exposes a local privilege escalation flaw in Linux with a CVSS score of 7.8. Researchers at Xint.io and Theori disclosed that unprivileged local users can write four controlled bytes into the page cache of readable files, enabling root access on major Linux distributions.
The vulnerability requires an attacker with local system access. Exploitation does not demand special privileges or kernel modifications. An attacker leverages the page cache mechanism to manipulate file data in memory, then escalates permissions to root level.
The flaw affects multiple major Linux distributions. System administrators should prioritize patching affected kernels immediately. Organizations running Linux servers with untrusted local users face elevated risk. Defenders must inventory systems running vulnerable kernel versions and apply updates from their distribution vendors.
The Copy Fail vulnerability demonstrates that even mature operating systems harbor local escalation paths. Local access remains a critical attack vector. Restrict SSH access, enforce strong authentication, and segment user accounts to reduce exploitation surface. Monitor kernel security advisories for patch availability from Red Hat, Canonical, and SUSE.