DigiNews

Summary

Xint Code analyzes CVE-2026-31431, a Linux kernel vulnerability named Copy Fail that enables local root via a 732-byte PoC by corrupting the page cache through the AF_ALG AEAD path. The post explains the root cause—the in-place AEAD operation that can write past the output boundary into page cache pages—how the exploit works (targeting /usr/bin/su) and the remediation, including a patch that reverts to out-of-place operation and mitigating steps. It also notes the coordinated disclosure timeline and AI-assisted aspects of the research.