★ 9/10 · General · 2026-04-30

Linux cryptographic code flaw offers fast route to root

A logic flaw in the Linux kernel's `authencesn` cryptographic template, identified as CVE-2026-31431 (Copy Fail), allows unprivileged local users to achieve local privilege escalation (LPE). By manipulating the page...

Captured 2026-04-30 00:01

Linux cryptographic code flaw offers fast route to root

Summary

A logic flaw in the Linux kernel's authencesn cryptographic template, identified as CVE-2026-31431 (Copy Fail), allows unprivileged local users to achieve local privilege escalation (LPE). By manipulating the page cache, an attacker can modify the execution of binaries to gain root access.

Key Points

  • CVE-2026-31431 is rated with a High severity score of 7.8/10.
  • The vulnerability allows an unprivileged local user to write four controlled bytes into the page cache of any readable file.
  • The exploit can be executed using a 732-byte Python script that targets setuid binaries.
  • The flaw is applicable to most Linux distributions released since 2017.
  • Unlike previous vulnerabilities such as Dirty Cow or Dirty Pipe, this exploit does not require winning a race condition.
  • Patches are available for Debian, Ubuntu, and SUSE, with Red Hat also providing updates.

Technical Details

The vulnerability originates from a logic error within the authencesn cryptographic template in the Linux kernel. It enables an attacker to overwrite four controlled bytes within the page cache of any readable file on the system. Because the kernel loads binaries directly from the page cache, modifying this cached data allows for the alteration of a program's execution flow. This method is particularly effective because it bypasses filesystem-level monitoring and security defenses, such as inotify, which focus on direct file system events.

The flaw also functions as a potential container escape primitive. Since the page cache is shared across the host, an attacker operating within a shared-kernel container or a Kubernetes node could potentially use this mechanism to affect the host environment. The exploit is highly efficient, requiring only a 10-line script to modify setuid binaries to grant root privileges.

Impact / Why It Matters

This vulnerability is a critical concern for multi-tenant Linux systems, shared-kernel containers, and CI/CD runners executing untrusted code. It provides a reliable path for local attackers to escalate privileges or escape container boundaries.

security linux vulnerability

↳ Sources