Copy Fail: 732 Bytes to Root on Every Major Linux Distributions

Xint Code disclosed CVE-2026-31431, an authencesn scratch-write bug chaining AF_ALG + splice() into a 4-byte page cache write. A 732-byte PoC gets root on Ubuntu, Amazon Linux, RHEL, SUSE.

Xint Code 披露了 CVE-2026-31431，这是一个通过 AF_ALG + splice() 链式调用实现 4 字节页面缓存（page cache）写入的 authencesn 暂存区写入漏洞。一个 732 字节的 PoC 即可在 Ubuntu、Amazon Linux、RHEL 和 SUSE 上获取 root 权限。

Copy Fail (CVE-2026-31431)

Copy Fail (CVE-2026-31431) is a logic bug in the Linux kernel’s authencesn cryptographic template. It lets an unprivileged local user trigger a deterministic, controlled 4-byte write into the page cache of any readable file on the system. A single 732-byte Python script can edit a setuid binary and obtain root on essentially all Linux distributions shipped since 2017.

Copy Fail (CVE-2026-31431) 是 Linux 内核 authencesn 加密模板中的一个逻辑漏洞。它允许非特权本地用户触发对系统中任何可读文件页面缓存的确定性、受控的 4 字节写入。一个 732 字节的 Python 脚本即可修改 setuid 二进制文件，并在 2017 年以来发布的所有主流 Linux 发行版上获取 root 权限。

The kernel never marks the corrupted page dirty for writeback, so the file on disk remains unchanged and ordinary on-disk checksum comparisons miss the modification. However, the page cache is what actually gets read when accessing the file, so the corrupted in-memory version is immediately visible system-wide. A local unprivileged user can turn this into root by corrupting the page cache of a setuid binary. The same primitive also crosses container boundaries because the page cache is shared across the host.

内核不会将损坏的页面标记为“脏页”以进行回写，因此磁盘上的文件保持不变，常规的磁盘校验和比对无法发现这种修改。然而，当访问文件时，系统实际读取的是页面缓存，因此损坏的内存版本会立即在全系统范围内生效。本地非特权用户可以通过破坏 setuid 二进制文件的页面缓存来将其转化为 root 权限。由于页面缓存是在宿主机上共享的，该原语还可以跨越容器边界。

What Makes Copy Fail Different

The Linux kernel has had high-profile privilege escalation bugs before. Dirty Cow (CVE-2016-5195) required winning a race condition in the VM subsystem’s copy-on-write path. It often needed multiple attempts and sometimes crashed the system. Dirty Pipe (CVE-2022-0847) was version-specific and required precise pipe buffer manipulation.

Copy Fail 有何不同？

Linux 内核此前曾出现过备受关注的提权漏洞。Dirty Cow (CVE-2016-5195) 需要在 VM 子系统的写时复制（copy-on-write）路径中赢得竞争条件，通常需要多次尝试，有时还会导致系统崩溃。Dirty Pipe (CVE-2022-0847) 则具有版本限制，且需要精确的管道缓冲区操作。

Copy Fail is a straight-line logic flaw. It triggers without races, retries, or crash-prone timing windows.

Portable. The same exact script works on every tested distribution and architecture, including Ubuntu, Amazon Linux, RHEL, and SUSE. No per-distro offsets. No recompilation. No version checks in the exploit.
Tiny. The entire exploit is a short Python script using only standard library modules (os, socket, zlib). It requires Python 3.10+ for os.splice. No compiled payloads, no dependency installation.
Stealthy. The write bypasses the ordinary VFS write path. The corrupted page is never marked dirty by the kernel’s writeback machinery. Standard file integrity tools comparing on-disk checksums will miss it, because the on-disk file is unchanged. Only the in-memory page cache is corrupted.
Cross-container impact. The page cache is shared across all processes on a system, including across container boundaries. Copy Fail is not just a local privilege escalation. It is a container escape primitive and a Kubernetes node compromise vector.

Copy Fail 是一个直观的逻辑缺陷。它无需竞争条件、重试或容易导致崩溃的时间窗口即可触发。

可移植性强： 同一个脚本在所有测试过的发行版和架构（包括 Ubuntu、Amazon Linux、RHEL 和 SUSE）上均有效。无需针对不同发行版调整偏移量，无需重新编译，漏洞利用中也无需版本检查。
体积小： 整个漏洞利用程序是一个简短的 Python 脚本，仅使用标准库模块（os, socket, zlib）。它需要 Python 3.10+ 以支持 os.splice。无需编译载荷，无需安装依赖。
隐蔽性高： 写入操作绕过了常规的 VFS 写入路径。损坏的页面永远不会被内核的回写机制标记为脏页。比较磁盘校验和的标准文件完整性工具无法发现它，因为磁盘上的文件并未改变，只有内存中的页面缓存被损坏了。
跨容器影响： 页面缓存由系统上的所有进程共享，包括跨容器边界。Copy Fail 不仅仅是本地提权，它还是一个容器逃逸原语和 Kubernetes 节点入侵向量。

The Root Cause: Page Cache Pages in the Writable Scatterlist

AF_ALG is a socket type that exposes the kernel’s crypto subsystem to unprivileged userspace. A user can open a socket, bind to any AEAD (Authenticated Encryption with Associated Data) template, and invoke encryption or decryption on arbitrary data. No privileges required.

根本原因：可写分散列表（Scatterlist）中的页面缓存

AF_ALG 是一种将内核加密子系统暴露给非特权用户空间的套接字类型。用户可以打开一个套接字，绑定到任何 AEAD（带关联数据的认证加密）模板，并对任意数据调用加密或解密。无需任何权限。

A core primitive underlying this bug is splice(): it transfers data between file descriptors and pipes without copying, passing page cache pages by reference. When a user splices a file into a pipe and then into an AF_ALG socket, the socket’s input scatterlist holds direct references to the kernel’s cached pages of that file. The pages are not duplicated; the scatterlist entries point at the same physical pages that back every read(), mmap(), and execve() of that file.

该漏洞的核心原语是 splice()：它在文件描述符和管道之间传输数据而无需复制，通过引用传递页面缓存。当用户将文件 splice 到管道，然后再 splice 到 AF_ALG 套接字时，套接字的输入分散列表（scatterlist）会直接引用该文件的内核缓存页面。这些页面不会被复制；分散列表条目指向的是支持该文件所有 read()、mmap() 和 execve() 操作的相同物理页面。