Security researchers are warning of a new “logic flaw” in Linux called Copy Fail (CVE-2026-31431), a critical vulnerability that poses a threat to all users running a Linux-based operating system.
Xint Code discovered the flaw in Linux’s authencesn cryptographic template, which “lets an unprivileged local user trigger a deterministic, controlled 4-byte write into the page cache of any readable file on the system.” In other words, anyone can potentially change the cached copy of any file in memory without actually changing the real file.
This flaw can be abused to corrupt the cached version of a privileged process, tricking the system into granting higher privileges to the user—even full access to administrative processes. Using Copy Fail, a hacker could access sensitive information and install backdoors.
According to Ars Technica, this is the most serious vulnerability in Linux since 2022, when Dirty Pipe was in the news. What makes Copy Fail more of a threat than past privilege escalation vulnerabilities is that it’s a “straight-line logic flaw”—no need to win a race condition as with Dirty Cow, no need to perform precise pipe buffer manipulation.
It’s also portable, meaning the same exact demo Python script can be used to break all major Linux distributions. No need to recompile for different platforms or even run version checks. Read more in the comprehensive explanation posted on Xint’s blog.
Fortunately, the Copy Fail vulnerability has been patched in Linux kernel versions 7.0, 6.19.12, 6.18.12, 6.12.85, 6.6.137, 6.1.170, 5.15.204, and 5.10.254. If your PC is running on a Linux operating system, you should update your kernel as soon as possible.
