Local privilege escalation in the Linux kernel's crypto/algif_aead module. Any unprivileged local user can perform a controlled 4-byte write into the page cache of any readable file. Point that write at a setuid binary like /usr/bin/su and you have root. The PoC is 732 bytes of Python. The bug is deterministic, no race condition, no per-kernel offsets. It has been latent in the tree since 2017.
| Field | Value |
|---|---|
| CVE ID | CVE-2026-31431 |
| Nickname | CopyFail / Copy Fail |
| import SwiftUI | |
| import Combine | |
| | |
| struct FlightBookingView: View { | |
| @ObservedObject var model: FlightBookingViewModel | |
| var body: some View { | |
| NavigationView { | |
| Form { | |
| DatePicker(selection: $model.departureDate, in: model.departureDateRange, displayedComponents: .date) { |
| #!/usr/local/bin/python3 | |
| import os | |
| import subprocess | |
| import json | |
| from os.path import expanduser | |
| home = expanduser("~") | |
| track = 'reasonml' | |
| projects = ['protein-translation', 'armstrong-numbers', 'change', 'rna-transcription', 'space-age', 'bob', 'anagram', 'accumulate', 'run-length-encoding', 'minesweeper', 'hello-world', 'leap', 'isogram', 'raindrops', 'acronym', 'word-count', 'allergies', 'all-your-base', 'pangram', 'binary-search'] |
| #!/usr/bin/env python3 | |
| import os | |
| # 1. Save this file in /home/ethos/monitor.py on your ethOS | |
| # 2. Change permission to make it executable | |
| # chmod 0755 /home/ethos/monitor.py | |
| # 3. Run crontab | |
| # # crontab -e | |
| # 4. Schedule a cron task to execute every 5 minutes | |
| """ |