CVE-2026-31431, known as Copy Fail, is a privilege escalation vulnerability present in the Linux kernel since 2017, affecting practically every distribution. A normal user can become root in under a second with nothing more than a Python script. No password. No special privileges.
If you just want to fix it without reading, go to the script.
Download the check script from the official CVE site (link in the video description) and run it as a normal user:
python3 copy_fail_check.pyIf your prompt changes from $ to # — you are vulnerable.
If it stays as user — you are already patched.
If your distribution has released a patched kernel, update it and reboot. Then run the check again.
If your distribution has not released a patched kernel yet, disable the vulnerable module. Two commands.
Block it persistently:
echo "install algif_aead /bin/false" | sudo tee /etc/modprobe.d/disable-algif_aead.confRemove it from the running kernel immediately:
sudo rmmod algif_aeadRun the check script again. If you see this, you are protected:
Traceback (most recent call last):
File "youtux.py", line 9, in <module>
while i<len(e):c(f,i,e[i:i+4]);i+=4
File "youtux.py", line 5, in c
a=s.socket(38,5,0);a.bind(...)
FileNotFoundError: [Errno 2] No such file or directoryWhen your distro eventually releases the patched kernel, revert with:
sudo rm /etc/modprobe.d/disable-algif_aead.conf
sudo rebootThe script checks if you are vulnerable, applies the mitigation if needed, and optionally reboots. Works on any distribution.
Download:
download copy_fail_mitigate.shRun:
chmod +x copy_fail_mitigate.sh
sudo ./copy_fail_mitigate.shWith automatic reboot:
sudo ./copy_fail_mitigate.sh --rebootTo revert once your kernel is patched:
sudo ./copy_fail_mitigate.sh --revert
Comments