CVE-2026-31431: Local Privilege Escalation via Page Cache Corruption in Linux Kernel AF_ALG
|
|
CVE-2026-31431, colloquially known as "Copy Fail," is a critical logic flaw in the Linux kernel's Cryptographic API (specifically the `algif_aead` module). It allows an unprivileged local user to perform a deterministic, controlled 4-byte write into the read-only page cache of any accessible file on the system. By corrupting the in-memory representation of SUID binaries, an attacker achieves local privilege escalation to the root user and can successfully escape containerized environments.
|
|
Executive Summary (TL;DR)
A logic flaw in the Linux kernel's `AF_ALG` socket interface allows unprivileged users to overwrite the page cache of SUID binaries via the `splice()` system call, yielding deterministic Local Privilege Escalation (LPE) and container escapes.
Also see CVE Record: CVE-2026-31431 found at https://www.cve.org/CVERecord?id=CVE-2026-31431 Full Story |
This topic does not have any threads posted yet!
You cannot post until you login.
