Linux 'Copy Fail' Vulnerability Grants Root Access

A critical Linux local privilege escalation (LPE) flaw, dubbed ‘Copy Fail’ and tracked as CVE-2026-31431 (CVSS: 7.8), has been disclosed by Xint.io and Theori, as reported by The Hacker News. This high-severity vulnerability allows an unprivileged local user to achieve root access on major Linux distributions. The core issue lies in the ability to write four controlled bytes into the page cache of any readable file.

This isn’t just another bug; it’s a direct path to full system compromise from a local user context. The attacker’s calculus here is straightforward: gain initial low-privilege access, then leverage Copy Fail to elevate to root. This makes it a prime candidate for post-exploitation lateral movement and persistent access. The Hacker News emphasizes that this flaw impacts a broad range of Linux systems, making its remediation a top priority for defenders.

For CISOs, this means a critical review of your Linux estate is warranted. While the CVSS score is high, the ‘local’ aspect means an attacker needs some initial foothold. However, in complex environments with numerous services, containers, and user accounts, that initial foothold is often easier to achieve than we’d like to admit. This vulnerability lowers the bar significantly for privilege escalation once an attacker is on the box.