CISA: 'Copy Fail' Linux Flaw Now Actively Exploited
🔒CISA warns that threat actors are actively exploiting the Linux "Copy Fail" vulnerability tracked as CVE-2026-31431. The flaw exists in the kernel's algif_aead cryptographic algorithm interface and lets unprivileged local users gain root by writing four controlled bytes to the page cache of any readable file. Theori published a "100% reliable" Python PoC; vendors are issuing kernel fixes and CISA has ordered federal patches under BOD 22-01.
