A new high-security zero-day vulnerability that has lurked in the Linux kernel since 2017 has just been found with the help of AI, in a discovery by Taeyang Lee, a vulnerability researcher at offensive security firm Theori. Lee used Xint Code, a source code analysing tool that is part of Theori’s AI-driven penetration testing platform, Xint[.]io, to uncover the flaw and reported it to the Linux kernel security team on 23 March.
The team assigned CVE-2026-31431 on 22 April, with Xint[.]io publicly disclosing it seven days later, and Theori has published a proof-of-concept exploit for defenders to verify patches. Copy Fail is a logic bug in the Linux kernel's authencesn cryptographic template that allows an unprivileged local user to trigger a deterministic four-byte write into the page cache of any readable file, potentially enabling root access on systems since 2017.
The vulnerability carries a high-severity CVSS rating of 7.8, and the patch reverts an AEAD optimization added in 2017; distribution kernels should be updated to commit a664bf3d603d from the main branch. Most major Linux distributions, including Debian, Ubuntu, SUSE and Red Hat, are now providing this fix.