RESEARCHERS have identified a nine-year-old Linux root-escalation bug, dubbed Copy Fail, designated CVE-2026-31431, after an hour of AI-assisted scanning. The flaw lets any local user write four specific bytes to the in-memory copy of a readable file, effectively piggybacking on the program’s default root powers, with Xint describing it as a 100% reliable local privilege escalation across all Linux distributions.
The PoC exploit code runs only 10 lines, and a patch is freely downloadable, though old devices remain at risk if they are unpatched. The vulnerability stems from a long history of Linux kernel updates intended to speed up data encryption, including a 2017 change, and it can be exploited in scenarios such as Kubernetes clusters and CI runners, potentially leaking secrets or deployment keys.
According to Xint, AI is changing vulnerability research, yet human insight remains useful for subtler bugs like Copy Fail, where AI handles the grunt work of identifying specifics. 30 April 2026