CVE-2026-31431 'copy_fail': AI-Discovered Linux Kernel LPE Under Active Exploitation

CVE-2026-31431 'copy_fail' is a local privilege-escalation vulnerability in the Linux kernel's AF_ALG/AEAD ESN crypto path, present in every distro since 2017, discovered by an AI scanning agent in ~1 hour. CrowdStrike confirms in-the-wild exploitation; CISA has added it to the KEV catalogue.

1 min read|agenticonsult Intelligence

CVE-2026-31431 'copy_fail': AI-Discovered Linux Kernel LPE Under Active Exploitation

CVE-2026-31431 ("copy_fail") is a local privilege-escalation vulnerability in the Linux kernel's AF_ALG/AEAD ESN crypto path present in every distribution updated since 2017. An AI scanning agent from Theori discovered the bug — a 4-byte controlled write into any readable file's page cache — in approximately 1 hour of scan time and published a 732-byte Python PoC. CrowdStrike has confirmed in-the-wild exploitation; CISA has added it to the Known Exploited Vulnerabilities catalogue and Metasploit modules are shipping.

Why It Matters

Not remotely exploitable but trivially lethal post-foothold — patch all Linux systems immediately. The Theori case demonstrates that AI-assisted exploit discovery is compressing timelines from months to hours, collapsing the economic case for private zero-day markets.

Primary source

Theori / Fireship

#cve-2026-31431 #linux #security #privilege-escalation #kernel

Discuss onLinkedIn X

This breaking-news item was assembled from the cited primary source with AI assistance. It is intended for rapid situational awareness — refer to the original publication for the definitive statement.

View all live intel

Live Intel Feed

10:50 AMCoupang Q1 2026: $266M Net Loss Attributed to 2025 Korean Data Breach 10:50 AMAnalysts Flag Circular AI Investment Loop Among Hyperscalers and Frontier Labs 10:50 AMBlackRock CEO Larry Fink Predicts Emergence of Compute Futures Market