CVE-2026-31431: The Optimization That Opened Root
A 732-byte Python script dropped today gives any unprivileged user a root shell on every mainstream Linux distribution running a kernel built after 2017. No race condition. No kernel-specific offsets. A straight logic flaw in code that has been shipping on your servers, your CI/CD runners, and your cloud instances for eight years. The vulnerability is CVE-2026-31431. The researchers named it Copy Fail. Here is what happened. The AF_ALG Interface In 2003, the Linux kernel crypto API grew a socket interface: AF_ALG. The idea was sound — expose kernel crypto primitives to userland without requiring applications to link against third-party crypto libraries. You open an AF_ALG socket, set the algorithm, feed it data, get results back. Clean separation between userland and kernel. ...