← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Linux Kernel Flaw Grants Root Access to Any Local User Across All Major Distributions
WHITE CODERED_VTA 2026-05-06 Modified: 2026-05-06
11
IOCs
MEDIUM VOLUME
A critical vulnerability tracked as CVE-2026-31431 affects virtually every mainstream Linux distribution released between 2017 and April 2026, allowing any unprivileged local user to gain complete root access to the system. The flaw resides in the kernel's crypto API (AF_ALG), specifically in the algif_aead module that ships enabled by default in standard configurations across Ubuntu, Red Hat Enterprise Linux, Amazon Linux, SUSE, Debian, Arch, Fedora, and numerous other distributions. The vulner...
privilege-escalationdefense-evasionT1068T1611T1055mediumvtathreat-intelligence
Indicators of Compromise (11)
All CVE FileHash-SHA256 FileHash-SHA1 FileHash-MD5 domain hostname
TYPEINDICATORDESCRIPTIONCREATED
CVE CVE-2026-31431 2026-05-06
FileHash-SHA256 a567d09b15f6e4440e70c9f2aa8edec8ed59f53301952df05c719aa3911687f9 2026-05-06
FileHash-SHA1 83194d178f4b9c6fcdfaed0ea4ae3ec2ca3db6f4 2026-05-06
FileHash-MD5 75b009a56079eef56d8b845ffab385eb 2026-05-06
FileHash-SHA1 09e97bd8f1aa3868b720a7a12a60b1c365798e06 2026-05-06
domain githubcopilot.com 2026-05-06
domain githubusercontent.com 2026-05-06
hostname api.githubcopilot.com 2026-05-06
hostname avatars.githubusercontent.com 2026-05-06
domain 2fgithub.com 2026-05-06
domain xint.io 2026-05-06
References (3)
↗ https://github.com/theori-io/copy-fail-CVE-2026-31431/blob/main/copy_fail_exp.py ↗ https://github.com/theori-io/copy-fail-CVE-2026-31431 ↗ https://copy.fail/