← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Linux Kernel Flaw Grants Root Access to Any Local User Across All Major Distributions
WHITE CODERED_VTA 2026-05-06 Modified: 2026-05-06
11
IOCs
MEDIUM VOLUME
A critical vulnerability tracked as CVE-2026-31431 affects virtually every mainstream Linux distribution released between 2017 and April 2026, allowing any unprivileged local user to gain complete root access to the system. The flaw resides in the kernel's crypto API (AF_ALG), specifically in the algif_aead module that ships enabled by default in standard configurations across Ubuntu, Red Hat Enterprise Linux, Amazon Linux, SUSE, Debian, Arch, Fedora, and numerous other distributions. The vulner...
privilege-escalationdefense-evasionT1068T1611T1055mediumvtathreat-intelligence
Indicators of Compromise (1 / 11 total)
All CVE FileHash-SHA256 FileHash-SHA1 FileHash-MD5 domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 a567d09b15f6e4440e70c9f2aa8edec8ed59f53301952df05c719aa3911687f9 2026-05-06
References (3)
↗ https://github.com/theori-io/copy-fail-CVE-2026-31431/blob/main/copy_fail_exp.py ↗ https://github.com/theori-io/copy-fail-CVE-2026-31431 ↗ https://copy.fail/