Severe Linux Copy Fail security flaw uncovered using AI scanning help

Nearly every Linux distribution released since 2017 is currently vulnerable to a security bug called “Copy Fail” that allows any user to give themselves administrator privileges. The exploit, publicly disclosed as CVE-2026-31431 on Wednesday, uses a Python script that works across all of the vulnerable Linux distributions, requiring “no per-distro offsets, no version checks, no recompilation,” according to Theori, the security firm that uncovered it. Ars Technica points out this blog post where DevOps engineer Jorijn Schrijvershof explains that what makes Copy Fail “unusually nasty” is the likelihood for it to go unnoticed by monitoring tools: “Page-cache corruption never marks the page dirty. The kernel’s writeback machinery never flushes the modified bytes back to disk.” As a result, “AIDE, Tripwire, OSSEC and any monitoring tool that compares on-disk checksums see nothing.” Copy Fail was identified by Theori’s researchers with assistance from their Xint Code AI tool. According to a blog post , Taeyang Lee had an idea of looking into the crypto subsystem of Linux and created this prompt to run an automated scan that identified several vulnerabilities in “about an hour.” “This is the linux crypto/ subsystem. Please examine all codepaths reachable from userspace syscalls. …