Critical Linux Kernel Vulnerability CopyFail Rocks the Security Community

On April 30, 2026, security research firm Theori publicly disclosed a Linux kernel vulnerability codenamed CopyFail (CVE-2026-31431), along with working exploit code. Security experts are calling it “the most severe Linux security threat to surface in years.”

The vulnerability was privately reported to the Linux kernel security team five weeks ago. While the kernel team has already issued patches across multiple versions — including 7.0, 6.19.12, 6.18.12, 6.12.85, 6.6.137, 6.1.170, 5.15.204, and 5.10.254 — the vast majority of Linux distributions have not yet incorporated these fixes into their update packages, leaving hundreds of millions of servers and devices worldwide still exposed.

How the Vulnerability Works

CopyFail stems from an in-place optimization flaw in the Linux kernel’s cryptographic API (AF_ALG) introduced in 2017. The defect allows page cache pages to end up in writable destination scatterlists, enabling privilege escalation.

Critically, the attack requires only an unprivileged local user account — no network access, no kernel debugging features, no pre-installed primitives. Since AF_ALG ships enabled in essentially every mainstream distribution’s default configuration, the entire range from the 2017 patch window to current versions is vulnerable out of the box.

Who Is at Risk?

The scope of CopyFail is extraordinarily broad, affecting virtually every Linux deployment scenario:

• Multi-tenant Linux hosts: Shared dev boxes, shell-as-a-service, jump hosts, build servers
• Kubernetes/container clusters: The page cache is shared across the host; a container with the right primitives can compromise the node and cross tenant boundaries
• CI/CD pipelines: GitHub Actions self-hosted runners, GitLab runners, Jenkins agents — anything executing untrusted PR code as a regular user on a shared kernel
• AI and cloud computing: Notebook hosts, agent sandboxes, serverless functions, any tenant-supplied container or script environment

Automated Exploitation Already Demonstrated

Adding to the urgency, Theori demonstrated the vulnerability’s automated exploitation capability. Their tool successfully scanned and compromised Redis, PostgreSQL, and MariaDB database systems with zero human intervention. The project was also a finalist in the DoD DARPA AI Cyber Challenge.

Remediation

Security experts strongly recommend that all Linux system administrators take immediate action:

1. Patch immediately: Update your distribution’s kernel package to one that includes mainline commit a664bf3d603d, which reverts the 2017 algif_aead in-place optimization. Most major distributions are now shipping the fix.
2. Multi-tenant environments first: Cloud providers and container cluster operators should treat this as the highest priority.
3. Single-tenant systems: While not directly exposing remote attack vectors, any local code execution on these systems will escalate to root.

This incident underscores the critical importance of open-source supply chain security. A nearly decade-old kernel optimization flaw, once its exploit code is publicly released, can pose devastating risks to global internet infrastructure.

Source: Ars Technica | CopyFail

Vulnerability Details

The vulnerability stems from an injection flaw in GitHub’s internal X-Stat header protocol. When users push code to GitHub via SSH, requests pass through multiple internal service components: babeld (git proxy entry point), gitauth (authentication service), gitrpcd (internal RPC server), and the pre-receive hook (security enforcement).

These components communicate security metadata via the X-Stat header, which uses semicolon-delimited key-value pairs. The critical issue is that babeld copies user-controlled git push option values directly into the X-Stat header without sanitizing semicolons. Attackers can inject malicious values containing semicolons in their push options, creating new attacker-controlled fields.

Because the X-Stat header uses “last-write-wins” semantics, attacker-injected fields silently override legitimate security fields. The research team mapped multiple injectable security-critical fields, including rails_env (controls hook execution path), custom_hooks_dir (hook script directory), and repo_pre_receive_hooks (pre-receive hook definitions).

Exploitation Chain

The exploitation chain consists of three injection steps:

1. Bypass the sandbox: Inject a non-production rails_env value to switch from the sandboxed production path to an unsandboxed direct execution mode.
2. Redirect hook directory: Inject custom_hooks_dir to control the base directory where the binary looks up hook scripts.
3. Inject hook definition: Inject a crafted hook entry with a path traversal sequence, ultimately executing arbitrary binaries on the filesystem.

On GitHub Enterprise Server (GHES), the full chain grants complete control over the instance, including all hosted repositories and internal secrets. On GitHub.com, the vulnerability allows remote code execution on shared storage nodes — the team confirmed that millions of public and private repositories belonging to other users and organizations were accessible on the affected nodes.

AI-Assisted Discovery

Notably, this is one of the first critical vulnerabilities discovered in closed-source binaries using AI. The Wiz team leveraged AI-augmented tooling — particularly automated reverse engineering using IDA MCP — to rapidly analyze GitHub’s compiled binaries, reconstruct internal protocols, and systematically identify where user input could influence server behavior across the entire pipeline.

Patch Status

GitHub mitigated the issue on GitHub.com within 6 hours of the report and released patches for all supported GHES versions. However, data at the time of disclosure indicated that 88% of GHES instances remained vulnerable. GitHub Enterprise Server customers are urged to upgrade to version 3.19.3 or higher immediately.

GitHub CISO Alexis Wales stated: “A finding of this caliber and severity is rare, earning one of the highest rewards available in our Bug Bounty program.”

Source: Wiz Blog