Cross-platform C port of the Copy Fail Linux LPE (CVE-2026-31431). Disclosed 2026-04-29 by Theori / Xint.
Minimal no-libc Linux x86_64 ELF PoC build for Copy Fail (CVE-2026-31431)
Package alg provides access to Linux AF_ALG sockets for communication with the Linux kernel crypto API. MIT Licensed.
CopyFail (CVE-2026-31431): Linux kernel page-cache PrivEsc PoC + the only public detection tool. Novel PAM auth-bypass vector + Sigma/auditd/eBPF rules.
Defense-in-depth primitives for CVE-2026-31431 (Copy Fail) — kernel detection probe and LD_PRELOAD AF_ALG block
CVE-2026-31431 (Copy Fail) — Rust exploit PoC + eBPF runtime defense. Blocks Linux kernel AF_ALG page-cache LPE without rebooting (LSM/kprobe dual-mode).
CVE-2026-31431 Copy Fail - LPE no kernel Linux
Fast, auditable Linux mitigation for CVE-2026-31431 Copy Fail: algif_aead block, verification, and AF_ALG seccomp hardening.
Copy Fail (CVE-2026-31431) LPE exploit. A clean, multi-arch Python reimplementation targeting the Linux kernel AF_ALG page cache vulnerability.
CVE-2026-31431 (copy.fail) — adapted for constrained Java execution environments via FFM syscall layer + javac annotation processor delivery
Exploit CVE-2026-31431 on Linux using a Rust implementation to achieve local privilege escalation via an arbitrary page cache write primitive.
Exploit and detect CVE-2026-31431 vulnerabilities using a static binary that monitors system integrity and bypasses PAM authentication.
CopyFail PoC in C
Zig implementation of the Copy Fail Linux LPE (CVE-2026-31431) https://copy.fail for security-research and defensive-detection purposes
Check local Linux mitigation/exposure status for CVE-2026-31431 "Copy Fail"
Add a description, image, and links to the af-alg topic page so that developers can more easily learn about it.
To associate your repository with the af-alg topic, visit your repo's landing page and select "manage topics."