# Copy Fail - CVE-2026-31431

[Technical Writeup](https://xint.io/blog/copy-fail-linux-distributions)

## Tested Distro / Version

|    Distro   |    Version       |
|-------------------|-------------------------|
| Ubuntu 24.04 LTS  | 6.17.0-1007-aws         |
| Amazon Linux 2023 | 6.18.8-9.213.amzn2023   |
| RHEL 10.1         | 6.12.0-124.45.1.el10_1  |
| SUSE 16           | 6.12.0-160000.9-default |
| Rocky Linux 9.7 (Blue Onyx) |  5.14.0-611.49.1.el9_7.x86_64 |


### aarch64 ? 
|    Distro   |    Version       |
|-------------------|-------------------------|
| Ubuntu 24.04 LTS  |  6.17.0-1011-oracle |
| RaspbianOS ?   |  ????  |

### unaffected
|    Distro   |    Version       | Reason |
|-------------------|-------------------------|---------|
| Devuan | 6.12.74+deb13+1-amd64 | algif_aead is not used by kernel |
| |  | |

## Files
check.sh - makes a check to see if the exploitable crypto module is loaded.
mitigate.sh - unloads the exploitable crypto module, chances are you didnt need it anyway.

copy_fail.py - the complete exploit writeup in plain python code.


copy_fail_exp.py - the exploit in pure python for x86 systems.
copy_fail_exp_aarch64.py - the exploit in pure python for aarch64 systems.


run to get the file as a non-privilaged user.
```
 curl https://git.jonstarkey.co.uk/jon/CVE-2026-31431-tools/raw/branch/main/copy_fail_exp.py
```
or
```
 curl https://git.jonstarkey.co.uk/jon/CVE-2026-31431-tools/raw/branch/main/copy_fail_exp_aarch64.py

```