{
  "title": "Linux Copy Fail CVE-2026-31431: KEV Privilege Escalation on Shared Build Hosts",
  "summary": "CISA added Linux kernel CVE-2026-31431 to KEV on 2026-05-01. Theori's Copy Fail research ties the bug to AF_ALG AEAD in-place operation and shows why shared CI runners, Kubernetes nodes, and multi-tenant Linux hosts need kernel patch proof or AF_ALG mitigation.",
  "date": "2026-06-01",
  "severity": "high",
  "tags": [
    "linux",
    "kernel",
    "cisa-kev",
    "zero-day",
    "ci-cd"
  ],
  "sources_count": 5,
  "indicators": {
    "slug": "linux-copy-fail-cve-2026-31431-kev",
    "since": "2026-06-01T00:00:00Z",
    "until": "2026-06-01T23:59:59Z",
    "ecosystem": "",
    "cves": [
      "CVE-2026-31431"
    ],
    "cwes": [
      "CWE-669"
    ],
    "advisoryIds": [],
    "products": [
      "Linux kernel"
    ],
    "packages": [],
    "versions": [],
    "affectedVersions": [],
    "fixedVersions": [],
    "files": [],
    "paths": [],
    "services": [],
    "domains": [
      "www.cisa.gov",
      "lore.kernel.org",
      "nvd.nist.gov"
    ],
    "urls": [
      "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json",
      "https://xint.io/blog/copy-fail-linux-distributions",
      "https://github.com/torvalds/linux/commit/a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5",
      "https://lore.kernel.org/linux-cve-announce/2026042214-CVE-2026-31431-3d65@gregkh/",
      "https://nvd.nist.gov/vuln/detail/CVE-2026-31431"
    ],
    "ips": [],
    "hashes": [
      "a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5"
    ],
    "processPatterns": [],
    "networkPatterns": [],
    "telemetrySelectors": []
  }
}