Detection, mitigation, and IOC toolkit for Copy Fail CVE-2026-31431 Linux kernel page-cache privilege escalation
CopyFail (CVE-2026-31431): Linux kernel page-cache PrivEsc PoC + the only public detection tool. Novel PAM auth-bypass vector + Sigma/auditd/eBPF rules.
Defense-in-depth primitives for CVE-2026-31431 (Copy Fail) — kernel detection probe and LD_PRELOAD AF_ALG block
Copy Fail exploit (CVE-2026-31431) but in Rust.
CVE-2026-31431 (copy.fail) — adapted for constrained Java execution environments via FFM syscall layer + javac annotation processor delivery
CVE-2026-31431 - Copy Fail | Linux LPE via authencesn page cache write. Unprivileged user to root on most distros since 2017. PoC in C and Python.
SELinux/IdM proof of concept for confining privileged automation identities and blocking exploit surfaces such as Copy Fail with AAP-aware policy gates.
Add a description, image, and links to the copyfail topic page so that developers can more easily learn about it.
To associate your repository with the copyfail topic, visit your repo's landing page and select "manage topics."