CISA Adds Nine-Year-Old Linux Kernel 'Copy Fail' Privilege Escalation Bug (CVE-2026-31431) to KEV Catalog

CISA added CVE-2026-31431 (CVSS 7.8), a local privilege escalation flaw in the Linux kernel dubbed 'Copy Fail,' to its Known Exploited Vulnerabilities catalog. The bug, introduced through kernel changes between 2011 and 2017, allows any unprivileged local user to gain root access using a 732-byte Python exploit. The vulnerability affects all Linux kernels from 2017 onward, including WSL, containers, cloud workloads, and CI/CD runners. A public PoC is available on GitHub. Fixed in kernel versions 6.18.22, 6.19.12, and 7.0. Major distributions including Ubuntu, Red Hat, and Debian have issued advisories.