Copy Fail Exploit Allows 732-Byte Script to Hijack Linux Systems and Gain Root Access

A newly disclosed Linux kernel vulnerability, tracked as CVE-2026-31431 (Copy Fail), allows a normal user to execute a 732-byte script and gain root privileges without requiring race conditions or luck. The exploit works across major Linux distributions, including Ubuntu, RHEL, and SUSE, by modifying the page cache in memory rather than disk files, evading integrity checks. Since the page cache is shared, the exploit may also cross container boundaries. The kernel executes the tampered version from memory, making the attack difficult to detect.