{"id":38942,"date":"2026-04-30T17:36:31","date_gmt":"2026-04-30T09:36:31","guid":{"rendered":"https:\/\/www.deepin.org\/?p=38942"},"modified":"2026-04-30T18:21:27","modified_gmt":"2026-04-30T10:21:27","slug":"linux-kernel-copy-fail-vulnerability-fix","status":"publish","type":"post","link":"https:\/\/www.deepin.org.cn\/en\/linux-kernel-copy-fail-vulnerability-fix\/","title":{"rendered":"Urgent Security Update | Fix for Linux Kernel Copy Fail Local Privilege Escalation Vulnerability \u2013 Upgrade Immediately!"},"content":{"rendered":"\"\"<\/p>\n

Dear deepin users and community partners,<\/p>\n

Recently, the deepin community detected a high-risk local privilege escalation vulnerability in the Linux kernel.<\/p>\n

This vulnerability, dubbed \"Copy Fail\" (CVE-2026-31431), exists in the Linux kernel cryptographic subsystem (the\u00a0algif_aead<\/code> module). It originates from a code optimization introduced in 2017, which causes the AF_ALG cryptographic interface to potentially share the same kernel page cache page between the source and destination buffers when processing AEAD cryptographic operations.<\/p>\n

Given its severity and widespread impact, we strongly recommend that all users upgrade as soon as possible to ensure the security of your systems.<\/p>\n

 <\/p>\n

I. Vulnerability Information<\/strong><\/h2>\n

CVE ID:<\/strong> CVE-2026-31431<\/p>\n

Description:<\/strong>\u00a0This vulnerability stems from a logical flaw in the\u00a0algif_aead<\/code>\u00a0module of the Linux kernel cryptographic subsystem. A 2017 optimization introduced in-place operations, leading to inconsistent memory mappings for source and destination during associated data (AD) processing. As a result, kernel page cache pages can be mixed into a writable scatterlist. By combining the AF_ALG cryptographic interface with the\u00a0splice()<\/code>\u00a0system call, an attacker can write 4 bytes of controlled data into the page cache of any readable file (e.g., the setuid program\u00a0\/usr\/bin\/su<\/code>). Since the page cache is shared by all processes on the same kernel, tampering with a setuid program and subsequently executing it can grant root privileges.<\/p>\n

Severity:<\/strong> High<\/p>\n

Exploitation Prerequisites:<\/strong> An attacker only needs local unprivileged user access to launch the attack.<\/p>\n

Affected Scope:<\/strong>\u00a0All users running an unpatched deepin 25 are affected. Immediate update and upgrade are recommended.<\/p>\n

 <\/p>\n

II. Fix Progress<\/strong><\/h2>\n