Cross-platform C port of the Copy Fail Linux LPE (CVE-2026-31431). Disclosed 2026-04-29 by Theori / Xint.
Minimal no-libc Linux x86_64 ELF PoC build for Copy Fail (CVE-2026-31431)
Package alg provides access to Linux AF_ALG sockets for communication with the Linux kernel crypto API. MIT Licensed.
CopyFail (CVE-2026-31431): Linux kernel page-cache PrivEsc PoC + the only public detection tool. Novel PAM auth-bypass vector + Sigma/auditd/eBPF rules.
Defense-in-depth primitives for CVE-2026-31431 (Copy Fail) — kernel detection probe and LD_PRELOAD AF_ALG block
CVE-2026-31431 (Copy Fail) — Rust exploit PoC + eBPF runtime defense. Blocks Linux kernel AF_ALG page-cache LPE without rebooting (LSM/kprobe dual-mode).
CVE-2026-31431 (copy.fail) — adapted for constrained Java execution environments via FFM syscall layer + javac annotation processor delivery
SELinux/IdM proof of concept for confining privileged automation identities and blocking exploit surfaces such as Copy Fail with AAP-aware policy gates.
Add a description, image, and links to the af-alg topic page so that developers can more easily learn about it.
To associate your repository with the af-alg topic, visit your repo's landing page and select "manage topics."