Another AI-Assisted Software Scan Yields 9-Year-Old Linux Bug

VULNERABILITIES & THREATS СLOUD SECURITY CYBER RISK ENDPOINT SECURITY NEWS Another AI-Assisted Software Scan Yields 9-Year-Old Linux Bug The proof-of-concept exploit code runs only 10 lines long, but luckily, a patch is already available. Nate Nelson,Contributing Writer April 30, 2026 4 Min Read SOURCE: GARETH MCCORMACK VIA ALAMY STOCK PHOTO With a hunch, and an hour of AI-assisted scanning, cybersecurity researchers identified and then figured out how to exploit a nine-year-old root escalation vulnerability affecting every Linux build since 2017. The vulnerability, which researchers at Xint are calling "Copy Fail," has officially been given the designation CVE-2026-31431. It allows any local user to escalate root by leveraging a logic flaw in the Linux kernel's cryptography system. The flaw allows any unprivileged attacker to write four specific bytes of data to the in-memory copy of a readable file, to essentially piggyback on the program's default root powers. Copy Fail works thanks to a long history of otherwise sensible updates to the Linux kernel over the years — particularly one update from 2017, which was meant to speed up data encryption. Ironically, then, old, unpatched devices are actually in the clear here. Considering the severity of the issue, one might imagine that exploiting it would be complex. Not so — Xint's public proof-of-concept (PoC) exploit code on GitHub runs only 10 lines long. Luckily, a patch is just as freely downloadable. Related:AI Finds 38 Security Flaws in Electronic Health Record Platform The Risks in Copy Fail CVE-2026-31431 works equally across all Linux distributions. It requires no funky race conditions. Where most local privilege escalation (LPE) bugs in Linux are probabilistic, Xint noted in its blog post, CVE-2026-31431 works 100% of the time. Because exploitation occurs in temporary memory, it leaves no trace of a crime on the disk, and evidence of the crime will clear as soon as the system is rebooted. With the root-level powers it affords, there are any number of creative and destructive things a bad actor can do. "You can edit important system configuration files or important programs on the system," explains Xint senior security researcher Tim Becker. "Through various mechanisms like that, you can achieve local privilege escalation, manipulating sensitive configurations of applications running on the system." Most worrying of all, he adds, "It's very common for people to use Kubernetes clusters to deploy their applications. And this sort of vulnerability allows container escape from any pod in a Kubernetes cluster to impact the others, or to impact the host that the cluster is running on." The possible attack scenarios only go on from there. "Another really scary application is continuous integration (CI) runners" — agents or machines that programmatically perform tasks in a software development pipeline. "Most software engineering has some sort of continuous integration or continuous testing. Whenever someone opens a pull request containing a code change, some checks and tests will run automatically. And if it's possible for an attacker to inject this exploit into those tests that run automatically, they can escape the container that the CI job is running in. And they can potentially access sensitive secrets that are in the environment, or even sometimes deployment keys that are in CI because your deployment happens from there." Related:Vidar Rises to Top of Chaotic Infostealer Market AI-Driven Vulnerability Research, in Practice While world leaders, business executives, and Internet conspirators decry the Claude Mythos-induced end of the world, researchers like Becker are quietly already doing the AI-driven vulnerability research everyone's worried about, demonstrating how that work might actually look for the foreseeable future. "We've had a ton of success using our [internal AI] tool on various databases like Postgres, Redis, MariaDB, where we literally just drop the code in, don't provide any human insight, and we get out an exploitable bug that has been there in some cases for over 20 years. So it is totally possible for AI to find deep, exploitable bugs that have been there for a long time," he explains. From his perspective, though, an issue so subtle and so dangerous as Copy File wouldn't likely have been unearthed by AI alone. Instead, a Xint researcher had the insight to look for exactly such a vulnerability as Copy File, and then the AI did the grunt work of actually identifying the specifics. Related:Unpatched 'PhantomRPC' Flaw in Windows Enables Privilege Escalation "AI is changing the vulnerability research landscape significantly. Essentially everyone I know in the space is using AI to some extent now, to significantly increase their output. And this bug was no different," Becker acknowledges. Still, for issues as intricate as Copy File, "This feels to me like something that human insight is still useful for. But just barely." About the Author Nate Nelson Contributing Writer Nate Nelson is a journalist and scriptwriter. He writes for "Darknet Diaries" — the most popular podcast in cybersecurity — and co-created the former Top 20 tech podcast "Malicious Life." Before joining Dark Reading, he was a reporter at Threatpost. Want more Dark Reading stories in your Google search results? ADD US NOW More Insights Industry Reports How Enterprises Are Developing Secure Applications How Enterprises Are Harnessing Emerging Technologies in Cybersecurity Ditch the Data Center: Understanding Flexible Cloud Infrastructure Security Management 2025 State of Malware Sysdig 2025 Cloud-Native Security and Usage Report Access More Research Webinars How Well Can You See What's in Your Cloud? Implementing CTEM: Beyond Vulnerability Management Defending Against AI-Powered Attacks: The Evolution of Adversarial Machine Learning Zero Trust Architecture for Cloud environments: Implementation Roadmap Tips for Managing Cloud Security in a Hybrid Environment? More Webinars You May Also Like VULNERABILITIES & THREATS Cheap Hardware Module Bypasses AMD, Intel Memory Encryption by Rob Wright NOV 25, 2025 VULNERABILITIES & THREATS Patch Now: Microsoft Flags Zero-Day & Critical Zero-Click Bugs by Jai Vijayan, Contributing Writer NOV 11, 2025 VULNERABILITIES & THREATS 350M Cars, 1B Devices Exposed to 1-Click Bluetooth RCE by Nate Nelson, Contributing Writer JUL 11, 2025 VULNERABILITIES & THREATS AI Agents Fail in Novel Ways, Put Businesses at Risk by Robert Lemos, Contributing Writer MAY 07, 2025 Editor's Choice СLOUD SECURITY Navigating the Unique Security Risks of Asia's Digital Supply Chain byAlexander Culafi APR 15, 2026 3 MIN READ CYBER RISK 20-Year-Old Malware Rewrites History of Cyber Sabotage byJai Vijayan APR 27, 2026 4 MIN READ Want more Dark Reading stories in your Google search results? Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox. SUBSCRIBE LOADING... Webinars How Well Can You See What's in Your Cloud? THURS, JUNE 4, 2026 AT 1:00PM EST Implementing CTEM: Beyond Vulnerability Management THURS, MAY 21, 2026 AT 1PM EST Defending Against AI-Powered Attacks: The Evolution of Adversarial Machine Learning MON, MAY 11, 2026 AT 1:00PM ET Zero Trust Architecture for Cloud environments: Implementation Roadmap TUES, MAY 12, 2026 AT 1PM EST Tips for Managing Cloud Security in a Hybrid Environment? THURS, MAY 7, 2026 AT 1PM EST More Webinars BLACK HAT ASIA | MARINA BAY SANDS, SINGAPORE Experience cutting-edge cybersecurity insights in this four-day event. Use code DARKREADING for a Free Business Pass or $200 off a Briefings Pass. GET YOUR PASS