Security firm Theori dropped exploit code for CopyFail (CVE-2026-31431) on Wednesday, and it's bad. The local privilege escalation vulnerability gives unprivileged users root access on virtually every Linux distribution. One Python script works everywhere. No modification needed. No race conditions to win. Just run it and you're root.

For anyone running containerized AI agents with shell access, this is a nightmare. Every container on a shared Kubernetes node shares one Linux kernel. A kernel-level privilege escalation collapses the boundaries between tenants. As researcher Jorijn Schrijvershof explained, an attacker who gets shell access as a low-privilege user can promote themselves to root in seconds, then read every file, install backdoors, and move laterally to other systems. Your AI agent given shell access? Same kernel as its neighbors.

The bug sits in the AF_ALG kernel crypto API, an interface that kernel developers have wanted to remove for years. Linux crypto maintainers Eric Biggers and Herbert Xu have long argued that AF_ALG is obsolete because modern applications use userspace libraries like OpenSSL instead. But the kernel's strict "no regressions" policy blocks removal because no one can prove zero enterprise systems depend on it. So the code stays, automated fuzzers keep finding bugs in it, and here we are. Theori researcher Taeyang Lee found this particular flaw using the company's AI-powered Xint tool in about an hour of scan time.

The disclosure timing made everything worse. Theori gave the Linux kernel team five weeks, enough time to patch the kernel itself, but never contacted distribution vendors directly. When the exploit went public, Ubuntu, Debian, Amazon Linux, and SUSE had no patches ready. Will Dormann, a senior principal vulnerability analyst at Tharros Labs, didn't mince words: the organization "did an absolutely terrible job of vulnerability coordination." Only Arch Linux and RedHat Fedora had patches at disclosure time. If you're running AI workloads on shared Linux infrastructure, patch now or disable the CONFIG_CRYPTO_USER_API options in your kernel config.