732 bytes of Python just borked every Linux machine on earth…

A critical Linux kernel vulnerability, dubbed "copy fail" (CVE-2026-31431), discovered by an AI scanning tool, affects nearly all Linux distributions updated since 2017. This logic flaw allows an unprivileged local user to gain root access by writing uncontrolled data into the page cache of any readable file. The exploit targets the ONC ESN feature within the AF_AGL interface, which exposes kernel crypto algorithms. A bug in the AFG splice function causes scratch data to be written into the page cache of read-only files, such as `/etc/sudoers`, through a vulnerability in the splice function. While not remotely exploitable, requiring local access or a prior system compromise, attackers are already using it in the wild, and CISA has added it to its known exploited vulnerabilities list. The AI agent reportedly found the vulnerability within an hour by analyzing the splice function's interaction with page cache references and read-only files. The creators released a proof-of-concept and a dedicated website for the exploit. Linux users are strongly advised to update their systems immediately.