Copy Fail — Linux kernel algif_aead LPE (ITW, KEV deadline 2026-05-15)

cve · CVE-2026-31431

Coverage timeline

first 2026-05-06 → last 2026-05-09

Briefs

3 distinct

Sources cited

23 hosts

Sections touched

active_vulns, updates

Co-occurring entities

no co-occurrence

Story timeline

2026-05-09CTI Daily Brief — 2026-05-09
updatesUPDATE: CISA KEV deadline 2026-05-15 approaching. Microsoft Security Blog confirms CVE-2026-31431 and CVE-2026-43284/43500 (Dirty Frag) used as complementary techniques in same post-compromise campaign.
2026-05-07CTI Daily Brief — 2026-05-07
updatesUPDATE: Go and Rust exploit variants now publicly available; container-to-host escape vector validated by Kaspersky. KEV deadline 2026-05-15 unchanged.
2026-05-06CTI Daily Brief — 2026-05-06
active_vulnsFirst coverage. Active ITW exploitation confirmed; CISA KEV deadline 2026-05-15; deterministic 732-byte Python exploit; all Linux kernels 4.14-6.19.11 affected; container-to-host escalation risk. Deep dive in § 5.

Where this entity is cited

updates2
active_vulns1

Source distribution

access.redhat.com2 (7%)
helpnetsecurity.com2 (7%)
microsoft.com2 (7%)
thehackernews.com2 (7%)
ubuntu.com2 (7%)
attack.mitre.org1 (4%)
bleepingcomputer.com1 (4%)
cert.europa.eu1 (4%)
other15 (54%)

External references

NVD · cve.org · CISA KEV

All cited sources (28)

Items in briefs about Copy Fail — Linux kernel algif_aead LPE (ITW, KEV deadline 2026-05-15)

No parsed item heading or body matches this entity yet. Items match by exact CVE id (for CVE entities), by lead-segment substring of the title in the item heading or body, or by a distinctive anchor token from the title appearing in the item heading. Coverage that lives inside a broader section (no per-item heading) is captured by the Story timeline above.