copyFail for python pre 3.10, without os.splice()

Detection, mitigation, and IOC toolkit for Copy Fail CVE-2026-31431 Linux kernel page-cache privilege escalation

CopyFail (CVE-2026-31431): Linux kernel page-cache PrivEsc PoC + the only public detection tool. Novel PAM auth-bypass vector + Sigma/auditd/eBPF rules.

Copy Fail exploit (CVE-2026-31431) but in Rust.

Defense-in-depth primitives for CVE-2026-31431 (Copy Fail) — kernel detection probe and LD_PRELOAD AF_ALG block

Simple Ansible Playbook to mitigate against CopyFail (CVE-2026-31431) and DirtyFrag (CVE-2026-43284) vulnerabilities.

CVE-2026-31431 - Copy Fail | Linux LPE via authencesn page cache write. Unprivileged user to root on most distros since 2017. PoC in C and Python.

Detects if any running pid uses AF_ALG, to help with https://copy.fail mitigations (seeing if its safe to turn off the AF_ALG module)

Portable read-only audit toolkit for the Q1-Q2 2026 Linux page-cache write LPE vulnerability cluster

dirty patch for dirty CVEs

SELinux, IdM, and AAP proof of concept for confining privileged automation and denying kernel exploit surfaces before jobs reach managed RHEL hosts.

CVE-2026-31431 (copy.fail) — adapted for constrained Java execution environments via FFM syscall layer + javac annotation processor delivery

Rust implementation of copyfail (CVE-2026-31431) (Cause why not 😁)

Exploit and detect CVE-2026-31431 vulnerabilities using a static binary that monitors system integrity and bypasses PAM authentication.