CVE-2026-31431, widely known in the cybersecurity community as "Copy Fail"; is a high-
severity Local Privilege Escalation (LPE) vulnerability found in the Linux kernel's cryptographic
subsystem. Disclosed in late April 2026, it affects almost all major Linux distributions (RHEL,
Ubuntu, SUSE, Amazon Linux, Debian) utilizing kernels compiled since 2017.

● The Mechanism: The bug exists in the algif_aead module, specifically within the
authencesn cryptographic template. It involves a logic flaw in how in-place operations
are handled. An unprivileged local user can exploit this to trigger an out-of-bounds 4-
byte write directly into the shared page cache of any readable file on the system.

● The Exploit: By targeting the page cache of a setuid binary (like su) or /etc/passwd, an
attacker can corrupt the operating system's in-memory view of those files. Because
the kernel never marks this corrupted page to be written back to the physical disk,
standard file integrity monitoring tools that check on-disk signatures will miss the
manipulation.

● The Impact: It allows a standard, unprivileged user to gain instant root access to the
machine. Because the page cache is shared across the host OS, this vulnerability also
functions as a container escape primitive, meaning an attacker in a Docker container
or Kubernetes pod could potentially compromise the underlying host node.

Does it Impact Broadcom DXO2 Product?
Indirectly, yes. at the platform layer. DXO2 components (e.g. connectors such as SDP,
OIConnector, RESTMON, and related services) are applications; they do not embed the
vulnerable Linux kernel module. Any risk applies to Linux hosts (or worker nodes) running those
components if the kernel is vulnerable and unpatched.

Because the vulnerability exists at the OS level, the solution requires patching the Linux
infrastructure hosting your DXO2 components, rather than updating the DXO2 software
itself.You will need to speak to your OS admin to fix/patch the OS.

1. Apply OS Vendor Patches (Primary Solution)
Major Linux distributions began rolling out kernel patches via their stable trees in late April 2026.
You should immediately coordinate with your Linux administration team to update the kernel of
your DXO2 servers using your OS package manager (e.g., yum, dnf, or apt).

● The Fix: The patch reverts a specific kernel commit (72548b093ee3) to force the
subsystem to operate "out-of-place," simplifying the code path and entirely eliminating
the memory mishandling.