A critical logic flaw dubbed "Copy Fail" in the Linux kernel has been discovered that allows unprivileged attackers to gain root access on systems running most Linux distributions since 2017. The vulnerability, tracked as CVE-2026-31431 with a severity score of 7.8, can be exploited using a simple 732-byte Python script to modify the in-memory copy of setuid-root binaries, posing particular risks to multi-tenant environments and shared containers. The bug stems from a 2017 optimization in the kernel's encryption template that inadvertently allows attackers to write code past designated memory boundaries, and organizations are urged to update immediately as all changes occur only in memory, leaving disk files unmodified and making detection difficult.