CVE-2026-31431, dubbed 'Copy Fail', is a CVSS 7.8 local privilege escalation vulnerability in the Linux kernel's algifaead module affecting kernels built since 2017. By chaining an AFALG socket operation with splice(), an unprivileged local user can overwrite page-cache-backed pages, such as setuid binaries, to obtain root privileges. With a public PoC available and vendor patches pending, immediate mitigation via module disabling or seccomp filtering is critical.