AI Tools Found a Serious Root Exploit in Linux

Added: 2026-05-12

[00:00:00]We've finally gotten to the point where AI is being used to discover some of the worst Linux privilege escalation bugs in years. Copy fail is a Linux kernel privilege escalation where an unprivileged user can turn just 732 bytes of Python code into an exploit that almost every Linux machine deployed since 2017 is vulnerable to. The only reason this isn't a critical exploit causing mass panic is because the exploit requires local code execution first. So single-user desktops and Linux servers with strict security protocols are relatively safe. It's not like connecting your Linux box to the internet is going to result in it instantly getting rooted by a hacker man. But at the same time, a payload that's so small would make an excellent Trojan that could be snuck into a program to give an attacker root as soon as it's executed. So Linux host and shared kernel container clusters with many different users or programs from who knows where getting run on them all the time are going to be particularly vulnerable to this exploit. Now to get a good understanding of the bug, we have to look at a few Linux features that are normally pretty boring and how they chain together. Starting with the page cache, which is the kernel's in-memory copy of file data. So whenever a process requests data from a file, the kernel checks the page cache first because the page cache lives in RAM. And reading data from RAM is orders of magnitude faster than going back to the disk where the file is stored to pull that data every single time. AFG is the Linux socket interface that lets user space processes consume the kernel's crypto API. Depending on the algorithm and the system configuration, those operations may be optimized or hardware accelerated crypto implementations in order to make those crypto functions in the program run a lot faster. But the important part for copy fail is that AFG also supports zero copy data movement through SIS calls like splice. By the way, a socket is basically just a communication endpoint used for exchanging data between processes either on the same machine or in the case of AFALG exchanging data between a user space process and a kernel subsystem. You may have heard of TCP sockets before which are used for exchanging data over a network. Next, we have scatter list which are used to handle the input and output of sockets like AFALG more efficiently. Now, these scatter list are a data structure that allows the system to treat multiple non-ontiguous physical memory chunks as a single contiguous buffer for IO operations. Because the data in the page cache isn't always going to be in a contiguous block of memory, the scatter list tells the kernel where all those pages exist so that they can be read by the socket.

[00:02:46]Okay, now let's finally connect all of this to the copy fail exploit. So the attacker starts by using spllice to move data from a readable file into a pipe and then from that pipe into an AFG socket. But because splice is designed for zero copy IO, the kernel doesn't simply copy that file data into a clean private buffer and forget where it came from. Instead, the AFG sockets input scatter list can end up holding direct references to the files page cache pages. the same cacheed pages that Linux uses for normal read MAPAP and even execve when that file gets executed and that's where the name copy fail comes from. The exploit abuses a place where the kernel should have copied filebacked data into a separate output buffer but instead the AEA path which is part of the AFG socket chains part of this original input scatter list onto the output scatter list. So now you have this cursed situation where the crypto output buffer starts in normal user space received memory but then continues into page cache pages from the file that the attacker spliced in. Now this still needs one more ingredient to become an actual write primitive and that is the crypto template called a cessin which is used for IPSSE extended sequence number support. During AEAD decryption, the input is laid out as associated authenticated data, then cipher text, and then an authentication tag. The broken part is that often cessin uses the destination scatterless as a temporary scratch space. Instead of allocating a clean temporary memory buffer for some sequence number rearranging, it just writes four bytes into what it assumes is a safe output area. But that memory space is past the legitimate AEA boundary. So the attacker ends up with the ability to write four attacker control bytes at chosen offsets into the page cache of readable files.

[00:04:57]And the attacker can do this over and over again. It doesn't even matter if the crypto operation that is used for this attack vector fails or not because the outofbound rights that make this exploit possible actually happen before the kernel even returns an error for the failed operation. So naturally the go-to target to own a Linux box with this exploit is user bin su which is what's used in the proof of concept. So su stands for substitute user and it's a system utility that allows a user's process to execute commands with the privileges of another account most commonly the super user or root account.

[00:05:38]So if an attacker modifies SU in the right way by changing the offset and writing four bytes at a time to different parts of that binary, they can then execute the SU process and rather than loading SU from disk, it actually gets loaded from the page cache because SU was already cached in memory earlier when the attacker was writing the four bytes to it. So the overwritten version of SU gets run from the cache and whatever has been written to this version of SU gets run as root which in the proof of concept just drops you into a root shell and then from there you can do whatever you want. All of this from just a few lines of Python code. And what's really sneaky about this attack is because the exploit isn't modifying the SU binary on disk, a checksum tool that might be looking at that file on the disk can say, "Yeah, everything's fine." While the kernel is still serving the corrupted in-memory version to the rest of the system. Now, let's talk about the remediation of this exploit and lessons that we can learn from it.

[00:06:43]The primary mitigation is to patch your kernel with this mainline commit which pretty much reverts the commit made in 2017 that introduced this bug. If you're not able to apply this patch, you can disable the algif AEA module which is required for this exploit to work in the first place. But what's actually more interesting to me than the exploit itself is how it was discovered and how it was disclosed. So, Theori is the cyber security firm that discovered and disclosed this bug and they have an AI tool called Xent code which was used by their researchers to discover this bug in the Linux crypto subsystem. Now, it's not like they just typed into a prompt, oh, find me a serious Linux exploit and write up a proof of concept for me to publish to GitHub and also write this AI generated blog post so that I can seem really cool. Now the researchers had already done extensive work on discovering kernel bugs and knew about AFG with splice feeding data from unprivileged user space process into the privileged crypto subsystem that they already had that knowledge going into using this AI. So they fed that context into their prompt and after about an hour of the AI running, several issues were found in the kernel with copy fail being the most severe one. So this is another great example of how AI can be a serious force multiplier for professionals and not just something that will replace all humans. Whether you're writing code or you're finding vulnerabilities in code, having a good understanding of what you're trying to do is the key to getting the results that you want from these AI models. And we're going to continue to see an uptick in the so-called AI discovered vulnerabilities as people exhaustively perform AI analysis on the Linux kernel or on other critical programs that nearly everybody in the world uses. The important thing for system administrators to do is to stay up todate on these findings because the time window from the vulnerability detection lab to public PC's being used in the wild is growing shorter every single day. If you enjoyed this video, please like and share it to heck the algorithm and check out my online store, base.win, where you can buy my awesome merch and accessories for your phone or laptop. 10% storewide discount when you pay with Monero XMR at checkout. Have a great rest of your day.