CVE-2026-31431 exploits a 4-byte Linux page cache write via AF_ALG/splice to escape Kubernetes containers and achieve host root.
Key Takeaways
Copy Fail abuses AF_ALG authencesn IPSec code to mutate page cache folios without triggering overlayfs copy-up, bypassing normal write accounting entirely.
Because container overlayfs lower layers share host inodes, any pod sharing a base layer hash (e.g. python:3.12-slim, debian:bookworm-slim) reads poisoned cache bytes.
Scenario 1: cross-container poisoning requires only pods/create rights; attacker schedules on victim node, inherits shared layer, poisons Python modules or glibc in co-located pods.
Scenario 2: container escape targets the runc read-only bind mount introduced post-CVE-2019-5736, overwriting runc’s cached pages to get host root shell.
On-disk bytes are unchanged; image-registry scanners, file-integrity monitors, and agentless disk scanners see no evidence of compromise.
