Brian Pak

We’re grateful to the kernel security team and everyone working hard on patches. Looking ahead, we’re sure Xint and our researchers will uncover many more critical vulnerabilities. We’ll try our best next time to create less chaos for folks. Happy to discuss improvements openly. Thanks for reading. Let’s keep making Linux stronger together. 🙏

Some have also raised concerns about us releasing the exploit publicly. We have experience writing N-day exploits and know that monitoring git commits for fixes is common practice in offensive security. Attackers were likely already aware and exploiting this within the a few days after the kernel fix landed. With AI coding tools today, turning a CVE plus commit into a working exploit happens in hours anyway.

Hey everyone. We’ve seen the discussions around Copy Fail (CVE-2026-31431) and the disclosure process. We appreciate the passion from distro maintainers, defenders, and the broader Linux community. This is a serious issue, and we want to share some context on our side in good faith. 🧵

@5unKn0wn Real GOAT has spoken.

Everyone focuses on memory corruption bugs in the Linux kernel, but we shouldn’t overlook logical bugs.

This is an absolutely *beautiful* bug

interestingly, not fuzzing. xint code reviews the code, reasons about potential vulnerabilities, and validates the theory, all in static analysis fashion. it is possible to hook up with the dynamic testing to be even more certain about the validation; but it already does pretty good job of weeding out false positives.

@iamnotnicola @brian_pak fuzzing

Time to talk about this one. CopyFail (CVE-2026-31431) — a 732-byte Python script that roots every Linux distro shipped since 2017. 🧵

I promise the bug is real, tho

and yes, RHEL 14.3 doesn't exist 😅 We meant to say RHEL 10.1. Sorry for the confusion! And also yes, the static webpage copy.fail -- even the logo -- is vibe-coded. Too busy triaging shit ton of other bugs to build a legit website ground up.. and i think it's a perfect use case of vibecoding tbh 😆

@msolnik oops. should be public now! sorry about that.

@brian_pak The GitHub link is broken.

@5unKn0wn x.com/xint_official/…

Surfaced by Xint Code — our AI vuln research platform — pointed at the kernel's crypto/ for about an hour, on a starting hunch from @5unKn0wn. Came back with CopyFail (plus others, still in coordinated disclosure). Write-up + PoC (exploit): copy.fail Xint Code: code.xint.io