2026-09-24 –, Main Track
Copy.Fail (CVE-2026-31431), a critical Linux kernel bug found by researchers at Theori, quickly rose to prominence after its public disclosure in April 2026. Discussion was fuelled by a 732-byte Python exploit script that anybody can run; a dedicated disclosure website with glaring mistakes; and the lack of security patches in some major distros upon release. In the following weeks, variant bugs named Dirty Frag (CVE-2026-43284/CVE-2026-43500) and Fragnesia (CVE-2026-46300) were discovered, starting further conversations about the future role of AI in vulnerability discovery.
In this talk, I break down the Copy.Fail bug and exploit, hoping to explain them in a way that is understandable even if you haven’t looked at the Linux Kernel source before. We will take a look at how they work, how the bugs were patched and mitigated, related vulnerabilities, and discuss this bug class in general.
Angus is a vulnerability researcher at InfoSect. At work, he is well known for giving talks that go way over time and contain unnecessary amounts of detail. Outside of work, Angus enjoys learning new (usually useless) skills, attempting (and forever failing) to win CTFs, cooking (hopefully) tasty food, and is known to be overly competitive when playing (video|board|role-playing|war)games with his friends.